| |
Shooters in Metro Ambush That Left Five Dead Spoke of White Supremacy and a Desire to Kill Police
Las Vegas Review Journal (06/09/14)
A CiCi's Pizza restaurant and a Wal-Mart in Las Vegas were the scene of what seems to have been a politically-motivated shooting that left five people, including city police officers, dead. The shooting began when the two police officers who were killed were having lunch at the CiCi's Pizza restaurant. One of the two shooters reportedly yelled "This is the start of a revolution" before shooting one of the officers in the back of the head, killing him instantly. However, police have not confirmed that the shooter made that comment. The other officer drew his weapon, prompting the shooter to fire at him several times. That officer later died at the hospital. The shooter and her accomplice, who is believed to be her husband, then covered both officers with something that featured the Gadsden flag. The flag, which includes an image of a coiled rattlesnake and the words "Don't Tread on Me," has been adopted as a symbol of the Tea Party movement over the last several years. The two shooters then walked into a Wal-Mart across the street from the restaurant, ordered everyone out of the building, and began shooting. One woman was killed there before the female shooter shot her accomplice and then shot and killed herself. The male shooter also shot and killed himself. One of the shooters' neighbors say they had talked about shooting police officers and that they espoused militant views. The shooters may have also had links to white supremacists.
Reducing Security Threats Posed by Contract Workers
Security InfoWatch (06/09/14) Jain, Ajay
The use of third-party contractors can provide cost-savings for businesses but also comes with certain security risks, writes Quantum Secure President and CEO Ajay Jain. For example, contractors can breach physical security measures and compromise other elements of security programs. The risks posed by a third-party contractor may not even be intentional or malicious, but the lack of familiarity these individuals have with the facility's security polices and the organization's lack of control over their actions can accidentally increase the facility's risk level, Jain says. Unintentional threats can include propping open a door that is supposed to remain secure or unplugging a device critical to security. On the other hand, intentional breaches could become disastrous, and organizations could be faced with any number of scenarios ranging from theft and vandalism to property loss and fraud. Jain notes that these risks can be mitigated though the use of locked or access control managed doors that restrict access to specific areas, such as those that contain financial systems, server rooms, and research and development labs. In addition, Jain says that thorough background checks should be performed on contractors, who should be trained in the organization's security policies before being granted physical access to the facility. Jain points out that the use of strong identity management, such as an enterprise-based physical identity and access management (PIAM) solution, is also vital. Finally, Jain notes that organizations need to ensure that contractors' access is revoked immediately when their contract ends.
'Holistic Approach' Needed to Fight ORC
Security Director News (06/09/14) Canfield, Amy
Capt. Bill Williams, the commanding officer of the Los Angeles Police Department's Commercial Crimes Division, notes that there is no magic bullet for fighting organized retail crime (ORC), which costs U.S. retailers a minimum of $30 billion a year. Simply arresting those involved in ORC will not adequately address the problem, Williams said, adding that a "holistic approach" approach is needed that includes educating retailers and prosecutors, implementing targeted ORC laws, and the use of purposeful store design and technology to minimize or prevent theft. Williams also feels that the organization he helped found, the Los Angeles Anti-Organized Retail Crime Association, plays an important role in combating ORC as it offers its members a real-time reporting system and a number of opportunities for collaboration. Williams noted that sharing best practices and information makes it easier for law enforcement, legislators, retailers, and prosecutors to take action against ORC.
Using Security Convergence to Enable the Enterprise
Security (06/14) Liscouski, Robert
Axio Global CEO Bob Liscouski and Viscount Systems COO Dennis Raefield say that physical security departments should use existing IT networks and systems for access control functions, rather than standalone machines located near doors. The authors note that there are a variety of advantages to their approach, including significant cost reduction. Liscouski and Raefield say that using existing IT systems and a small simple interface to translate Wiegand readers, door contacts, and electric strikes into Internet Protocol (IP) signals is cheaper than using microcomputers connected to access control panels to decide whether or not to grant entry to an individual. These savings can then be invested in other physical security measures. In addition, allowing the IT department to focus on running the computer systems used for access control allows physical security personnel to focus more on deciding who should be allowed into the organization's premises and responding to unauthorized individuals, Liscouski and Raefield say. IT departments, meanwhile, will no longer have to worry about any cybersecurity vulnerabilities in microcomputers used for access control. Finally, Liscouski and Raefield say that using existing IT infrastructure provides redundancy and backup for access control systems in the event of an equipment failure.
Monitoring Operations from a Distance for Safer Operations
Security Magazine (06/14) Meyer, Claire
In addition to using executive briefings and powerpoint presentations to communicate use savings and earn buy-in from other departments, security professionals should inform other department leaders about plans to introduce a new surveillance system and what that system's capabilities entails. Matt Bodi, IT Manager at Taminco USA, says that doing so will help ensure that the installer takes the needs of other departments into account during the installation process. When upgrading the security infrastructure at three factories, Bodi added a Milestone open-platform video management system to unite the various technologies. This enabled the company to embrace IP as it was possible to leverage existing IT networks to streamline security. Once implementation was completed, other departments began to leverage the investment to improve productivity and ensure safety, as the system allowed supervisors to monitor and investigate potential problems with the camera footage.
US Considers Options as Militants Push Closer to Baghdad
Fox News (06/13/14)
Fighters from the al-Qaida-inspired militant group the Islamic State of Iraq and the Levant (ISIS) remained on the march through Iraq on Friday, apparently moving toward Baghdad as they have vowed to do. The militants have moved into Diyala province, located northeast of the Iraqi capital, and took control of the towns of Jalula and Sadiyah. Iraqi soldiers reportedly offered no resistance. The capture of the two towns in Diyala province comes after ISIS militants took control over a number of cities in northern Iraq, including Mosul, earlier this week. Two weapons depots used to store AK-47s, rockets, rocket-propelled grenades, and other items have also fallen into the hands of the militants. The militants have also reportedly been able to obtain surface-to-air missiles, which would allow them to threaten the planes that are being used to evacuate some of the several thousand Americans who remain in Iraq. Three planeloads of Americans, mostly contractors and civilians, are in the process of being evacuated from Balad. Meanwhile, the Obama administration is considering conducting air strikes and stepping up surveillance in response to the advance of ISIS militants but is not considering sending in American ground troops.
Senators Press Obama Administration to Clarify Surveillance Reform Legislation
Washington Post (DC) (06/12/14) Nakashima, Ellen
Several members of the Senate Intelligence Committee on Thursday called on the Obama administration to clarify language used in the USA Freedom Act, which was passed by the House last month in an effort to overhaul the National Security Agency's surveillance programs. At issue is the bill's requirement that the government focus its data collection efforts on a "specific selection term," which is defined as being "a discrete term, such as a term specifically identifying a person, entity, account, address, or device, used by the government to limit the scope of the information or tangible things sought." Critics such as Sen. Mark Udall (D-Colo.) say that this provision will still allow the government to collect data on a broad scale. Deputy Attorney General James Cole said that the use of such terms will not allow the government to collect an excessive amount of data. The hearing also focused on whether the USA Freedom Act would continue to allow the NSA to have some flexibility in obtaining information needed to identify terrorist plots, as well as whether the bill would be effective in protecting the privacy of Americans. Some committee members believe that the bill would hurt NSA's ability to carry out its mission, while others say that it does not contain sufficient safeguards for civil liberties.
Teen Kills Student, Self at Oregon High School
Associated Press (06/11/14) Duara, Nigel; Cooper, Jonathan
Two people were killed and one was injured in a school shooting in Troutdale, Ore., on Tuesday. The incident at Reynolds High School began shortly before 8 a.m., when several shots were fired by a teenage boy armed with a rifle. Despite the reports of gunshots, there was initial confusion as to whether there was actually an active shooter at the school. Nevertheless, two on-campus police officers responded to the incident, followed by a tactical team from a local police department. Meanwhile, a teacher began the school's lockdown procedure, which calls for students to remain in their classrooms. The teacher who implemented the lockdown was injured in the shooting and treated at the scene. The gunman at some point encountered 14-year-old Emilio Hoffman, a student at the school, and shot and killed him. After the shooting ended, the gunman was seen slumped on a toilet in a bathroom. Unable to determine if the shooter was still a threat, police sent in a robot equipped with a camera and determined that he was dead. He is believed to have killed himself. Students were eventually evacuated from the school and returned to their parents at a local supermarket.
Vegas Police Killer Decried Government on YouTube Videos
Associated Press (06/10/14)
Authorities have uncovered new evidence of the anti-government and anti-police beliefs held by the two individuals who allegedly shot and killed two police officers and a civilian in Las Vegas on Sunday. Police say that the male suspect, Jerad Miller, posted several videos in YouTube in which he called law enforcement officers and government officials "criminals" and said that they could not be trusted. Investigators are examining these videos, as well as social media posts Miller made, as they try to determine the motive behind the shootings. Police also say that Miller and his wife, who also allegedly took part in the shooting, held views that were similar those held by members of anti-government militias and white supremacists. After shooting the officers, who are believed to have been chosen at random, the Millers left a swastika and a "Don't Tread on Me" flag on the body of one of the policemen. That flag has become a popular symbol for anti-government groups. Authorities believe that the shootings were isolated acts rather than part of some broader conspiracy against law enforcement. However, sheriff's deputies in the Las Vegas area will be paired together for additional safety.
Officials Predicted Detainees in Bowe Bergdahl Swap Would Rejoin Taliban
Wall Street Journal (06/10/14) Barnes, Julian E.; Gorman, Siobhan
A classified intelligence assessment indicates that American intelligence officials believed that some of the five Afghan Taliban detainees who were released in exchange for Army Sgt. Bowe Bergdahl would once again assume senior leadership positions within the group after being freed. Two of the men were believed to be likely to return to active, senior positions within the militant group, the assessment noted, while two others were likely to take other active roles in the Taliban. Only one of the detainees was considered to be likely to end his active participation in the Taliban's efforts against the Afghan government. Some administration officials say that the White House went ahead with the transfer in spite of the findings mainly because it wanted to see Bergdahl released, as his life was believed to have been in danger. Officials at the Pentagon and elsewhere also say that the decision to move ahead with the transfer was made because the agreement that was reached with Qatar to take the detainees provided them with a number of assurances that any threat from the released militants would be reduced or possibly eliminated, including the fact that the detainees would be enrolled in a "re-education program" designed to pull them away from militancy. However, House Speaker John Boehner (R-Ohio) says that the administration negotiated with terrorists to forge the deal and has thus put American lives at risk.
Who Needs Heartbleed When Many Dot-Govs Don't Even Encrypt Communications?
NextGov.com (06/11/14) Sternstein, Aliya
New research by the Online Trust Alliance has found that federal government websites generally underperform those of the private sector in terms of security and server configuration. A study of 50 high-traffic, consumer-oriented federal sites found that they generally scored 10 percent lower than online banking and social media sites on evaluations of site security and server configuration. More than a quarter were not properly configured to prevent intruders from intercepting data. The average performance of government sites was dragged down by almost half that scored badly and 20 percent that did not appear to have an SSL connection. Many of the agencies studied also failed to properly protect their agency email from spoofing, with only two-thirds using email authentication compared to 100 percent of e-commerce sites and 96 percent of social media sites. However, the agencies did outperform the private sector in converting sites to Domain Name System Security Extension (DNSSEC) configuration to thwart man-in-the-middle attacks. Over 90 percent of federal sites used DNSSEC, compared to fewer than 5 percent of private sector sites. This is the result of a 2008 mandate that dot-gov websites convert to DNSSEC by December 2009.
Food Chain, P.F. Chang's, Investigates Possible Card Breach
IDG News Service (06/10/14) Kirk, Jeremy
P.F. Chang's China Bistro says it is investigating a possible credit card breach following reports of a large batch of stolen card numbers for sale on a black market forum. The sellers claim all the card numbers are still valid, which means the information is fresh and the banks have not canceled the accounts, says consultant Alex Holden. He notes the breach, which appears to have begun in March and continued through early May, most likely stemmed from an attack on point-of-sale systems. Holden says the card details suspected to be from P.F. Chang's are posted for sale on the notorious Rescator carding website, which is known for selling stolen data to fraudsters. He says it seems the data's sellers did not do a good job of shuffling the card numbers, as issuing a large batch of numbers from a single merchant enables banks to more closely zero in on the point of the breach. The price of card details is often determined by the card's potential spending limit, with criminals hoping to exploit the card before banks cancel it or the holder spots unauthorized charges.
Zeus Alternative 'Pandemiya' Emerges in Cybercrime Underworld
Security Week (06/10/14) Rashid, Fahmida
RSA's Fraud Action team has identified a new banking Trojan, Pandemiya, that is currently being sold on the criminal underground. Pandemiya offers a suite of features and capabilities similar to the Zeus banking Trojan, but unlike other popular Trojans such as Citadel/Ice IX and Carberp that are based on Zeus' source code, Pandemiya appears to be original. The Trojan offers core features for infecting machines, intercepting banking credentials, and encrypting communications, as well as a modular design that would enable it to be augmented and added-on to in the future. Optional plugins already are available that add features such as reverse proxy, Facebook integration, and an FTP stealer. RSA says Pandemiya likely took a year to develop and is now being sold in the underground marketplace for a substantial premium over Zeus and other toolkits. RSA's Uri Fleyder the premium price likely will constrain Pandemiya's popularity with cybercriminals, as much less expensive toolkits and Trojans are available that offer equivalent capabilities, although this may change as more advanced plugins are developed for the new Trojan.
With New Hack, Cellphone Can Get Data Out of Computers
Times of Israel (06/09/14) Shamah, David
A cellphone can be used to engage in air-gap network hacking, according to researchers at Ben Gurion University (BGU). The researchers say a hacker could use an email-phishing attack to get an unsuspecting cellphone user to install the right kind of malware onto their device. Once the cellphone is within one to six meters of a system, a hacker on the other side of the world will be able to remotely access any data they want, and no Internet connection is needed. Once the malware is on the phone, it scans for electromagnetic waves, which can be manipulated to construct a network connection using FM frequencies to install a virus onto a computer or server. A team led by BGU Cyber Security Lab director and professor Yuval Elovici has demonstrated how the technique is done with computer video cards and monitors. Elovici considers air-gap network hacking via cellphone to be a major security risk because currently there is little that can be done to prevent it other than turning off a phone. He expects the risk to grow as news of the attack technique spreads among hackers.
Critics: System for Rating Cybersecurity Flaws Outdated
Politico Pro (06/09/14) Perera, David
The Common Vulnerability Scoring System is set to be updated this fall for the first time since 2007, and many say the update is long overdue. Some point to the fact that the recent Heartbleed OpenSSL bug would have rated only a 5.0 on the current version of the CVSS, while many enterprises do not pay attention to vulnerabilities that score lower than 7.0. This is in part because many enterprises only pay attention to the base score, which FIRST CVSS chairman Seth Hanford says is ideally meant to be considered alongside other metrics. Making the base score more easily applicable is one of the goals of the new CVSS, according to Hanford. "We're trying to make it more actionable for what happens in real life," he says. Some of the factors that will be accounted for by the new scoring system are situations in which partial losses can have serious impacts and rating groups of vulnerabilities that are more serious when present together than individually. However, some have complained about the transparency of the comment process on the new CVSS, citing an intellectual property rights agreement that must be signed in order to participate in the review process.
Abstracts Copyright © 2014 Information, Inc. Bethesda, MD |
No comments:
Post a Comment