Friday, October 26, 2007

Security Management Weekly - October 26, 2007

header

  Learn more! ->   sm professional  

October 26, 2007
 
 
CORPORATE SECURITY  
  1. " Blackwater Call for Cameras Denied" Security Contractor in 2005 Asked State Department to Approve Cameras in Vehicles to Help Disprove False Allegations
  2. " Darfur Rebels Kidnap Oil Workers"
  3. " South Korean Spies Admit 1973 Snatch" Former South Korean President Was Target of Assassination Plot
  4. " Activist, Guard Killed on Brazil Biofarm"
  5. " Airports Object to Latest Background Checks" Delays in Screening New Airport Employees Irk Industry

HOMELAND SECURITY  
  6. " Feds Join Probe in Southern California Wildfire" Arson Eyed
  7. " California Wildfires May Cost Insurers $1.6 Billion"
  8. " California Fires Fuel Squabbles About Readiness"
  9. " More Than 755,000 on US Terrorist Watch List"
  10. " Blasts Targeting Bhutto in Pakistan Were Carried Out by Two Suicide Bombers"
  11. " Bloomberg: Get Surveillance Cameras For Buses, Trains"

CYBER SECURITY  
  12. " TJX Data Breach May Involve 94 Million Credit Cards"
  13. " Day After Cyber 'Attack,' Rockies Sell Out All Series Games" Sale of World Series Tickets Slowed by Possible 'Denial-of-Service' Attack
  14. " Small Business: Hackers' Low-Hanging Fruit"
  15. " CIOs Must Manage IT Risk as Business Risk"


   







 

"Blackwater Call for Cameras Denied"
Washington Times (10/24/07) ; Kralev, Nicholas

Secretary of State Condoleezza Rice on Oct. 5 ordered that video cameras and recording equipment be installed in convoy vehicles guarded by Blackwater USA. But according to internal Blackwater documents, the security firm asked the Department of State in May 2005 to install cameras in official U.S. motorcades protected by its employees "in response to a false accusation against one of our teams in Baghdad." The company considered the fact that that footage could be used against it but decided in the end that the cameras and recording devices would work to its advantage and planned to use footage for training purposes. Following the request, a former official with the Bureau of Diplomatic Security, the Department of State's law-enforcement arm, contacted Blackwater and asked it to "stand down" due to unresolved legal issues. The matter was then dropped.
(go to web site)

"Darfur Rebels Kidnap Oil Workers"
Associated Press (10/25/07) ; Osman, Mohamed

Members of the Justice and Equality Movement (JEM,) a leading Darfur rebel group, attacked a Chinese-owned oil field in the Kordofan region Tuesday, kidnapping two foreign workers. JEM said that it launched the attack because foreign oil companies are funding Khartoum's war in Darfur, giving the companies a one-week deadline to stop operating in the region. The two kidnapped workers, reported to be a Canadian and an Iraqi, were said to be in "good health," according to a JEM leader. The Sudanese military, which suffered losses during the attack, downplayed the impact of the incident, calling it "insignificant" and stating that it would not have an impact on Sudan's oil output.
(go to web site)

"South Korean Spies Admit 1973 Snatch"
BBC News (10/24/07)

As part of a three-year inquiry into its past, South Korea's National Intelligence Service has admitted that its precursor, the Korea Central Intelligence Agency, kidnapped former President Kim Dae-jung from a Tokyo hotel on August 8, 1973, with the purpose of killing him. Kim has said in the past that he was loaded into a boat by agents who intended to throw him overboard but that the arrival of a U.S. plane overhead scared the abductors, who ended up taking Kim to Seoul, where he was placed under house arrest. The kidnapping, says the intelligence agency, was tacitly approved by then President Park Chung-hee, who defeated Kim in a 1971 presidential election. Kim remained under house arrest and in prison for several years but was eventually elected president in 1997 as South Korea emerged from military rule to democracy. He later won the Nobel Peace Prize for engaging North Korea in peace efforts. Kim walks with a limp due to an injury sustained in 1971 when a truck ran his car off the road, believed by many to have been an assassination attempt.
(go to web site)

"Activist, Guard Killed on Brazil Biofarm"
Guardian Unlimited (UK) (10/22/07) ; Clendenning, Alan

Two people were killed when security guards opened fire on activists at a Brazilian biotech seed farm. One activist and one guard were killed and eight others were injured after activists from the Via Campesina organization entered the farm, owned by Syngenta AG, a leading researcher in genetically modified foods. Authorities would not comment on the incident, however the government did release a statement announcing that seven security guards were arrested on charges of homicide and gang formation. According to reports, the activists shot off fireworks at the farm's entrance and later were confronted by a bus of armed guards who opened fire. The activists were protesting the farm's research in genetically modified seeds, and other members of the organization had previously protested on farm property in March 2006 until a court order removed them. Syngenta officials said that their contract called for the security guards to be unarmed.
(go to web site)

"Airports Object to Latest Background Checks"
USA Today (10/21/07) ; Frank, Thomas

Airports Council International-North America (ACI-NA) has asked the Transportation Security Administration (TSA) to reconsider a new policy that calls for government background checks for new airport hires. Many airports say that they have been unable to hire new workers because the clearance process takes too long. "The new process is not working," said ACI-NA President Greg Principato in a letter to TSA chief Kip Hawley. "Businesses are contemplating shutting down because of the inability to bring on new employees." Under the old policy, the TSA ran background checks on employees after they started work, however now airports cannot issue employee ID cards until the TSA confirms that the worker is not an illegal immigrant and does not have ties to any terrorist organizations. TSA officials said that the delays are a result of technical difficulties that are preventing TSA from receiving the personal information of potential airport employees.
(go to web site)

"Feds Join Probe in Southern California Wildfire"
Associated Press (10/24/07) ; Marquez, Jeremiah

Federal authorities have joined local law enforcement in the search for evidence that one of the Southern California wildfires was started by an arsonist. In Orange County, authorities believe that the fire was started by an arsonist because they discovered three different ignition points in a small area. Meanwhile, in San Bernardino County, one man was arrested for setting a small fire and another was shot and killed after fleeing police and crashing his car into a police cruiser. Law enforcement officials have increased patrols throughout the region in an attempt to stop any additional fires. They are offering a $70,000 reward for anyone with information on the person responsible for any of the fires. San Diego authorities are also dealing with instances of looting, with two arrests having already been made.
(go to web site)

"California Wildfires May Cost Insurers $1.6 Billion"
Worcester Telegram & Gazette (MA) (10/26/07) ; Mider, Zachary R.

Insured damages related to the current wildfires in Southern California could reach $1.6 billion, according to estimates from Risk Management Solutions Inc. (RMS). Meanwhile EQECAT Inc. estimates damages at $1 billion, and Beacon Economics says damages could reach between $1 billion and $2 billion. If the fires continue to spread, analysts predict damages will rise significantly to become the largest catastrophe of 2007. RMS stated several of the larger fires in the state are only 30 percent contained and that the next 24 hours are critical for insurers facing property damages. Catastrophe losses through September 2007 reached $4.7 billion, with the largest loss occurring in April along the east coast from a severe rainstorm. The losses are significantly lower than the $7.8 billion in catastrophe damages sustained in 2006.
(go to web site)

"California Fires Fuel Squabbles About Readiness"
Wall Street Journal (10/24/07) P. A1 ; Karp, Jonathan; Pasztor, Andy; Rundle, Rhonda L.

Despite efforts to quell the fires ravaging Southern California, critics continue to raise questions about the local governments' ability to stave off further damages with their limited resources. For instance, cash-strapped San Diego continues to have underfunded fire and police departments, and residents continue to strike down proposals to raise hotel and other taxes to increase funding for public departments. The San Diego Fire-Rescue Department is not likely to reach its response time goals of five minutes without the additional funding necessary to create 22 more fire stations and to hire new firefighters to man those stations. However, the city has installed Reverse 911, allowing police and fire officials to contact homeowners and urge them to evacuate before blazes reached their homes. Critics contend many of the emergency response improvements instituted by local governments did not cost the cities and towns any money, but to foster greater response improvements, additional funding is necessary. Officials indicate there are not enough ground and air resources to combat fires of this nature, and in Orange County, a fire consumed about 18,000 acres of land before aircraft arrived on the scene.
(go to web site)

"More Than 755,000 on US Terrorist Watch List"
Agence France Presse (10/24/07)

The U.S. terrorist watch list compiled by the Terrorist Screening Center now includes more than 755,000 names, which taking pseudonyms into account represent about 300,000 people "known or appropriately suspected to be or have been engaged in conduct constituting, in preparation for, in aid of or related to terrorism." The list has been used about 53,000 times to identify individuals for potential arrest or to prevent them from entering the United States. Prior to 9/11, the list contained less than 20 entries, which grew to more than 150,000 within a few months after the attacks.
(go to web site)

"Blasts Targeting Bhutto in Pakistan Were Carried Out by Two Suicide Bombers"
International Herald Tribune (10/22/07) ; Gall, Carlotta

Investigators in Karachi confirm that two suicide bombers were responsible for the Oct. 18 blasts at Benazir Bhutto's welcoming rally that left at least 140 dead and over 500 injured. Due to the gruesome nature of the attacks, police have not yet been able to identify the bombers, whose heads were found some distance from the blast sites. Officials add that both bombers may have carried up to 32 kilograms of C4 plastic explosives together, which would account for the high death toll, and say that this recent attack is the largest act of terrorism to occur in Pakistan in recent years. Government leaders are moving to temporarily prohibit political rallies for the upcoming parliamentary elections.
(go to web site)

"Bloomberg: Get Surveillance Cameras For Buses, Trains"
New York Daily News (10/03/07) ; Lucadamo, Kathleen; Donohue, Pete

New York City Mayor Michael Bloomberg called for the Metropolitan Transportation Authority (MTA) to install surveillance cameras on the city's buses and trains. Bloomberg commented on the cameras after returning from a trip to London, which has cameras on every subway car and bus. Those cameras helped police identify the bombers who killed 52 people in a 2005 attack on the subway and helped prevent another bombing that July. "You don't want to wait until 52 people are killed here and then say, 'Oh, now it's time to do it,'" said Bloomberg. "The trick is to learn by experiences, but it's other people's experience you'd like to learn by." MTA officials say that they are exploring the potential installation of cameras on subway cars and are running a pilot program with cameras on 400 buses. MTA also has recently installed new cameras in 70 subway stations, and has a contract with Lockheed Martin to install an additional 2,000 new cameras in the network. Bloomberg is also promoting his "Ring of Steel" proposal, which would include over 3,000 cameras, license plate scanners, and metal barriers in the lower Manhattan area.
(go to web site)

"TJX Data Breach May Involve 94 Million Credit Cards"
USA Today (10/25/07) P. 1B ; Swartz, Jon

At least 94 million Visa and MasterCard accounts--far more than previously assumed--could have been compromised by the TJX data breach, according to new court files that cite Visa and MasterCard security officials. The filings are part of a lawsuit filed against TJX and Fifth Third Bancorp by several banks and banking associations. Depositions estimate as much as $83 million in fraud-related losses of Visa cards, a figure that will increase as thieves keep exploiting data from exposed cards. In an Aug. 31 deposition, Visa USA executive Joseph Majka said the association notified card-issuing banks and other institutions about 65 million potentially compromised Visa accounts, while MasterCard security official Neil Maguire said in a Sept. 27 deposition that MasterCard believed "roughly 29 million" cards may have been exposed. TJX continues to stand by its original estimate that 45.7 million accounts were compromised, according to company representative Sherry Lang. She said three-quarters of those accounts had expired or the data was concealed at the time of the theft.
(go to web site)

"Day After Cyber 'Attack,' Rockies Sell Out All Series Games"
Associated Press (10/23/07)

A day after an "external, malicious attack" caused a computer-system crash, the Colorado Rockies' online ticket sales operations were back online Oct. 23. Computer security experts believe Paciolan Inc., the Calif.-based company facilitating the ticket sales, was inundated with false requests that tied up servers and forced the site to shut down on Oct. 22 after only 500 completed sales. Team spokesman Jay Alves said the remaining tickets were sold in 2 1/2 hours after the server was rebooted, and that all sales from the first day will still be honored. Dave Marcus of McAfee Avert Labs speculates that Paciolan could have been the target of a "denial-of-service" attack.
(go to web site)

"Small Business: Hackers' Low-Hanging Fruit"
Dark Reading (10/17/07) ; Wilson, Tim

Security experts say that online criminals are shifting their focus away from larger, well-protected companies in favor of small businesses with inferior security measures. A new Webroot report found that more than 75 percent of companies with fewer than 1,000 computers have an IT staff smaller than 10 employees, and 61 percent say they have never sought information on how to protect employee or customer data. "There's a lot of talk about initiatives like SOX and PCI in large companies and government organizations, but the reality is that a lot of small retailers still don't even know they are supposed to comply with PCI, much less how to do anything about it," says Webroot CEO Mike Irwin. "The small business is a completely different environment than the Fortune 2000, which is where you see a lot of these security initiatives and products that are in the news." Other researchers have found that small businesses are the recipients of an increasing amount of cybercrime attempts. MessageLabs reports that small and medium-sized businesses receive a disproportionate amount of spam, and Visa USA conducted a study that found many small retailers have a false sense of security and engage in several questionable security practices. Webroot suggests that it is a simple matter of resources. Small businesses lack the IT skills and technology to secure themselves from an attack, and education or increased staffing is unlikely to solve the problem. "Your local dry cleaning store is not going to hire an IT security staffer," says Irwin. "What's more likely is that a lot of these companies will begin to turn to third parties to give them the help and expertise they need."
(go to web site)

"CIOs Must Manage IT Risk as Business Risk"
RiskCenter (10/11/07) ; Pettey, Christy

A book by George Westerman and Richard Hunter entitled "IT Risk: Turning Business Threats into Competitive Advantage" focuses on how information technology (IT) vulnerabilities affect business performance. The authors identified four areas of IT vulnerabilities--whether a company's IT systems and business processes can function when faced with interruptions; whether the appropriate people have access to information and systems necessary for doing their jobs and access is blocked for the wrong people; whether a firm's IT systems offer prompt, accurate, and complete data that fulfills the needs of management, staff, customers, suppliers, and regulators; and whether an organization's IT system are responsive enough to accommodate major changes such as deploying a new product or service. “The most dangerous risks are the ones that are never considered, or considered too late,” Hunter asserts. “IT risk management is working the way it should when it is simply part of the way the company does business." Hunter also recommended that companies implement three things to successfully manage IT risk--create a strong foundation of IT assets, people, and supporting process controls; a carefully developed risk governance structure and process; and a risk-aware culture.
(go to web site)

Abstracts Copyright © 2007 Information, Inc. Bethesda, MD


  ASIS also offers a daily and a non-sponsored, special-content Professional Edition of
Security Newsbriefs. Please click to see a sample or to contact us for more information.

Unsubscribe | Change E-mail | Advertising Opportunities | Security Management Online | ASIS Online

No comments:

Post a Comment