Search This Blog

Friday, April 24, 2009

Security Management Weekly - April 24, 2009

header

  Learn more! ->   sm professional  

April 24, 2009
 
 
CORPORATE SECURITY  
  1. " Donors Pledge High for Somalia" Brussels Conference Raises More Than $250 Million to Restore Order in East African Nation
  2. " Recession Fuels Worries of U.S. Workplace Violence"
  3. " Somali Charged With Piracy in Attack on U.S. Ship" New York
  4. " The Work Place -- Anti-Bullying Legislation Pending" Illinois
  5. " Lab Says Drug Use Up Slightly in Hawaii Workplace"

HOMELAND SECURITY  
  6. " U.S. to Release Photos From Other Probes in Afghanistan, Iraq"
  7. " Commission on CIA Tactics Unlikely"
  8. " Harsh Methods Approved as Early as Summer 2002"
  9. " Obama Open to Prosecuting Bush Officials"
  10. " Classified Data on Marine One Leaked, Found on Iranian Computer"

CYBER SECURITY  
  11. " Hackers Scan NYPD Computers 70,000 Times A Day"
  12. " Cloud Computing a 'Security Nightmare,' Says Cisco CEO"
  13. " No Quick Cybersecurity Fix Seen" Hathaway Tells RSA Conference Administration Will Not be Able to Address Cybersecurity Issues Quickly or Easily
  14. " Computer Spies Breach Fighter-Jet Project"
  15. " Botnet 'Ensnares Government PCs'"


   






 

"Donors Pledge High for Somalia"
Wall Street Journal (04/23/09) ; Miller, John W.

An international donors conference in Brussels raised more than $250 million to help restore order in Somalia, which has not had an effective central government since 1991. Although officials did not say exactly how the money will be spent, they did say that the funds will help boost the size of the African Union's peacekeeping force--which has been the main entity responsible for security in Somalia--from 4,350 to 8,000. In addition, the funds will be used to increase the size of Somalia's police force to 16,000 men. Somalia could also use the money to create a coast guard. Although the stated goal of the conference was to discuss ways to restore order to Somalia, the delegates who attended the meeting said they were primarily focused on piracy and its root causes. Over the past two years, more than 150 ships have been hijacked off the coast of Somalia, which has resulted in higher insurance rates for freighters and has forced some ships to avoid the area altogether. Delegates at the conference agreed that more needs to be done to help Somali President Sheikh Sharif Sheik Ahmed restore the rule of law in the coastal towns that pirates are using for their ground bases.
(go to web site)

"Recession Fuels Worries of U.S. Workplace Violence"
Reuters (UK) (04/22/09)

Employees at a variety of firms have become increasingly worried about workplace violence, their fears driven by job losses, job uncertainty, and news stories of violent events in other companies. Workplace violence, experts say, can range from harassment to homicides. Laurence Miller, author of "From Difficult to Disturbed: Understanding and Managing Dysfunctional Employees," said that violent employees are usually people who have been problematic in the past. He added that they usually reveal their intentions to commit violent acts beforehand. From 1997 to 2007, there were more than 7,000 occupational homicides nationwide, and over 1,000 of them involved work associates, according to the most recent available data available from the U.S. Bureau of Labor Statistics. Although it remains unclear whether the current recession has resulted in an increase in violence, employees' fears about workplace shootings and other types of incidents are warranted, said Joel Shults, head of public safety at Adams State College in Alamosa, Colo. However, he noted that this heightened level fear and pressure in the work environment can actually increase the likelihood of someone "snapping" and going on a violent rampage.
(go to web site)

"Somali Charged With Piracy in Attack on U.S. Ship"
Washington Post (04/22/09) ; Shulman, Robin

The only survivor from the group of four Somali pirates who hijacked the U.S.-flagged cargo ship Maersk Alabama and held its captain hostage for five days was charged with piracy in a New York federal court on April 21. The pirate, Abduwali Abdukhadir Muse, also faces four lesser charges, including conspiracy and brandishing and firing a gun during a conspiracy. He could face life in prison if convicted. Also on Tuesday, federal magistrate Judge Andrew J. Peck announced that Muse could be tried as an adult despite some initial confusion about his age. The government maintains that Muse is 18, though this court-appointed lawyers say he is 15. During a conference call with the court, Muse's father backed up the lawyers' assertion that his son was just 15, though Peck said the father was not credible because he was inconsistent and did not know the exact birth dates of his other children. It may be impossible to find any records of Muse's birth due to the ongoing chaos in Somalia.
(go to web site)

