Search This Blog

Friday, July 24, 2009

Security Management Weekly - July 24, 2009

header

  Learn more! ->   sm professional  

July 24, 2009
 
 
Corporate Security

  1. "Police Corner Protesters at Seoul Car Plant"
  2. "U.S. Should Extend Insurers' Terrorism Backstop, Modeler Says"
  3. "Deutsche Bank Admits Possible Privacy Breaches"
  4. "Reports of Suicide in China Linked to Missing iPhone"
  5. "Jakarta Blasts Renew Security Fears" Experts Say Recent Attacks Underscore Growing Sophistication of Terrorists in Asia
Homeland Security

  1. "Ex-Director Took Cho File 'Inadvertently'"
  2. "U.S. Born Militant Who Fought for al Qaeda Is in Custody"
  3. "Extremist Ideas Survive Crackdown in Indonesia"
  4. "Homeland Security Chief Janet Napolitano Says U.S. Faces an Eventful Fall"
  5. "Police Investigate Islamist in Jakarta Bombing"
Cyber Security

  1. "RIM Warns Update Has Spyware" Company Says Wireless Carrier in UAE Recommended Upgrade That Could Allow Someone to Access Blackberries
  2. "Government Is Falling Behind on Cybersecurity, Report Finds" Cybersecurity Efforts Found to be Lagging Because Feds Have Not Hired Enough Well-Trained Cybersecurity Experts
  3. "Adobe Confirms Flash Zero-Day Bug in PDF Docs"
  4. "Lawmakers: Electric Utilities Ignore Cyber Warnings"
  5. "Olympics-Cyber Attack Seen as Emerging Threat for London 2012"

   

 
 
 

 


Police Corner Protesters at Seoul Car Plant
Wall Street Journal (07/24/09) Ramstad, Evan

Riot police in Seoul, South Korea, say they will try to wait out a group of fired workers who took control of part of a Ssangyong Motor Co. factory complex, in hopes of avoiding a violent end to a seven-week standoff at a company hit hard by the global recession. About 500 workers and 200 sympathizers remained holed up with makeshift weapons in the South Korean auto maker's painting facility after police earlier this week drove them from the main factory. Police are getting closer to the shop, taking over facilities one by one from the resisting union members. They approached to within 50 meters of the building, with dozens of policemen and protesters injured during the clashes. The fired workers took over the complex in suburban Seoul on May 31 and shut down production, demanding their jobs be given back. The labor unrest at Ssangyong stands out in a time when the government has persuaded many companies and unions to avoid confrontation during the economic downturn.


U.S. Should Extend Insurers' Terrorism Backstop, Modeler Says
Bloomberg (07/24/09) Huang, Tian

The insurance industry is criticizing the Obama Administration's decision to cut the subsidy under the Terrorism Risk Insurance Act--the law that calls on the government to repay insurers in the event of a terrorist attack--in its 2010 budget. Among those who have criticized the cut to the subsidy is Peter Ulrich, the senior vice president at Risk Management Solutions. In his remarks at his company's "Quantifying Terrorism Risk Under the Obama Administration" conference in New York on July 23, Ulrich said the cut will likely result in higher levels of volatility in the insurance market. Meanwhile, Aon National Property Brokerage Managing Director Aaron Davis said 80 percent of terrorism-risk insurance providers will no longer offer the insurance if the subsidy is taken away.


Deutsche Bank Admits Possible Privacy Breaches
Telegraph.co.uk (07/23/09) Neate, Rupert

Germany's Deutsche Bank has admitted that "external service providers" retained by its corporate security division spied on a shareholder after its 2006 annual meeting. The company has also said that the external service providers were responsible for engaging in "questionable" surveillance of a supervisory board member and a journalist in 2001, a private individual in late 2006 and early 2007, and a management board member in mid-2007. However, the bank said that none of the current members of its management board had knowledge of or were involved in any activity "that raises legal issues." Meanwhile, prosecutors in Germany are considering whether to launch a criminal investigation into two of the incidents. Data protection authorities and German financial regulator BaFin are also looking into the incidents.


