| | 
"U.S. Diplomat is Slain in Khartoum"
Los Angeles Times (01/02/08) ; Puzzanghera, Jim A U.S. diplomat and his driver were shot and killed early Tuesday morning in Sudan. John Granville of the United States Agency for International Development was shot four or five times while being driven home in the Sudanese capital of Khartoum. Granville died later Tuesday at a hospital and his driver, a Sudanese national, died at the scene. According to Sudanese officials, Granville's car was cut off by another vehicle, then one or more shooters opened fire. Although a spokesman from Sudan's Foreign Ministry said that the attack was not politically motivated, State Department officials said they are working with Sudanese authorities to investigate the cause of the attack. In September 2007, the State Department warned U.S. citizens of the possibility of terrorist attacks in Sudan. The United States is pushing for the Sudanese government to resolve the situation in the country's Darfur region, where at least 200,000 people have been killed in a conflict between non-Arab rebels and the Muslim-run government. President Bush has tightened economic sanctions against Sudan, even though the State Department considers the country an ally in the war on terror. Granville was in the country to distribute radios to people in southern Sudan, in an effort to give the USAID's broadcasts a wider audience.
(go to web site) "Justice Dept. to Probe the CIA"
Los Angeles Times (01/03/08) P. A1 ; Schmitt, Richard B. Atty. Gen. Michael B. Mukasey announced Wednesday that assistant U.S. attorney in Connecticut John H. Durham was appointed to lead an investigation into the CIA's 2005 destruction of videotapes. CIA Director Michael V. Hayden admitted last month that CIA officials destroyed videotaped interrogations of two suspected al-Qaeda operatives. The tapes, which were made in 2002, were destroyed as Congress was investigating the agency's interrogation techniques. If it is determined that the videotapes were important to an ongoing congressional or judicial proceeding, CIA officials could be found guilty of obstruction of justice. Investigations of the CIA are usually led by the U.S. attorney for the Eastern District of Virginia, however that office removed itself from the case to avoid a conflict of interest. That office is currently involved in litigation by some detainees who claim that they were accused of crimes based on coerced information. John L. Helgerson, the CIA's inspector general, also announced Wednesday that he would not be involved in the investigation because he will most likely be called as a witness. The announcement of a full investigation comes after the Justice Department and Helgerson's office collaborated on a preliminary inquiry to determine if there may have been a criminal act committed. Mukasey did not discuss what evidence may have been uncovered during the preliminary investigation.
(go to web site) "Overseas Security Threats to U.S. Businesses Cited"
Los Angeles Times (12/28/07) A new report from the State Department's Overseas Security Advisory Council (OSAC) summarizes the top threats faced by U.S. companies in 2007. Two weeks of cyber-attacks in Europe, which overpowered government and corporate Web sites in April 2007, produced a new fear that U.S. businesses could be susceptible to similar attacks. In Asia, intellectual property theft and fraud grew exponentially, particularly in China and India. The report noted that much of the trouble stemmed from company insiders. According to the report, "OSAC advises that U.S. companies and other entities should take strong precautions against the insider threat, to safeguard communications systems, and for the safekeeping of sensitive data." The most worrisome trends in the Middle East and North Africa were Lebanon's ongoing political instability and terrorist attacks in Algeria. In addition, there has been a substantial rise in kidnappings in Nigeria that target employees of Western-owned oil corporations. Natural disasters and antagonistic governments beleaguered U.S. companies in Latin America. Todd Brown, the council's executive director, advised U.S. firms to take note of the emerging threats and to learn to defend themselves by taking proactive security measures, managing risks, and cultivating an internal culture of resiliency.
(go to web site) "Are You Going Gray?"
Chief Executive (12/07)No. 230, P. 30 ; Ferreira, John Leaks that divert real products into the "gray market" prevent manufacturers from receiving compensation according to the terms of the value chain partner contract. This form of piracy, therefore, cheats firms of profits, channel viability, brand integrity, and customer satisfaction. Gray market leakage is attributable to insufficient discipline over the end-to-end value chain. Network partners' poor financial health, manufacturer operating process, and business models are three causes triggering gray market leakage. The solution to restoring lost revenue is strengthening supply chain controls. Rather than depending litigation, experts recommend addressing product diverters. If global supply chains are poorly managed, they facilitate pirates' operations by letting members of an extended partner network evade pricing and policy rules. To diminish gray market leakage, managers must become familiar with how their supply chain partners operate and what market conditions they encounter. Enhanced process controls and investigative measures can constrict supply chain leaks for manufacturers. Overall, companies should develop a defensive global plan that hedges the distribution, currency, and logistics risks related to gray markets.
(go to web site) "Guarded Diplomacy"
Security Management (01/08) Vol. 52, No. 1, P. 57 Diplomatic and peacekeeping groups are sometimes the focus of violence, and although their facilities must have an attractive appearance, they also need to be strong enough to fend off attacks. It is crucial to include layers of protection in the building design so that any one area of failure will not be devastating. Smart cards are one way to protect facilities. Strong protection at the building's perimeter is also advantageous, as it helps keep out unwanted individuals and fights off possible attacks from explosive devices delivered by vehicles. A building's outside walls should be made from a highly-durable substance, such as reinforced cast-in-place concrete, and blast curtains can provide another layer of protection. Finally, the information-technology network that transmits information between alarms, sensors, and surveillance cameras needs to have self-healing and auto-rerouting network structures. Security systems that have been outfitted with built-in redundancy ensure that a system failure will not bring down the whole system.
(go to web site) 
"Turkish Car Bomb Suspects Arrested"
CNN (01/04/08) Turkish police arrested four suspects in Thursday's car bombing in Diyarbakir, which killed five people and wounded an estimated 68 others. At approximately 4:55 p.m., a car bomb was detonated remotely as a civilian bus carrying military personnel drove by. The blast damaged several nearby buildings and destroyed at least six cars. Diyarbakir chief prosecutor Durdu Kavak said that four of the five killed in the blast were identified as students. The city, the largest in southeastern Turkey, was last attacked in September 2006, when at least 10 people were killed in a bombing. Authorities believe that rebels from the Kurdistan Workers' Party (PKK) were behind Thursday's attack. The PKK, which is classified as a terrorist organization by the United States, has been launching attacks from bases across the border in Iraq. The group has been active for 20 years, fighting for an autonomous state for Kurds in Turkey. After Thursday's bombing, Turkish security officials seized over 140 pounds of explosives and hand grenades that were being transported on two minibuses in different parts of the country.
(go to web site) "Pakistan Turns to Britain for Help in Bhutto Inquiry"
New York Times (01/03/08) P. A12 ; Burns, John F. London's Metropolitan Police Service, also known as Scotland Yard, will assist Pakistani authorities in investigating the murder of Benazir Bhutto, whose cause of death is still under dispute by authorities. British authorities are apprehensive Scotland Yard will find any significant information as they lend technical support to the Pakistani officials in charge of the investigation. The inquiry is already compromised by several complications, since the crime scene was immediately hosed down by crews after explosives were detonated by a suicide bomber, and no autopsy was performed on Bhutto's body, per her family's request. British terrorism experts, who wish to remain anonymous, criticize Pakistani officials for waiting six days to ask for assistance from Scotland Yard and for changing their testimony on Bhutto's cause of death, which was likely from gunshot wounds to the chest, neck, and head, according to hospital statements. President Pervez Musharraf claims al-Qaeda is responsible for Bhutto's death, since she often lambasted the terrorist group as adversarial to Pakistan.
(go to web site) "Group Says U.S. Security Screening for Chinese High-tech Customers Flawed, Calls for Halt"
Associated Press (01/03/08) The Wisconsin Project on Nuclear Arms Control says the United States should suspend a new program to approve Chinese buyers of technology with possible military uses, claming that two of the five companies cleared so far pose a risk of weapons proliferation. The program launched in June lets prescreened civilian Chinese buyers purchase such products as aircraft engines without having to obtain a license for each deal. American officials said it would boost U.S. exports while denying Chinese military contractors access to technology that might speed weapons development. The Wisconsin Project said it found links between China's military and two companies granted the new preapproved status, Shanghai Hua Hong NEC Electronics Co. Ltd. and BHA Aerocomposite Parts Co. Ltd. Shanghai Hua Hong is partly owned by China Electronics Corp., which has another subsidiary described by the Pentagon as a procurement arm of China's military. The Wisconsin Project said there was a "clear risk" that CEC could obtain technology to improve its own radar or other military products, or shift U.S. goods to Iran or Syria.
(go to web site) "Terror's New Place of Entry"
Newsday (01/02/08) P. A15 ; DeStefano, Anthony M. Corruption among law enforcement officials and weak borders has made Paraguay a center for terrorist activity. Security experts believe that Ciudad del Este, the country's second-largest city, is a financial center for terrorist organizations and organized crime. The drug trade allows organizations to easily launder money, such as the $10 million per year that Hezbollah is believed to launder in Paraguay. Law enforcement officials also worry that Paraguay's porous borders with Brazil and Argentina provides terrorists with an easier route to enter the United States. Although the State Department does not think that al-Qaeda is operating in Paraguay, Hamas, Hezbollah, and Lashkar-e-Taiba are all believed to be engaged in criminal activity in the country. The United States recently sent a polygraph operator to Paraguay to test approximately 80 law enforcement officials who were interested in joining a special border control task force that would be funded by the U.S. The applicants spoke of widespread corruption in the customs department, with smugglers being warned of raids in advance by customs officials. The low wages paid to government officials is believed to be the main reason why corruption is so prevalent in Paraguay, however one expert said that higher salaries wouldn't immediately stop the problem. "They don't look at it as corruption," said the expert, who did not want to be identified. "It is part of the culture. Everybody takes a piece of the government income." Another expert recommends that the U.S. creates a network of informants within the customs department and border policy, which could help warn of pending terrorist activity.
(go to web site) "Passport Technology Draws Security, Privacy Concerns"
Wall Street Journal (01/02/08) Americans who frequently cross the U.S. border will be able to obtain passport cards that can be read at a distance, but are less secure than standard passports. The State Department approved technology on Dec. 31, 2007, that will allow travelers to scan their cards within one or two seconds at a distance of 20 feet. The cards will not contain sensitive personal information and will feature a protective sleeve that prohibits the cardholder from using it from afar. Travelers will experience less wait time at the border using the passport cards; however, critics fear the cards may be stolen and abused by terrorists or other criminals, who could utilize the "vicinity read" technology to cross the border without being stopped. State Department officials say the cards will contain privacy protections to protect travelers against possible theft.
(go to web site) "Fertilizer Law Seen as Weak on Security"
Los Angeles Times (12/31/07) P. A8 ; Vartabedian, Ralph Security experts say U.S. legislation to regulate a chemical favored by terrorists is still very liberal when compared against laws in other countries. Under the Secure Handling of Ammonium Nitrate Act of 2007, registration for purchasers of the chemical, licensing for ammonium nitrate facilities, and guidelines for what forms of ammonium nitrate will be regulated are mandated, but the law is not stringent enough for many critics because it allows lawmakers to determine the specifics of the measure at a later date. "The bill really does not guarantee anything for the security of the citizens of the United States," claims Bill Albright, a Defense Department consultant who spent his career at what is now known as the Bureau of Alcohol, Tobacco, Firearms and Explosives, or ATF. When compared to nations such as Israel, Britain, Germany and Saudi Arabia, some say the bill for the chemical, which was used in the 1998 U.S. embassy bombings in Tanzania and Kenya, has weaker controls and divides the jurisdiction over explosives between the ATF and the Department of Homeland Security.
(go to web site) "Anti-Terror Center Adds Crime Focus"
Chicago Tribune (12/28/07) ; Rozas, Angela Approximately 40 percent of state and federally funded "fusion centers" - created in many states after Sept. 11 as hubs for information on terrorist activity - also focus on "all-crime" issues, according to a report by the Congressional Research Service. Stations like Chicago's Crime Prevention Information Center (CPIC) gather intelligence from national, state, and local levels to deal with all criminal activity during lulls in threats of terrorism. Since many of the 58 fusion centers now cover a broad scope of intelligence, it is unclear whether or not the Department of Homeland Security will continue to support the centers as mediators and distributors of information. Having more than one fusion center in each state may also cause a conflict on interest and could be a drain on resources, critics say. Chicago's CPIC is one of two centers in Illinois staffed by various suburban departments, and it has so far received a lukewarm reception by city police officers, who say the CPIC may not be as effective as street cops in preventing local crime.
(go to web site) 
"Romania Home Base for EBay Scammers"
Los Angeles Times (12/26/07) P. C1 ; Wylie, Ian Ramnicu, Romania, is a global center of Internet and credit card fraud. Romanian police estimate that cyber-crime is now a multimillion-dollar national industry, as important to organized criminals in that nation as drug smuggling or human trafficking. The Internet Crime Complaint Center, a partnership between the FBI and the National White Collar Crime Center, ranks Romania fifth in its table of internet crime. But most experts agree that much of the cash being made on auction fraud reported as originating in the U.S., Canada, Britain, Spain or Italy is actually being picked up in those countries by Romanian money mules. An EBay fraud ring busted last year in Chicago, for example, has been traced to Pitesti, Romania. EBay, which doesn't even operate a site in Romania, won't talk dollar figures but acknowledges that the country is the No. 1 source of "professional fraud." On a November 2006 visit to the Romanian capital, Bucharest, FBI Director Robert Mueller said the vast majority of Internet fraud committed on "one prominent U.S. online auction website is connected to Romania or Romanians." A classic Romanian scam is the "second chance auction." The mark: an EBay user who has narrowly lost an auction. The scammers can see that the user was prepared to spend, say, $145 on a particular item. They will then try to guess the user's e-mail address so that they can make contact off the EBay platform to offer a second chance to buy the item. Users commonly have the same e-mail address as their EBay user name, so the scammers may send out 50 e-mail messages using an EBay user name and the most common domain names such as Gmail, Hotmail and Yahoo. The Romanian scammers then cook up elaborate stories to persuade their victims to send money via unrecoverable methods such as Western Union -- even instructing people not to tell Western Union the payment is for an EBay transaction, claiming Western Union will charge them an EBay surcharge of 10% (it doesn't), and instead to say they're sending money to their Romanian cousin. "The fraudsters need to know we're coming after them," said Rob Chesnut, Spasova's boss and a former federal prosecutor who set up EBay's Trust and Safety division." To give the Romanian police a fighting chance, EBay has donated computers, digital cameras and Internet connections. Romania has taught EBay a lesson: the importance of "addressing a problem region before we have a problem," said Matt Henley, senior manager of EBay's Technical Investigations and Analysis Group, who has spent time with Spasova in Romania. Henley says EBay is now alert to threats from "regions we weren't paying attention to" and, thanks to Romania, has a ready-to-deploy government-relations-in-a-box program it can take anywhere in the world.
(go to web site) "Build a Usable Security Plan"
Processor (12/28/07) Vol. 29, No. 52, ; Rudich, Joe The best defense against corporate network intrusions is a Security Incident Management Plan (SIMP). An effective SIMP will offer several advantages to the security team, including coordination of their measures during the most important moments. Implementing a documented guideline guarantees the correct steps are followed. In addition, the SIMP is a guide for management. Another objective of SIMP is communication, which should entail keeping crucial areas of a company up-to-date about a situation. Lastly, numerous vital security audits and assessments, including PCI, HIPAA, and Sarbox, mandate proof that a consistent procedure is employed to deal with security problems, something SIMP can help with. One of the initial steps in creating a SIMP is to define what incident means. The SIMP needs to define as well the individuals who will take part in incident response. A SIMP plan should also list general response procedures and division points.
(go to web site) "Microsoft Opens Up on Security Research"
InformationWeek (12/28/07) ; Gonsalves, Antone Microsoft's Security Vulnerability Research and Defense blog offers detailed technical information and ways security professionals can shield an organization from vulnerabilities. "During our vulnerability research, we discover a lot of interesting technical information," the company announced in the first posting. "We're going to share as much of that information as possible here because we believe that helping you understand vulnerabilities, workarounds, and mitigations will help you more effectively secure your organization." Microsoft noted that information is uncovered during technical probes of security issues that is not posted in official security updates but should still be shared. Such information will include, for instance, scenarios or attack vectors where workarounds may not be totally effective, and workarounds that are specific to a particular attack or that are so "super complicated" that they cannot be recommended to all clients. Microsoft added that it would supply details concerning mitigations that might not be present in all cases, best-practices-type guidance that is relevant to a specific vulnerability, and "interesting facts" about a bug Microsoft is repairing that will help customers learn more about Windows, the security infrastructure, or how Microsoft performs investigations. Debugging methods and information on how to triage security vulnerabilities will also be disclosed, along with some of the challenges the company contends with when patching specific security bugs.
(go to web site) Abstracts Copyright © 2008 Information, Inc. Bethesda, MD |
No comments:
Post a Comment