"The Work Place -- Anti-Bullying Legislation Pending"
Daily Journal (IL) (04/21/09) ; Graham, Hayley

Illinois is one of 15 states that are considering legislation that would address the problem of workplace bullying. Under the Illinois bill, a task force would be created on workplace bullying that would study the problem and the effects it has on the private sector. The bill, which was introduced in March, comes on the heels of another piece of legislation known as the Abusive Work Environment Act, which would protect public employees who speak out about workplace abuse. The bill would also protect employers who try to prevent or address abusive situations. However, the bill died on the House floor in early April after it was sent to the Rules Committee for review. The new bill is being criticized by some in Illinois who fear that it would hurt small businesses and would be abused by employees trying to deflect legitimate criticism of their job performance. Supporters, however, say the bill is necessary to prevent employees from suffering the consequences of abusive work environments.
(go to web site)

"Lab Says Drug Use Up Slightly in Hawaii Workplace"
Pacific Business News (04/20/09)

A study by Diagnostic Laboratory Services, which conducts pre-employment and random drug testing for roughly 800 businesses in Hawaii, has found that drug use among employees in the state rose slightly in the first quarter of the year. Of the roughly 10,000 employees or potential employees Diagnostic Laboratory Services tested between January and March, 230, or 2.3 percent, tested positive for marijuana, while 90, or 0.9 percent, tested positive for crystal meth. Another 40 employees, or 0.4 percent of those tested, tested positive for cocaine. All the numbers were up slightly from the fourth quarter of 2008. Opiate use, meanwhile, was down from 0.5 percent in the fourth quarter to 0.3 percent in the first quarter. Although the number of employees using some drugs was up from the fourth quarter to the first quarter of this year, the number of employees testing positive for these drugs was actually down on a year-over-year basis, said Carl Linden, Diagnostic Laboratory Services' scientific director of toxicology.
(go to web site)

"U.S. to Release Photos From Other Probes in Afghanistan, Iraq"
Seattle Times (04/24/09) ; Wallsten, Peter; Miller, Greg

The Obama administration announced Thursday that it would release dozens of photos showing the alleged abuse of prisoners by military personnel at detention facilities in Iraq and Afghanistan between 2001 and 2006. Some of the pictures, which are scheduled to be released by May 28, are said to show military personnel intimidating or threatening prisoners by pointing weapons at them. According to Amrit Singh, a lawyer for the American Civil Liberties Union, the release of the pictures will provide visual proof that the Bush administration's claim that the abuse of prisoners only took place at the Abu Ghraib prison in Iraq was false. Meanwhile, Defense Secretary Robert Gates has said that he is concerned that the release of the photos could inflame anti-American sentiment in the Middle East. The release of the photos could also put more pressure on President Obama to investigate the Bush administration's anti-terrorism practices--something that he has so far refused to do.
(go to web site)

"Commission on CIA Tactics Unlikely"
Wall Street Journal (04/24/09) ; Bendavid, Naftali; Weisman, Jonathan

Senate Majority Leader Harry Reid (D-Nev.) said Thursday that he opposes the creation of an independent commission to investigate the controversial interrogation techniques used by the CIA, at least until the Senate Intelligence Committee completes its inquiry. "I think it would be very unwise, from my perspective, to start having commissions, boards, tribunals, until we find out what the facts are," Reid said. "I don't know a better way of getting the facts than through the Intelligence Committee." Reid's decision likely means that an independent commission will not be created to investigate the CIA's interrogation techniques, which some have described as torture. However, that does not mean that the interrogations issue will go away anytime soon. Rep. John Conyers (D-Mich.), the chairman of the House Judiciary Committee, has called for hearings into the interrogation methods. Meanwhile, Attorney General Eric Holder has promised to enforce the law with regard to the use of the interrogation techniques, but has said that he "will not permit the criminalization of policy differences" and will not prosecute rank-and-file intelligence officers for their involvement in the interrogations.
(go to web site)

"Harsh Methods Approved as Early as Summer 2002"
Washington Post (04/23/09) ; Smith, R. Jeffrey; Finn, Peter

A chronology prepared by the U.S. Senate intelligence committee and declassified by Attorney General Eric Holder shows that top officials in the Bush administration approved the use of interrogation methods some have called torture--including waterboarding--at the CIA's secret prisons as early as the summer of 2002. The timeline shows that former National Security Adviser Condoleezza Rice and four other Bush administration officials were first briefed on the techniques in May 2002. Two months later, Rice met with former CIA Director George J. Tenet and advised him that the CIA could begin "its proposed interrogation" of the terrorist suspect Abu Zubaida, pending approval by the Justice Department. In July 2003, Vice President Dick Cheney, Attorney General John Ashcroft, White House counsel Alberto R. Gonzales, and National Security Council legal adviser John B. Bellinger III along with Rice were briefed by the CIA on the use of waterboarding and other interrogation methods, and were told that the interrogation program was legal and "reflected administration policy." The timeline also shows that Secretary of State Colin Powell and Defense Secretary Donald Rumsfeld were briefed on the use of the interrogation techniques, though not until September 2003. A former White House official involved in the deliberations over the use of interrogation techniques such as waterboarding blasted the timeline, calling it "misleading and incomplete" and not reflective of the "NSC [National Security Council] review process or the information presented to the NSC." Other Bush administration officials were either unavailable or refused to comment on the timeline.
(go to web site)

"Obama Open to Prosecuting Bush Officials"
Washington Post (04/22/09) ; Fletcher, Michael A.; Bacon, Perry Jr.

In his remarks to reporters at the White House on April 21, President Obama discussed the possibility of prosecuting those involved in the use of harsh interrogation techniques on terrorism suspects during the Bush administration. Obama reiterated that he opposed holding the CIA interrogators who used the interrogation techniques legally accountable, though he said White House officials who formulated the legal foundation for the use of the techniques could be prosecuted. He added that it will be up to Attorney General Eric Holder to decide whether those officials broke the law. The remarks mark the first time the president has raised the possibility that Bush administration officials could be prosecuted for authorizing the use of harsh interrogation techniques. Obama also discussed the possibility of congressional investigations into the use of the interrogation techniques. He said that if Congress wants to investigate the interrogation practices, it should do so through an independent commission rather than a congressional panel, since a congressional panel would be more likely to split along party lines and would be less likely to produce constructive results.
(go to web site)

"Classified Data on Marine One Leaked, Found on Iranian Computer"
CSO Magazine (04/09) Vol. 8, No. 3, P. 19 ; Vijayan, Jaikumar

The Cranberry Township, Pa.-based peer-to-peer monitoring services provider Tiversa has discovered classified information about Marine One on a computer in Tehran. According to Tiversa Chief Operating Officer Chris Gormley, the information was stored in a publicly-available shared folder on a computer with an IP address belonging to an Iranian "information concentrator," which is someone who searches peer-to-peer networks for sensitive information. Tiversa said that the information--which includes data about the communications, navigation, and management electronics on Marine One--appears to have been leaked from a computer belonging to a Bethesda, Md.-based defense contractor sometime last summer. Although the leak took place nearly a year ago, the information is still available on peer-to-peer networks to anyone who knows how to look for it, Gormley said. He added that a recent search conducted by Tiversa also found that other documents with classified and sensitive military information had been leaked over peer-to-peer networks. Gormley refused to disclose what those other documents were.
(go to web site)

"Hackers Scan NYPD Computers 70,000 Times A Day"
Newsday (04/23/09)

New York Police Department computers are scanned at least 70,000 times a day by cybercriminals, according to a senior state official. In remarks to the Council on Foreign Relations, state commissioner Raymond Kelly confirmed that cybercrooks from all over the world routinely scan the department's computer networks in the hopes of gaining unauthorized entry. "It's a threat we must continue to pay close attention to every day," said Kelly, who believes hackers' interest in the networks peaked in the wake of 9/11. The attacks on NYPD computers are not unlike the breach of a high-tech jet fighter program developed for the Pentagon. Kelly said all attempts have been unsuccessful because of a special firewall protection system the department has installed in stealth over the last few years.
(go to web site)

"Cloud Computing a 'Security Nightmare,' Says Cisco CEO"
IDG News Service (04/23/09) ; McMillan, Robert

Cisco Systems Chairman and CEO John Chambers, the largest would-be proponent of cloud computing, admitted April 22 that the computing sector's push to market pay-as-you-go cloud services on the Internet was "a security nightmare." Addressing attendees at the annual RSA security conference, Chambers, the keynote speaker, said cloud computing would become the norm only after a system-wide revolution in network security. The "traditional ways" of securing a corporate data center cannot handle the volume loads promised by cloud services, he added. Although many experts agreed with Chambers' assessment, others remained skeptical of the overall benefits of cloud computing. Kodak CIO Bruce Jones stated that cloud computing could work during a pilot project, but believed it is more affordable to buy hardware for long-term solutions.
(go to web site)

"No Quick Cybersecurity Fix Seen"
Reuters (04/22/09) ; Lawsky, David

Melissa Hathaway, the intelligence expert who recently prepared a study on cybersecurity for President Obama, told private security experts at the recent RSA Conference that the threat of attacks on the nation's computer networks will not be addressed quickly or easily--no matter what approach the new administration takes to securing U.S. IT networks. Hathaway said that cybercriminals have already used the Internet to steal large sums of money, while cyberspies have been able to gain access to sensitive military information. "These and other risks have the potential to undermine our confidence in the information systems that underlie our economic and national security interests," she said. Hathaway previously served as cyber-coordination executive under Mike McConnell, former President George W. Bush's director of national intelligence. During her tenure in the Bush administration, Hathaway and others uncovered a number of cybersecurity vulnerabilities, including the large number of access points between federal agencies and external computer networks. Hathaway noted in October that the number of such access points had been reduced from 3,500 to 1,000, and will eventually be reduced to less than 100.
(go to web site)

"Computer Spies Breach Fighter-Jet Project"
Wall Street Journal (04/21/09) ; Gorman, Siobhan; Cole, August; Dreazen, Yochi

Several current and former government officials have revealed that cyber spies have repeatedly broken into the Pentagon's $300 billion Joint Strike Fighter project, a plane that is being built by several of the nation's defense contractors. According to the officials, the cyber spies were able to take advantage of vulnerabilities in the networks of two or three of those contractors beginning in 2007 to compromise the system that is responsible for diagnosing the plane's maintenance problems during flight. The officials added that the breaches, which lasted at least into 2008, seemed to be an attempt to steal data about the design of the plane, its performance statistics, and its electronic systems. However, the breaches did not result in the compromise of the plane's most vital systems, such as flight controls and sensors, because those systems are physically isolated from the Internet. Nevertheless, some are concerned that the theft of the data could make it easier for whoever has the information to build planes that can defend against the craft. Investigators believe the attack originated from a Chinese IP address, though the attackers may have actually been located somewhere else since it is easy to mask identities online. Chinese officials have denied any involvement in the attack, and say that any allegations of cyber espionage are "intentionally fabricated to fan up China threat sensations."
(go to web site)

"Botnet 'Ensnares Government PCs'"
BBC News (04/21/09) ; Waters, Darren

Finjan has found that a gang of cybercriminals in the Ukraine is controlling a botnet consisting of nearly 2 million PCs around the world. Among the PCs that are part of the botnet are machines owned by more than 70 different governmental agencies around the world, including government agencies in the United States. According to Finjan, about half of the machines that had been taken over by the botnet were located in the United States. About 114,000 of the compromised machines were owned by 52 different organizations in Britain, including the BBC and a variety of government agencies. It remains unclear which British government agencies were affected or what the infected machines were instructed to do. However, officials do know that the hackers were able to gain control over the machines by taking advantage of security vulnerabilities in Microsoft's Internet Explorer and Mozilla's Firefox Web browsers. Officials also say the hackers were selling access to the machines in an online forum in Russia.
(go to web site)

Abstracts Copyright © 2009 Information, Inc. Bethesda, MD


  ASIS also offers a daily and a non-sponsored, special-content Professional Edition of
Security Newsbriefs. Please click to see a sample or to contact us for more information.

Unsubscribe | Change E-mail | Advertising Opportunities | Security Management Online | ASIS Online

No comments: