Search This Blog

Friday, September 12, 2014

Security Management Weekly - September 12, 2014

header

  Learn more! ->   sm professional  

September 12, 2014
 
 
Corporate Security
Sponsored By:
  1. "FBI: Attack on PG&E South Bay Substation Wasn't Terrorism" Pacific Gas & Electric
  2. "China Deploys Troops in South Sudan to Defend Oil Fields, Workers"
  3. "Panera Bread Asks Customers Not to Bring Guns to its Restaurants"
  4. "Wagering on Preparation" Casino Security
  5. "The Intelligence Triangle" Corporate Intelligence

Homeland Security
Sponsored By:
  1. "Al-Qaeda Units Survive Post-9/11 Fight"
  2. "Struggling to Gauge ISIS Threat, Even as U.S. Prepares to Act" Islamic State of Iraq and Syria
  3. "Obama Outlines Islamic State Fight"
  4. "Southwest Border Command is Planned at Homeland Security"
  5. "In Terrorism Battle, Threat Expands to Homegrown Extremists"

Cyber Security
Sponsored By:
  1. "Hackers Post Millions of Stolen Gmail Passwords on Russian Site"
  2. "Attackers Compromise Vulnerable Web Servers to Power DDoS Assaults"
  3. "Home Depot Confirms Security Breach Following Target Data Theft"
  4. "Research Finds No Large Scale Heartbleed Exploit Attempts Before Vulnerability Disclosure"
  5. "Government Expands Adoption of Critical Security Controls"

   

 
 
 

 


FBI: Attack on PG&E South Bay Substation Wasn't Terrorism
SF Gate (09/11/14) Baker, David R.

Last year's rifle attack on a Pacific Gas and Electric Co. substation near San Jose, Calif., does not meet the FBI's definition of terrorism, according to John Lightfoot, who manages the FBI's counterterrorism efforts in the Bay Area. The FBI, which is investigating the incident, defines terrorism as the illegal use or threat of force to further a political or social agenda. Lightfoot pointed out that no one has tried to take responsibility for the attack, nor is the FBI aware of any political reasons for why the attack was carried out. Some have called the shooting a sophisticated terrorist strike, possibly meant as a trial run for a larger assault on the U.S. power grid. The attack itself, however, was not difficult to carry out, and could have been executed by one man with little training, Lightfoot said. Lightfoot added that the attack may have been carried out by a disgruntled PG&E employee, although a spokesman for the utility refused to speculate on that possibility.


China Deploys Troops in South Sudan to Defend Oil Fields, Workers
Wall Street Journal (09/09/14) Bariyo, Nicholas

China is contributing 700 soldiers to a United Nations peacekeeping force to help guard oil fields in South Sudan and protect Chinese workers and installations. Ateny Wek Ateny, a spokesman for South Sudan's president, said Tuesday that airlifting the troops would take several days. China's decision to deploy the troops is part of its increasing efforts to ensure worker safety and the availability of energy for domestic consumption. The decision to send Chinese soldiers to South Sudan comes amid a disruption in oil production due to the violence that broke out in that country late last year.


Panera Bread Asks Customers Not to Bring Guns to its Restaurants
Security Magazine (09/14)

Panera Bread has requested that customers not bring any guns into its restaurants, following similar moves by other chains. "The request is simply we recognize everyone's rights," said Panera CEO Ron Shaich. "But we also recognize that we are building communities in our cafes and are where people come to catch a breath." Panera Bread has not had any material issues with firearms in its stores. Panera also intends to keep following state and local firearm laws, and will not ask employees to enforce the new request or place signs about it in its restaurants.


Wagering on Preparation
Security Management (09/14) Tarallo, Mark

All casinos face similar security challenges, including card cheats and belligerent guests, and require well-trained security and surveillance teams, but facilities may also face security issues that are specific to them and/or their location. Baha Mar in the Bahamas, opening in December, intends to take precautions against crime with an extensive security program that involves building and maintaining a team, running live exercises, and creating a working relationship with local law enforcement. Marvin Dames, the vice president of security for Baha Mar Ltd., says the casino's security philosophy is to be prepared for anything. All employees will receive some security training, as Dames says that the company thinks of security "holistically." There will be a secondary, off-site emergency operations center (EOC), in case a crisis, such as a hurricane, affects the on-site EOC. The Palms Casino Resort in Las Vegas faces other security issues, often caused by the combination of recklessness, the adrenaline of gambling, alcohol, and the heat of Nevada. Security includes crowd control at the facility's casino, hotels, pools, and nightclubs. Employee orientation sessions also include active-shooter training. Officers are trained to verbally defuse situ­ations with upset guests, while still pro­viding good customer service. Theft prevention requires an extensive, sophisticated surveillance operation of 1,500 security cameras. The rise of social media has become a useful source of intelligence for casino security, but it also means that most incidents are filmed by guests and may be uploaded to social-media sites.


The Intelligence Triangle
Security Management (09/14) Lane, Bryan

All good corporate intelligence programs require a strong information requirement, access to data, and the tools and expertise to process the data. Those three components make up the intelligence triangle. Information requirements are the base of the triangle and are usually standing requirements, ad hoc requests, or information discovery projects. Information requirements may vary depending on who needs them, so they have to be prioritized within a business. These requirements should also become a part of daily business. Data gathering makes up one side of the triangle and supports intelligence programs by filling gaps in data. Data may include sales, financial statements, current events, and government policies. Data sharing throughout a company can ensure intelligence remains up to date. The final portion of the intelligence triangle is effective communication of the outcome of processed data. Using analytical and data visualization technology can help report information. Structured data is often the easiest to work with as it is information that can be categorized. Unstructured data can be harder to work with as it comes from free text. This form of data needs to be analyzed for a conclusion to be reached.




Al-Qaeda Units Survive Post-9/11 Fight
Washington Post (09/12/14) Miller, Greg ; Whitlock, Craig

As the nation looks back on the 13 years since the Sept. 11 attacks, some are also reflecting on the success of the counterterrorism efforts the U.S. has launched against al-Qaida and its affiliates over the past decade. Assessments of those efforts indicate that al-Qaida and its affiliates have been significantly weakened and are now less of a threat to the U.S. than they once were. However, neither al-Qaida nor any of its affiliates have been completely eradicated, and are still enough of a threat that the counterterrorism operations that are being carried out against them in places like Yemen and Somalia cannot yet end. But even a near total collapse of a terrorist group would not completely eliminate the threat from that organization, as the history of the Islamic State has shown. That group's precursor, al-Qaida in Iraq, was believed to have lost 95 percent of its membership and strength by the time of the U.S. withdrawal from Iraq in 2011 but has since regrouped and now controls large swaths of territory in Syria and Iraq. National Counterterrorism Center Director Matt Olsen says this shows how defeating a group does not necessarily mean that everyone who was affiliated with that organization will suddenly adopt a less radical worldview. Retired Air Force Gen. Charles Wald agrees, saying that the U.S. will never really be able to declare victory in the fight against terrorism, which he says will continue for quite some time to come.


Struggling to Gauge ISIS Threat, Even as U.S. Prepares to Act
New York Times (09/11/14) Mazzetti, Mark; Schmitt, Eric; Landler, Mark

Even as the president and administration officials are making the case for a long-term campaign against the Islamic State, some members of the U.S. intelligence community are saying that much of the rhetoric about the threat posed by the group is overblown. Daniel Benjamin, a former top counterterrorism adviser for the State Department, recently called the public discussion of the threat posed by IS a "farce," saying claims being made in the media that the group was infiltrating the U.S. through Texas and planning to carryout biological attacks were absurd and baseless. Matthew G. Olsen, the director of the National Counterterrorism Center, last week said that IS is not even as big a threat to the U.S. as al-Qaida, as it does not maintain cells of operatives in the U.S. and around the world. Others are warning that if anything, expanded U.S. operations against IS will make the group more of a threat to the U.S., by providing it with ready material for recruitment and propaganda. Meanwhile, Homeland Security Secretary Jeh Johnson said Wednesday that there was no credible intelligence that IS is planning attacks on the U.S. homeland, a point President Obama himself conceded later that day in his own speech making the case for expanded operations against the group.


Obama Outlines Islamic State Fight
Washington Post (09/11/14) Eilperin, Juliet; O'Keefe, Ed

President Obama on Wednesday night delivered a speech outlining his administration's strategy for fighting the lslamic State. The strategy will be executed by a coalition of the U.S. and its allies that will seek to "degrade and ultimately destroy" the Islamic State, the president said. In addition, airstrikes currently focused on Islamic State positions in Iraq will be expanded to target the group in Syria. The president also called on Congress to authorize a program in which American military personnel will train Iraqis and Syrians, including members of moderate Syrian rebel groups, to fight Islamic State militants in those two countries. Although that proposal has been criticized by House Speaker John Boehner (R-Ohio), who says it could take years to implement and may not be effective, it appears that it has the support of most House Republicans. Finally, the president's strategy calls for sending 475 new U.S. troops to Iraq, although they will not be involved in a combat role. President Obama did not say when the mission would end, but some of his aides have suggested that it could continue even after he leaves office in 2017. The president's plan has drawn praise and criticism from members of both parties, while others have suggested that its success hinges on how well the U.S. works with the Iraqi government and the governments of other countries.


Southwest Border Command is Planned at Homeland Security
Wall Street Journal (09/11/14) Barrett, Devlin

In what may be the Department of Homeland Security (DHS)'s most significant restructuring in its existence, officials are planning to create a military-like chain of command to police the U.S.-Mexico border. The proposed Southern Command, or Southcom, would bring together agents from Customs and Border Protection and Immigration and Customs Enforcement, who would be overseen by a Coast Guard admiral. The creation of Southcom is meant to reduce the flow of illegal immigrants and improve investigations of criminal activity along the border. More than 400,000 immigrants were caught trying to illegally cross into the United States last year, and authorities have more recently struggled to deal with more children entering the country. DHS Secretary Jeh Johnson has been pushing for an overhaul of the department's organizational structure, but such a reorganization could require legislation that may be difficult to pass.


In Terrorism Battle, Threat Expands to Homegrown Extremists
Houston Chronicle (09/10/14) Schiller, Dane

In an address to the nation on Sept. 10, President Obama said that U.S. intelligence believes that thousands of individuals, including Europeans and Americans, are joining terrorist organizations in the Middle East and Africa. These individuals may "try to return to their home countries and carry out deadly attacks," Obama said. Last month, the State Department confirmed that a 33-year-old man from Minneapolis was killed in Syria while fighting with the Islamic State, and a second American reportedly was killed fighting for the same group in Syria. Perrye Turner, the new head of the FBI's Houston Division, has warned that "homegrown violent extremists," combined with public complacency about terrorism, are the greatest threat to the Houston area, though he said no region is immune to the threat of violence. Homegrown terrorists often work alone, and because they are isolated, they are more difficult to find than large organizations like al-Qaida. Critics say that national safety is important, but that the U.S. government can be too aggressive, and may arrest people who have never been a threat to anyone.




Hackers Post Millions of Stolen Gmail Passwords on Russian Site
CBS News (09/10/14) Augenbraun, Eliene

A user named tvskit has posted a list of 5 million Gmail usernames and passwords on a Russian bitcoin Web forum, though it is unclear how many of these pairs are current. Google says it believes only about 2 percent of those passwords would have worked. Some users on the social media site Reddit agreed after finding their usernames on the list of leaks. Google has warned people not to reuse the same username and password across different Web sites. Users are also being advised to change their passwords to a complex combination of letters, numbers, and symbols, and to use two-step verification.


Attackers Compromise Vulnerable Web Servers to Power DDoS Assaults
eWeek (09/10/14) Lemos, Robert

Cybercriminals are using botnets consisting of Linux or Windows servers to carry out powerful distributed denial-of-service (DDoS) attacks, warns cybersecurity firms Prolexic and Sucuri. According to Sucuri, cybercriminals were recently able to assemble a botnet of 2,000 servers running Windows to send about 5,000 HTTP requests a second to one of its client's Web servers, thereby knocking the server and the company's Web hosting provider offline. The DDoS campaign that used Linux servers has been described by Prolexic as being more extensive than the one involving Windows servers. Prolexic noted in an advisory that one DDoS attack using these servers peaked at 119 Gbps. The company also said these attacks were carried out against financial institutions after hackers were able to exploit vulnerabilities in Linux software. After breaking into the servers, the attackers reportedly uploaded malware that creates a copy of itself named .IptabLex or IptabLes. The latter is a firewall and routing package often found in most versions of Linux. The malware enables the attackers to instruct infected servers to carry out DDoS attacks using SYN and DNS flood techniques. Prolexic says although the Linux server botnet shows signs of being unstable, the attackers could take steps to improve the stability of their botnet for future attacks.


Home Depot Confirms Security Breach Following Target Data Theft
Reuters (09/09/14) Bose, Nandita; Sharma, Shailaja; Layne, Nathan

Home Depot confirmed Sept. 8 that customers at all of its U.S. stores, as well as at least some of its stores in Canada, were affected by a breach of its payment systems that may have began as early as April. The breach is still under investigation, and it remains unclear how many customers were affected. However, security blogger Brian Krebs speculated that the number of affected customers could be larger than the number impacted by the data breach at Target last year. That breach resulted in the theft of at least 40 million payment card numbers and 70 million other pieces of customer data. Krebs also says that the Home Depot data breach was carried out using a variant of the same malware as was used in the attack against Target. No PINs are believed to have been stolen in the Home Depot breach. Meanwhile, Home Depot is trying to help customers who may have been affected by offering them free identity-protection services. However, the retailer is being criticized by some for not detecting the breach sooner. News of the incident first leaked last week, roughly about the same time Home Depot began its investigation.


Research Finds No Large Scale Heartbleed Exploit Attempts Before Vulnerability Disclosure
Threatpost (09/09/14) Fisher, Dennis

A multi-institutional study of the impact the OpenSSL Heartbleed bug had on the Internet since it was disclosed in April uncovered no evidence that anyone attempted to exploit the vulnerability on a large scale prior to its public disclosure. "We estimate that 2 million HTTPS hosts were vulnerable two days after disclosure," the researchers note. They examined Web traffic logs for the weeks and months leading up to the disclosure, as well as data from the weeks immediately following the announcement. The traffic was compiled from passive taps at Lawrence Berkeley National Laboratory, the International Computer Science Institute, the National Energy Research Scientific Computing Center, and a honeypot established on Amazon's EC2 system. "For all four networks, over these time periods our detector found no evidence of any exploit attempt up through April 7, 2014," the researchers report. "This provides strong evidence that at least for those time periods, no attacker with prior knowledge of Heartbleed conducted widespread scanning looking for vulnerable servers. Such scanning however could have occurred during other time periods." The study results also do not eliminate the potential for an attacker or attackers to have been conducting targeted reconnaissance on specific servers or networks.


Government Expands Adoption of Critical Security Controls
Government Computer News (09/08/14)

Ninety percent of organizations have adopted the Critical Security Controls (CSCs) roadmap, with government and financial sector-based industries leading the way, according to a new SANS Institute survey. The adoption rate is up from 73 percent in 2013, according to last year's survey. Initiated in 2008, the CSC project offers a roadmap of 20 best practices for computer security developed by a public-private consortium. "Organizations across a broad range of industries are making steady progress toward adopting, integrating, and automating the CSCs," says SANS analyst James Tarala. Nonetheless, key issues identified as hindering adoption a year ago remain, such as staffing problems, lack of budget, and silos that limit communication between IT security and operations. Not all organizations have adopted all controls, and are following the order of controls currently listed as 1-20. But 16 percent of those who are able to measure improvement observed the controls' enhanced risk posture and 11 percent augmented their ability to detect advanced attacks. SANS is now working on guidelines and case studies, which were requested by two-thirds of the survey participants, says SANS Innovation Center director Tony Sager. "The controls are not about having the best list of things to do—they are about members of a community helping each other improve their security," he says.


Abstracts Copyright © 2014 Information, Inc. Bethesda, MD


  ASIS also offers a daily and a non-sponsored, special-content Professional Edition of
Security Newsbriefs. Please click to see a sample or to contact us for more information.

Unsubscribe | Change E-mail | Security Management Online | ASIS Online

No comments: