| |
Charlie Hebdo to Publish One Million Copies of Next Issue
Wall Street Journal (01/09/15) Landauro, Inti
Charlie Hebdo is planning a bumper print run of one million copies for its next edition, in a defiant response to the attack on its offices that killed the top editor and seven staffers and contributors. "The paper will continue because they didn’t win," said Patrick Pelloux, a columnist for the French weekly, referring to the gunmen. Charlie Hebdo—known for its satirical critique of all forms of authority, be it religion, government or the military—plans a shorter version of the next issue on Wednesday, with eight pages instead of the usual 16, said the magazine’s lawyer, Richard Malka. However, he said it would publish one million copies. Charlie Hebdo normally sells about 30,000 copies a week. Other media companies, including Le Monde and Vivendi SA ’s Canal Plus , among others, have offered to help pay for the giant run, he said. Roughly €250,000 ($300,000) will come from a fund Google Inc. set up two years ago to settle a copyright fight with French newspapers, the fund’s director said. Malka said the magazine’s contributors were still meeting to discuss the magazine’s future.
FBI Says Little Doubt North Korea Hit Sony
New York Times (01/08/15) P. B1 Schmidt, Michael S.; Perlroth, Nicole; Goldstein, Matthew
FBI Director James Comey announced Wednesday that the agency has concluded that North Korea was behind the cyberattacks on Sony Pictures, partly due to mistakes that the hackers had made. In some cases, the hackers logged into both their Facebook account and Sony’s servers from North Korean Internet addresses, and then tried to backtrack and rerout their attacks and messages through decoy computers. Comey acknowledged that the hackers had used decoys, but did not specify the mistakes that gave him “high confidence” that North Korea was behind the attack. Comey made his remarks at the four-day International Conference on Cyber Security in New York, which gathered law-enforcement officials and Internet-security experts to discuss and analyze techniques hackers use to breach corporate networks. Before the November attacks, Sony had been threatened in messages posted to a Facebook account, set up by a group called “Guardians of Peace.” Facebook closed that account, after which the group began to send email threats to Sony and on the anonymous posting site Pastebin. Some digital-security experts remain skeptical that the attackers were North Korean, saying that an extortion letter posted by the attackers suggests criminals or embittered employees, and that the attackers could have faked the coded malware taken off computers with Korean language settings.
Why It's Time For a Board-Level Cybersecurity Committee
Forbes (12/27/14) Atkins, Betsy
A study has found that up to $21 trillion in global assets could be at risk from cybercrime. As digital security breaches escalate, corporate boards should be aware that providing oversight on cybersecurity risks is part of their fiduciary duty. Boards should form a dedicated cybersecurity technology committee that may require new candidates with computer security backgrounds. The board also should require management to present their policies on cyber security in written form in terms of security practices, standards, and protocols for responding to security breaches. The board also should be able to identify the manager responsible by title, and in what timeframe they are to respond to an intrusion. In the event of a cyber-breach, the board should schedule an update from the security committee on any forensic review. The company may need to disclose any data breach in SEC filings if the breach was material. Courts consider failure to disclose a cyber-attack as a "material omission," according to some interpretations of new SEC guidance on disclosure. In addition, the board should work with the general counsel to determine the extent to which existing directors and officer’s insurance coverage provides protection, and identify what issues should be overseen by the CIO, the board, or board/committee for action and/or approval.
Hospitals Using Stun-Guns for Workplace Violence Prevention See 41 Percent Difference in Incidents
Security (12/14) Vol. 51, No. 12, P. 14
Workplace violence in hospitals is rising and facilities are implementing training components to help mitigate assaults. According to a survey from Duke University Medical Center and the International Healthcare Security and Safety Foundation, 99 percent of hospitals have security policies that include at least one of the following: employee involvement, management commitment, incident reporting and record keeping, training of security staff, hazard prevention and control, and worksite analysis. Fifty-five percent include all six components. While 98 percent of hospitals train security staff on workplace violence policies, only 14 percent require such training for all staff. Respondents indicated a need for continued efforts to enhance training availability, content and reach. Most hospitals provide security staff with handcuffs, followed by batons, OC products, hand guns, Tasers, and K9 units. The study also found a 41 percent lower risk of physical assault for hospitals that provided their security staff with Tasers compared to those that did not.
Why New Credit Cards May Fall Short on Fraud Control
Wall Street Journal (01/05/15) P. A1 Sidel, Robin
U.S. banks will issue over a half-billion new credit cards this year that feature embedded computer chips, but there are concerns that opting against "chip-and-PIN" technology in favor of the signature version means the cards will fall short when it comes to fraud control. Rather than require customers to input a PIN number, the new cards will require users to continue authenticating transactions with a signature. Although experts say PINs are more secure than signatures, which can easily be copied, U.S. bank executives say the signature version will eliminate the burden of having to remember a new four-digit code at checkout. Jon Krauss, senior manager for card payment strategy at Discover, says, "[Chip-and-signature cards] are such a big shift that we didn't want to make it more difficult than it already will be [by requiring a PIN]." Bank of America Corp. and Citigroup Inc. also are opting for chip-and-signature cards. JPMorgan Chase shifted away from a plan to issue chip-and-PIN cards after testing them with consumers, and the bank already has issued millions of chip-and-signature cards. Experts note that chip-based cards, even without requiring PINs, make it more difficult for thieves to make counterfeit cards.
European Officials Step Up Security Measures in Wake of Paris Shooting
Wall Street Journal (01/09/15) Bryan-Low, Cassell; Meichtry, Stacy; Troianovsky, Anton
A number of European nations have bolstered their security measures in the wake of Wednesday's shooting in Paris. European security and intelligence officials are warning that people who act alone or in small groups to kill and maim with firearms rank among the biggest threats to emerge from this current wave of Islamic extremism. That is due to the fact that such attacks are much easier to organize than large-scale bombing plots. In addition, attacks of this nature will typically involve less communication within terror networks that intelligence operatives can intercept. Since the Paris shootings, French authorities have deployed over 1,000 additional police and paramilitary forces throughout the Paris metropolitan area to guard everything from department stores to newsrooms to religious venues. In addition, the streets around the president's official residence have been locked down. The United Kingdom, meanwhile, has bolstered security at border crossings and is searching more vehicles and scanning more freight. The U.K. has also boosted the visible security presence at several ports.
Suspect in Charlie Hebdo Attack Was Trained in Yemen
Wall Street Journal (01/09/15) Gauthier-Villars, David
One of the French-born brothers who allegedly stormed the newsroom of the satirical magazine Charlie Hebdo in the deadly rampage that left 12 dead is believed by U.S. and French intelligence to have received weapons training from an al Qaeda offshoot in Yemen, U.S. officials said Thursday. The brother, Said Kouachi, was allegedly trained under the auspices of al Qaeda in the Arabian Peninsula during 2011, the officials said, but there is so far no evidence the group directed, ordered, or monitored the attack. "We know they were inspired," another U.S. official said, "but we do not know the extent they were associated with al Qaeda." Current and former officials said the tactical prowess demonstrated in the attack showed the gunmen had received training and rehearsed before Wednesday. "The attack was very complex. It was obviously less complex than 9/11 but it was tactically complex, that required planning, reconnaissance, logistics and support from above," said Michael Flynn, a retired lieutenant general and former head of the Defense Intelligence Agency. "They clearly rehearsed this attack." Flynn said the attack appeared to have the strategic impact that many al Qaeda affiliates seek. "What they wanted is international condemnation. It is counterintuitive to us, but it makes perfect sense to them. That is what makes them heroes," he said. Chérif Kouachi, 32 years old, was listed on a U.S. list of known or suspected terrorists, as well as on the U.S. government’s no-fly list, according to a senior U.S. intelligence official. He turned to radical Islam after he began attending a mosque in Paris where Muslim preacher Farid Benyettou espoused the militant Salafi jihadist ideology of al Qaeda, according to Vincent Ollivier and other lawyers involved in a court case against him. In 2004, Chérif Kouachi joined others who were allegedly preparing to fight U.S. troops in Iraq, according to French prosecutors. At the time, dozens of French citizens had gone to Iraq, often via Syria, to fight American troops at the behest of radical Islamist preachers who accused the U.S. of invading Iraq. It was unclear if he received any military training, prosecutors said, but the cell mastered the logistics of sending recruits to the battlefield. Once in Iraq, several French jihadists associated with Chérif Kouachi’s preacher trained in camps linked to the most aggressive of the Iraqi insurgency groups, al Qaeda in Iraq. Chérif Kouachi planned to travel to Iraq but never got the chance, according to French prosecutors. In early 2005, French police swooped in on the recruiting cell, detaining several people, including him.
Terror Assualt on French Magazine Complicates Efforts to Grapple With Anti-Immigration Sentiment
Wall Street Journal (01/08/15) Troianovski, Anton; Duxbury, Charles
The deadly terror attack in Paris yesterday that left 12 people dead at the hands of Muslim terrorists is presenting European leaders with the delicate task of simultaneously condemning the attack and working to prevent further attacks without inflaming already growing anti-Muslim sentiment in Europe. German Chancellor Angela Merkel in particular is struggling to to keep the attack from giving new weight to an anti-Islam group based out of the city of Dresden that she recently spoke out against. Like many other anti-Islam groups in Europe, the Dresden group's grievances largely derive from anti-immigration sentiment: recent waves of immigration have swollen the Muslim populations of several European countries in recent years. Sweden is also facing the prospect that the attack in Paris could set off retaliatory attacks on Muslims. The country has already seen several mosques attacked in apparent arsons in recent weeks. The possibility of retaliatory violence is also high in Belgium, where a gunman attacked a Jewish museum last year. British Prime Minister David Cameron will have handle the attack gently, because his conservative party rose to its current dominant position in part by taking tougher stances on immigration issues. Unlike other European countries, Britain did not raise its terror alert status yesterday.
Scorch Marks and Questions Linger After NAACP Bombing Colorado
New York Times (01/09/15) Healy, Jack
The Colorado Springs chapter of the NAACP has moved back into its offices after an unknown attacker set off of makeshift bomb there on Tuesday. The small improvised explosive, which was set next to a gas can that did not ignite, did little damage, leaving only a charred patch outside the offices. The FBI says it is seeking a person of interest in the case--a balding, middle-aged white man driving a white pickup--but it is not clear if the individual is a suspect. It is unclear what may have motivated the attack. Some local NAACP worker speculate that it may be related to the recent controversy surrounding police killings of unarmed black men, while others recall a confrontation with a man who came to the offices last month and ranted about the NAACP not supporting his personal protest against local law enforcement before being asked to leave. Former chapter president Willie Breazell says that the Colorado Springs chapter has long resisted putting up security cameras, but in the wake of the bombing he said he now feels it's time.
Hezbollah Appears to Acknowledge a Spy at the Top
New York Times (01/06/15) P. A4 Barnard, Anne
After reports emerged that a senior operative for Lebanon's Hezbollah had been caught spying for Israel, the group's deputy chief, Naim Qassem, said that it was "battling espionage within its ranks" and had experienced significant infiltration. Lebanese and Arab news media identified the mole as Mohammad Shawraba, who was charged with taking revenge for Israel’s 2008 assassination of operative Imad Mughniyeh. The reports about a mole in Hezbollah, and what seems to be confirmation from Qassem, suggest that Hezbollah is working to launch attacks in response to Mughniyeh’s death. On Al-Nour, a Hezbollah-affiliated radio station, Qassem said that Hezbollah could contain any damage from espionage. The reported espionage within Hezbollah comes as the party expands its size and mission, which has angered Lebanese Sunnis who do not want to see the group involved in other countries, such as Syria, but want it to stay an independent militia only for fighting Israel. In sending many of its Shiite fighters to Syria to prevent the overthrow of President Bashar al-Assad, Hezbollah may have disrupted its officials’ focus on deterring Israeli espionage, said Randa Slim, an analyst affiliated with the Middle East Institute in Washington.
NSA's Rogers Calls for More Forceful Response to Cyberattacks
Wall Street Journal (01/09/15) Paletta, Damian
The government should more forcefully respond to foreign countries that engage in cyberattacks, because some hackers have come to believe there is minimal risk in stealing U.S. government or corporate data, according to NSA director Navy Adm. Mike Rogers. He said the growing number of cyberattacks represents one of the biggest transfers of intellectual knowledge that we have ever seen. His comments come roughly a month after U.S. officials charged that North Korea was behind an online attack on Sony Pictures Entertainment Inc., stealing and destroying trade secrets and data. Rogers said he harbored no doubts that North Korea was behind the attack, and said the NSA assisted the Federal Bureau of Investigation in the continuing probe. Another top NSA official, Robert Joyce, referred to the Sony hack as a "game-changer." Joyce, chief of the agency’s secretive tailored access division, effectively leads the NSA division that engages in cyberspying on behalf of the U.S. government.
Rogers and Joyce spoke as U.S. officials implored business executives to share more information with the government to help prevent cyberattacks. "What we’ve seen in the last six to nine months in general...trends are going in the wrong direction," Rogers said. "Doing more of the same and expecting different results, my military experience tells me, is not a particularly effective strategy." Many corporations want greater protection from foreign cyberespionage, but are wary of a larger role for the federal government, particularly after revelations of widespread data collection by U.S. spy agencies.
Rogers said there now is a lack of trust between many companies and the government, and said this would have to be repaired for cyber protections to improve.
Cyber Secuity Groups Use Fake Computers to Trap Hackers
Financial Times (01/01/15) Kuchler, Hannah
Several cyber security companies are working on products that would defend networks not by creating impenetrable defenses, but by creating decoys that they can use to distract and trap hackers. Offered by companies such as Israeli startup TrapX, these decoys are evolutions of the "honeypots" security researchers used to study hackers and malware in the 2000s. Those early honeypots were very labor intensive, according to Allen Harper of Tangible Security. "It took an expert and there were only a few of them at a time," explains Harper. These new decoy systems, however, are highly automated and easily scalable. Another decoy vendor, GuardiCore, is marketing its solutions as something than can easily be situated within a data center and set up to entice hackers. Such systems can serve as an alarm system or as a location to trap and study hackers to try and determine who they are an what they're after. The decoys can also give organizations a heads up about what exploits the hackers are using to get into their systems, allowing those vulnerabilities to be patched before any real damage is done. "We're trying to learn about the attacker and use the intelligence we get to stop him," explains GuardiCore co-founder Pavel Gurvich.
Pro-Russia Group Says it Hacked Merkel Website
Wall Street Journal (01/07/15) Thomas, Andrea; Troianovski, Anton; Shchetko, Nick
A group of pro-Russia hackers that call themselves CyberBerkut has claimed responsibility for the online attack Wednesday that caused an hours-long shutdown of several German government websites, including that of Chancellor Angela Merkel. This attack comes after Germany has become more vocal in its support for Ukraine's government and critical of Russia’s support of separatists fighting in eastern Ukraine. Ukrainian Prime Minister Arseniy Yatsenyuk was scheduled to arrive in Berlin Wednesday to sign an agreement for 500 million euros ($596 million) in loan guarantees to help rebuild eastern Ukraine. Germany’s Federal Office for Information Security is investigating the attack, but says it does not have any new information on the source. Berkut was the name of Ukraine’s former special police force, blamed by many pro-Western demonstrators for the deadly attack against protesters on Kiev's Independence Square last year. Pro-Russia activists have rallied behind the Berkut as a symbol against the pro-Western movement. CyberBerkut has objected to the new Ukrainian authorities and claims to have staged attacks against dozens of websites in Ukraine and abroad.
Hacker Claims You Can Steal Fingerprints With Only a Camera
CNet (12/29/14) Rosenblatt, Seth
Physical access to a fingerprint may not be required to exploit fingerprint readers, according to European hacker Jan Krissler. During the recent Chaos Computer Conference in Germany, Krissler demonstrated how he faked the fingerprint of Germany's federal minister of defense, Ursula von der Leyen. Krissler had a photographer take high-resolution photos of her fingers during a presentation in October, while standing about nine feet away from von der Leyen. Krissler used the commercially available VeriFinger software on the digital copy of von der Leyen's finger. Although Krissler was unable to verify that von der Leyen's fingerprint was accurate, he is confident it was a workable copy. "I have tried it with my own finger under similar circumstances [same camera, same distance]," he says. Apple's Touch ID technology gave new momentum to the idea of using biometric readers, but Krissler's presentation could raise more questions about the vulnerability of fingerprint scanners.
In 2015, Agency IT Security and Operations Converge
Government Computer News (01/05/15) Jackson, William
Two trends are likely to dominate the government cybersecurity agenda in 2015: greater penetration of cybersecurity into all facets of IT, and greater integration of cybersecurity into the platforms and software being acquired by agencies. The first trend is confirmed by a recent NASCIO and Deloitte study, which found CISO responsibilities evolving to include risk and compliance even as many CISOs find themselves assuming accountability in a variety of new areas. "CIOs and state leaders need to consider creative ways of allocating and managing these expanding responsibilities," according to NASCIO. Greater integration of cybersecurity into vendor products likely will be led by cloud vendors who are eager to compete by embedding security features into their products. Two recent vendor reports found improved security is a major motivator for moving to the cloud, with nearly two-thirds of government respondents to a General Dynamics survey saying secure infrastructure is a major benefit of moving to the cloud. These two trends likely demonstrate an effort in government to do more with less, with the federal cybersecurity budget set to decline slightly in 2015.
Abstracts Copyright © 2015 Information, Inc. Bethesda, MD |
No comments:
Post a Comment