Reports of Suicide in China Linked to Missing iPhone
Wall Street Journal (07/22/09) Kane, Yukari Iwatani; Ye, Juliet

Several Chinese news outlets are reporting that an employee of Foxconn, Apple's Chinese manufacturer, committed suicide last week after being suspected of stealing a prototype for a new iPhone. Several of the reports also said that the employee, 25-year-old Sun Danyong, had been detained and beaten by a senior official in Foxconn's security department. There is speculation that the security official's treatment of Sun was the result of the pressure Apple puts on manufacturers such as Foxconn to keep details about its products a secret. Under the contracts it signs with its suppliers, Apple levies large financial penalties against companies that are found to have leaked sensitive information about its products. For its part, Apple has said that it requires all of its suppliers to treat their workers "with dignity and respect." The company also said that it is awaiting the results of the investigation into Sun's death. Meanwhile, Foxconn General Manager Li Jinming has apologized for what happened and has blamed the incident on a lack of management. He added that the security official who questioned Sun has been suspended and is being investigated by police.


Jakarta Blasts Renew Security Fears
Wall Street Journal (07/20/09) Wright, Tom

Security industry officials are expressing concern regarding the growing sophistication of terrorists in Asia in the wake of the bombing at Jakarta's JW Marriott and Ritz Carlton hotels on July 17. They also warn that suicide bombers may have been purposefully targeting a meeting of largely Western businessmen. The terrorists' success in smuggling bomb parts into the JW Marriott highlights their growing ability to beat tactics employed by security experts in recent years to keep them at bay. Because of past terrorist events in Indonesia, including bombings in Bali in 2002 that killed more than 200 people, major Jakarta hotels have some of the tightest security in the world, with airport-style metal detectors and heavily guarded driveways with roadblocks. However, the bombers appeared to have no trouble getting past those security measures, smuggling bomb parts into the hotel disguised as laptops. The ability to assemble bombs inside hotels is "definitely a step up in their tactics," says Paul Quaglia, an analyst in Bangkok at PSA Asia, a security consulting company that has done an audit for the Ritz Carlton in Jakarta. "It's definitely something that was well planned." Noke Kiroyan, an Indonesian citizen and former local chairman of mining company Rio Tinto PLC, was one of 19 executives breakfasting in a small lounge in the JW Marriott, which a local consulting group hires each Friday for its meetings. Kiroyan, who lost part of his right ear in the attack, believes that the bomber who hit the hotel would have chosen the main restaurant on the other side of the JW Marriott's lobby, where most guests were breakfasting and which was the target of a 2003 attack on the same hotel, if they had wanted to inflict the maximum number of casualties. "I think we were targeted," he said. Other Western executives in Jakarta repeated concerns over the possible targeting of business elites, which they said may lead foreign businesses to be more cautious about how they operate in Indonesia and possibly change expansion plans.




Ex-Director Took Cho File 'Inadvertently'
Roanoke Times (VA) (07/24/09) Moxley, Tonia; Sluss, Michael

In a statement released by his lawyer on Thursday, the former director of Virginia Tech's Cook Counseling Center--the facility where Virginia Tech shooter Seung-Hui Cho received treatment for his behavioral problems--revealed that he accidentally packed up Cho's mental records during his transition to a new job in 2006. According to the former director, Robert Miller, the documents pertaining to Cho and several other students were "inadvertently" packed with his personal documents as he was leaving the center, and were found while he was searching his home for documents that might have been relevant to the lawsuits filed by the families of two of the shooting victims against Virginia, Virginia Tech, the New River Valley Community Services Board, and Cho's estate. The documents have since been returned to the university and could eventually be made public. The discovery of the file's pertaining to Cho's treatment at the Cook Counseling Center has angered some of the victims' families, who say that it could be an indication that other information about the case has been improperly handled as well. But even though the records have been discovered and will soon be released, there will still be many unanswered questions about why Cho went on a shooting rampage that left 33 students and faculty dead, Virginia Gov. Tim Kaine said Thursday. "The motivation of this young man is something that will cause confusion and sadness forever," Kaine said. "There is never going to be an answer to this that will just wind it up and finish it.


U.S. Born Militant Who Fought for al Qaeda Is in Custody
Los Angeles Times (07/23/09) Rotella, Sebastian; Meyer, Josh

U.S. and European anti-terrorism officials say 26-year-old Bryan Neal Vinas, a Muslim convert from Long Island, N.Y., who was captured while fighting for al-Qaida in Pakistan last November, is cooperating with their investigation. Vinas, who is in custody in the U.S., pleaded guilty in January to several charges, including conspiracy to commit murder for firing rockets during an attack on a U.S. military base in Afghanistan and providing material support to a terrorist organization. Since then, he has provided a detailed account of his journey from Long Island to Pakistan, as well as testimony that will be used as evidence in the trials of three Belgians who have admitted to training with al-Qaida. Vinas has also been questioned by French investigators. Details about Vinas' case came to light on Wednesday after the indictment against him was unsealed. Vinas converted to Islam in 2007, and then traveled to Pakistan to study the religion and learn Arabic. While in Pakistan, Vinas met with al-Qaida chiefs and gave them information for a potential attack on the New York transit system and the Long Island Railroad. His story has sparked concern among authorities because it illustrates how easily Americans can travel to Pakistan to train with terrorists and return undetected.


Extremist Ideas Survive Crackdown in Indonesia
New York Times (07/23/09) Onishi, Norimitsu

The Indonesian government's crackdown on militant Islamic groups has been credited with stopping terrorist attacks in the country for the past four years after annual terrorist attacks earlier this decade. However, after the July 17 coordinated suicide bombings at the JW Marriott and Ritz-Carlton hotels in Jakarta, terrorism experts and some Indonesian officials are focusing on what they describe as weaknesses in Indonesia's antiterrorism campaign. Authorities have not had much success in uprooting the culture that breeds extremism, and have failed to aggressively check the radical clerics, Islamic schools, or publishing houses that allow extremists to recruit and raise money for their operations. Even moderate, politically powerful religious leaders, who are against violence, oppose any perceived government interference in their affairs. “The bombings should be a catalyst for Indonesia to develop a more comprehensive approach,” says Rohan Gunaratna, head of the International Center for Political Violence and Terrorism Research at Nanyang Technological University in Singapore. “They've been too focused on catching operators when they need to be tougher in actually preventing terrorism. They should take the boxing gloves off.” The police have still not arrested anyone in the attacks, which killed seven people, including six foreigners, and wounded 50 more.


Homeland Security Chief Janet Napolitano Says U.S. Faces an Eventful Fall
Monterey County Herald (CA) (07/22/09) Reynolds, Julia

Speaking in Monterey, Calif., at the opening of the Ninth Circuit Judicial Conference, an annual gathering of federal judges and court officials from the Western U.S., Homeland Security Secretary Janet Napolitano warned that "an increasing cascade" of cyber-terrorism attacks and a renewed flu pandemic could severely strain government institutions this fall. Napolitano noted attacks on computer systems are on the increase, posing a threat to institutions such as the courts that constantly deal with confidential files. "In my few months as the secretary of Homeland Security, I've seen an increasing cascade of attacks on systems in the United States. I've seen attacks into our own department," she said, adding that government agencies and the courts must develop "the institutional capacity to detect these things, repair them and keep on operating in this new cyber world." Meanwhile, a possible return of new forms of the flu virus to the U.S. this fall could mean widespread absenteeism that affects government, businesses, and schools. "We all need to be thinking through, how do we keep things going, how do we keep business happening with absentee rates that could be 10, 20 or 30 percent - maybe even 40 percent - at the height of the return of a flu pandemic? How will you operate the courts?" Napolitano said that while the next outbreaks are unlikely to reach levels of the devastating 1918 flu pandemic, the H1N1 virus could force school and business closures across the country. The virus is circulating through the Southern Hemisphere, she said, and is expected to make a strong comeback in the U.S. by early fall.


Police Investigate Islamist in Jakarta Bombing
Wall Street Journal (07/21/09) Wright, Tom

Police in Jakarta, Indonesia are searching for the identities of two suicide bombers who attacked hotels on July 17. They are believed to be investigating a 35-year-old alleged terrorist known as Nur Sahid who attended one of Indonesia's best-known Islamic schools in the 1990s. The coordinated attacks hit the city's JW Marriott and Ritz-Carlton hotels, killing nine people and injuring 53. Intelligence officials have already said they believe Noordin Mohamed Top, one of Southeast Asia's most-wanted terrorism suspects, masterminded the bombings, though police haven't formally identified him by name. Intelligence experts say Noordin was a superior to Sahid in Jemaah Islamiyah, a Southeast Asian affiliate of al Qaeda that carried out attacks against nightclubs, embassies and hotels in Indonesia in 2000 to 2005, killing almost 300 people. Police took DNA samples from the family of Sahid in a village in Central Java, a province on Indonesia's biggest island. Sahid graduated from the al Mukmin Islamic boarding school in a suburb of Solo in Central Java in 1995. Many of the school's alumni went on to become members of Jemaah Islamiyah. The latest attacks have rattled many Indonesians, who had grown accustomed to several years of stability after the run of terrorist attacks earlier in the decade.




RIM Warns Update Has Spyware
Wall Street Journal (07/23/09) Coker, Margaret

Research In Motion Ltd. says a BlackBerry software upgrade recommended by its wireless carrier in the United Arab Emirates actually contains surveillance software that could enable unauthorized access to the popular smart phone. "RIM did not develop this software application and RIM was not involved in any way in the testing, promotion or distribution of this software application," the Blackberry company says. Emirates Telecommunications Co., or Etisalat, appears to have distributed software from Milpitas, Calif.-based SS8 Networks Inc. The software can allow access to confidential information on a Blackberry without its owner's permission or knowledge. Etisalat is majority owned by the UAE government and operates in 18 countries. SS8 describes itself as offering surveillance software for intelligence, law enforcement and communications intercept for service providers like Etisalat. Daniel Hoffman, chief technology officer at SMobile Systems Inc., which makes security products for BlackBerry devices, says the software Etisalat distributed was designed to intercept email traffic and send data to two email addresses at Etisalat. "Mobile devices have been infected for years, and we encounter spyware every day, but we haven't seen it en masse before," Hoffman says. Spyware normally targets individuals or groups in business or government to collect data for financial or political reasons. "You want to be stealthy, and this seems more blatant," he says. This is the first instance of a carrier offering to upgrade BlackBerry software on its own, according to a person familiar with the matter. "This isn't a group of hackers, this is the operator that sent you a valid and authorized update," says Jacob Greenblatt, director of strategy at mobile-security firm Discretix Inc. "It's difficult to guard against this, because it's built into the capability of the device."


Government Is Falling Behind on Cybersecurity, Report Finds
Washington Post (07/23/09) P. A19; Davidson, Joe

A report released by the Partnership for Public Service and Booz Allen Hamilton has found that the U.S. federal government is falling behind in its efforts to protect its computer systems from a variety of threats because it does not employ enough well-trained cybersecurity experts. The report cited several reasons for the lack of well-trained cybersecurity experts, including the fact that there are not enough qualified applicants for federal cybersecurity positions. The report also faulted the government's fragmented and uncoordinated approach to cybersecurity, as well as its cumbersome hiring process. Finally, the report said the disconnect that exists between the needs and perceptions of front-line hiring managers and human resource managers has contributed to the lack of well-trained cybersecurity experts in the federal workforce. The report offers several suggestions for how to address this problem. For example, the report says the cybersecurity czar President Obama plans to appoint should develop a strategy for meeting the government's current and future cybersecurity needs. The lack of a person who coordinates cybersecurity workforce planning or decision-making has resulted in a large gap in planning and readiness. The report also called on the government to encourage more U.S. citizens to study math, science, and technology, and to expand scholarship programs for students in computer science and cybersecurity programs.


Adobe Confirms Flash Zero-Day Bug in PDF Docs
Computerworld (07/22/09) Keizer, Gregg

In an entry posted on its security blog on Tuesday, Adobe announced that it is investigating a zero-day vulnerability in Adobe Flash Player 9 and 10, as well as the most current versions of Adobe Reader and Acrobat. Adobe says the vulnerability exists in Flash content that is inserted into a PDF document. Meanwhile, VeriSign's iDefense has reported seeing the vulnerability being attacked. The security intelligence company said that it recently investigated a targeted attack that embedded the Flash vulnerability inside a PDF file. This is not the first issue Adobe has had with security in its Reader software this year. In May and June, the company released patches for 14 vulnerabilities in the software, including another zero-day bug. In March, Adobe patched several vulnerabilities that had been attacked by hackers since early January.


Lawmakers: Electric Utilities Ignore Cyber Warnings
Computerworld (07/21/09) Gross, Grant

U.S. Rep. Yvette Clarke (D-N.Y.), chair of the U.S. House Homeland Security Committee's Subcommittee on Emerging Threats, Cybersecurity, and Science, warned at a July 21 hearing that if the U.S. completely ignores the possibility of a cyber or electromagnetic pulse (EMP) attack against the electric grid, the possibility of an attack gets much higher. Clarke complains the electric utility industry has fought federal cybersecurity standards, noting some utilities have avoid industry self-regulatory efforts by declining to designate their facilities or equipment as critical assets that need special protection. "This effort seems to epitomize the head-in-the-sand mentality that seems to permeate broad sections of the electric industry," says Clarke. The panel heard from experts on threats to the U.S. electric grid to gain their perspectives on vulnerabilities of the electric sector prior to consideration of the Critical Electric Infrastructure Act. The bill would authorize the Federal Energy Regulatory Commission to issue emergency rules to protect the electric grid after a determination by the secretary of Homeland Security that the grid faces an imminent threat. The bill has the support of Republicans as well as Democrats on the Homeland Security Committee. Representatives of the electric industry said they've worked hard to improve cybersecurity. Steven Naumann, vice president of wholesale market development at Exelon, said the most important thing about preventing either a cyber or EMP attack is clear communication from the private sector to the public sector when there is a perceived threat. Part of the problem with cyberattacks is that the U.S. government doesn't share enough up-to-date information, Naumann added. "In general, the North American grid is well-protected against cyberattacks - at least those attacks that we know about," he said. "It's hard to protect against something you don't know."


Olympics-Cyber Attack Seen as Emerging Threat for London 2012
Reuters (07/21/09) Ormsby, Avril

Senior officials with Britain's Interior Ministry said Tuesday that the organizers of the London 2012 Olympics are preparing for the possibility of a cyberattack on the event. According to one of the officials, there is no current evidence of a threat of an attack on the 2012 Olympics, though the official pointed out that "it would not be beyond the point of imagination to imagine a terrorist threat to 2012 nearer the time," given the fact that terrorists have a history of attacking sporting events. The officials noted that $980 million has been allocated for security for the 2012 Olympics. Most of those funds will go towards protecting against a cyberattack, the officials said. However, one of the officials noted that preparing for a cyberattack on the 2012 Olympics will likely be difficult because it will be hard to predict what cybersecurity threats will look like three years from now.


Abstracts Copyright © 2009 Information, Inc. Bethesda, MD


  ASIS also offers a daily and a non-sponsored, special-content Professional Edition of
Security Newsbriefs. Please click to see a sample or to contact us for more information.

Unsubscribe | Change E-mail | Advertising Opportunities | Security Management Online | ASIS Online

No comments: