| Chief: Yale Slaying an Instance of 'Workplace Violence' CNN International (09/18/09) Although the motive in the homicide of Yale graduate student Annie Le remains unclear, the murder was likely the result of "workplace violence," not a domestic incident, New Haven Police Chief James Lewis said on September 17. Lewis' comments came after police arrested 24-year-old Raymond J. Clark III for allegedly strangling Le and stuffing her body in the wall of an off-campus research building where the two worked. Lewis said previously that Clark and Le passed each other in the hallway of the building, but would not say whether they knew each other. Meanwhile, Yale University President Richard Levin issued a statement saying that he and the school's administration are "relieved" by the news of Clark's arrest, but warned against rushing to judgment in the case. Levin also noted that Clark had nothing in his employment history at the university that would suggest that he could possibly be involved in such a crime. US Targets Smugglers at Puerto Rico Airport Associated Press (09/15/09) Melia, Mike Agents from the U.S. Drug Enforcement Administration and the FBI on Tuesday arrested 22 members of an alleged smuggling ring that brought more than $19 million in cocaine from Puerto Rico's main airport onboard flights to several destinations on the U.S. mainland, including Miami, Orlando, and New Jersey. Among the members of the ring were nine American Airlines employees who were part of the ground crew at the airport in Puerto Rico. Authorities say their ringleader, former part-time American Airlines cargo employee Wilfredo Rodriguez Rosado, recruited others to help pack suitcases with cocaine and deliver them to the airport on pre-loaded airline cargo containers. A member of the drug ring would then pick up the suitcases at the airports on the U.S. airports, authorities say. Rodriguez, who surrendered to authorities at a federal courthouse on Tuesday afternoon, and the other defendants face a number of charges, including conspiracy and aiding and abetting one another with intent to distribute cocaine. They could be forced to pay fines and spend the rest of their lives in prison if they are convicted. Small Businesses Urged to Prepare for Disruptions From Swine Flu Washington Post (09/15/09) Haynes, V. Dion The Department of Homeland Security on Monday urged small businesses to take steps to prepare for a possible outbreak of swine flu this fall. For instance, DHS said small businesses should develop contingency plans that will allow them to continue operating in the event that a number of their employees become infected with the swine flu. Those plans should help small businesses plan for a worst-case scenario of a large number of workers suffering from severe cases of the disease. The plans should also address how small businesses should handle the duties of vital employees who are out sick. The Department of Homeland Security's recommendation that small businesses should prepare for a swine flu outbreak comes as many small-business owners say they have not yet thought about a plan for dealing with the H1N1 virus. Other small-business owners, particularly those whose employees have to work on-site, say that having such plans may not do any good, since their businesses would be severely impacted if a large number of employees came down with the swine flu. Former Informer Pleads Guilty Washington Post (09/12/09) P. A13; Lavoie, Denise Former government informer turned computer hacking mastermind Albert Gonzalez has pleaded guilty to orchestrating one of the biggest cases of identity theft in U.S. history as part of a deal with prosecutors that could draw a maximum prison sentence of 25 years. Gonzalez acknowledged his culpability in breaching the data networks of retailers that included TJX, Barnes & Noble, and Sports Authority, which resulted in the theft of tens of millions of credit and debit card numbers, according to federal authorities. The hacker pled guilty to 19 counts of conspiracy, computer fraud, wire fraud, access device fraud, and aggravated identity theft. Gonzalez was arrested six years ago for hacking but was not charged because he turned informant for the Secret Service. But even as an informant he continued his unlawful activities, breaking into the computer systems of Fortune 500 companies. Authorities identified Gonzalez as the head of a group of hackers that targeted large merchants. Acting U.S. attorney for Massachusetts Michael Loucks says the probe and prosecution of ID theft is a leading priority for the Department of Justice. "In the past 10 years, there has been a dramatic growth in the transfer and storage of credit and debit card data on computer networks," he notes. Hotels Become a Favorite Target for Terrorists Security Management (09/09) Harwood, Matthew A recent report by private intelligence firm, STRATFOR, has found that there have been 62 attacks in the eight years since 9/11 terrorist attacks on foreign hotels catering to Westerners in 20 different countries. That figure represents a significant increase compared to the eight years before 9/11, which say just 30 attacks in 15 countries. STRATFOR has identified two primary reasons behind this increase. First, many countries have stepped up security surrounding government installations and critical infrastructure; and second, because more and more jihadists come from local groups without the resources to strike government targets. These changes have forced terrorist groups to look for "softer" targets, and hotels appear to be the best choice because they have fixed locations and daily business activity that make pre-operative surveillance easy. Hotels are also often reluctant to impose stricter security measure to avoid inconveniencing customers. Additionally, hotels provide ideal ideological targets because they are full of jihadist's primary targets: Westerners and wealthy locals. In order to avoid remaining such ideal targets, STRATFOR recommends hotels conduct vulnerability assessments to determine their weaknesses. They also recommend that hotels in high-risk areas consider increasing the standoff distance between the hotel and vehicular traffic to prevent the vehicle-mounted improvised explosive devices often favored in hotel attacks and improve their static security surveillance around the property. Sources: NY Transportation Hub Likely Target of Terror Plot CNN (09/18/09) Sources who are familiar with the investigation into the terror plot that emerged following raids on three apartments in New York City earlier this week say that those involved in the plot may have been planning to attack a major transportation center, such as a large railroad or subway station. According to the sources, those involved in the plot engaged in planning and preparation for an attack on a transportation center in the New York City area that has lax security and is used by a large number of people. Other officials say the alleged terrorists were planning an attack similar to the 2004 train bombings in Madrid, since backpacks were found in the raids on the New York City apartments. Those raids also uncovered bomb instructions, computers, and maps, a former counterterrorism officials said. In addition, field tests that were conducted to uncover the presence of explosives in the apartments were positive. However, such tests often yield false positives. Meanwhile, the lawyer for the man at the center of the investigation, 24-year-old Najibullah Zazi of Aurora, Colo., said no bomb making instructions were found on his client's computer. The lawyer noted that if such evidence had been found on Zazi's computer, the FBI would not have released him on Wednesday night. Panel: Electrical Grid Vulnerable to Terrorist Attack USA Today (09/18/09) An expert panel that Congress created to study the possibility of a terrorist attack that could knock out power from major cities for weeks warns that terrorists or enemy states could now wage that exact type of attack. The Federal Energy Regulatory Commission is seeking congressional authority to require power companies to take protective steps, which could include building metal shields around sensitive computer equipment. The panel says such an attack would halt banking, transportation, food, water, and emergency services and "might result in defeat of our military forces." "The consequences would be catastrophic," says Joseph McClelland, director of the energy commission's Office of Electric Reliability. "It would bring down the whole grid and cost between $1 trillion and $2 trillion" to repair, said Rep. Roscoe Bartlett (R-Md), adding that full recovery could take up to 10 years. The scenario involves a phenomenon called an "electromagnetic pulse," or EMP, which is essentially a huge energy wave strong enough to knock out systems that control electricity flow across the country. A nuclear explosion 25 to 250 miles above the Earth's surface would be high enough that the blast wouldn't damage buildings or spread a lethal radioactive cloud. Even so, at that height, the pulse would fan out hundreds of miles. Although any blackout can be restored quickly, an EMP could damage or destroy power systems, leaving them inoperable for months or longer. House Homeland Security Committee Chairman Bennie Thompson (D-Miss.), is promoting a bill to give the energy commission broad authority. Sea-Based Missiles to Target a Redefined Threat Wall Street Journal (09/18/09) P. A7; Dreazen, Yochi J.; Spiegel, Peter Although the Obama administration has decided not to move forward with construction on a large-scale missile defense system in Eastern Europe, it is still planning to deploy a system to protect U.S. allies in Europe and the Middle East from the potential threat from Iranian missiles. The system, which is scheduled to be deployed in 2011, will use sea-based SM-3 interceptor missiles, which are better able to counter shorter-range missiles than the missiles that would have been used in the Eastern Europe-based system. A more advanced version of the system to be deployed in 2015 will include both sea- and land-based defensive missiles. The change comes in the wake of new U.S. intelligence assessments that have shown that Tehran is developing short- and medium-range missiles more quickly than had been previously thought. Those assessments also show that Iran was having a difficult time building long-range ballistic missiles. The Obama administration's decision to dump the Eastern European-based missile defense system and deploy the SM-3 missiles instead has been criticized by some former Bush administration officials who say that although Iran may be having difficulties developing long-range missiles now, there is no reason to believe that they will not work diligently to overcome those problems in the future. Indonesia's Most Wanted Man Killed in Police Raid Reuters (09/17/09) Davies, Ed Authorities in Indonesia announced Thursday that Noordin Mohammad Top, the founder of a splinter group of the Southeast Asian militant network Jemaah Islamiah, has been killed in a police raid in Central Java. Also killed in the raid were three of Top's closest associates, police said. According to Sidney Jones, an expert on Islamic militants at the International Crisis Group, the death of Top--who is believed to have been the mastermind of the attacks on the Ritz-Carlton and Marriott hotels in Jakarta on July 17--represents a major blow to extremist groups in Indonesia and throughout Southeast Asia. However, he noted that the problem of terrorism will continue to persist in the region because there are a number of militants who are still at large who have the potential to replace Top as the head of his militant group. Annie Le's Death at Yale Puts Spotlight on Campus Security New York Daily News (09/15/09) Black, Rosemary Universities are expected to take a hard look at their security protocols following the murder of Yale student, Annie Le. Many campuses undertook a similar review of security measures after the Virginia Tech killings; and many now use video surveillance cameras; live cameras with around-the-clock monitoring; and official warning systems that convey safety alerts to students and staff instantly via email, text message, and Facebook. However, if Le's murder has taught security officials anything it is that a university can never completely guarantee the safety of all students. As William Schmitz, director of safety and security at the Pratt Institute, laments, "A college or university campus is a microcosm of our society. While campus safety and security departments are invested in and committed to safeguarding campuses and students to the fullest extent possible, unfortunately crimes may still occur." Microsoft Takes Aim at 'Mal-Ads' Wall Street Journal (09/18/09) P. B1; Wingfield, Nick Microsoft Corp. has filed five lawsuits in Washington state court against alleged suppliers of "malvertisements," online ads that fool users into downloading malicious software to their computers. The suits allege that the defendants used Microsoft's system for posting online ads to draw users to sites that claim to conduct security scans of their computers. After the security scans are conducted, the sites warn users that there are a number of security problems on their systems. The sites then try to convince users to download malware disguised as security software. According to filings, the anonymous defendants use the business names Direct Ad Solutions, Soft Solutions Inc., Qiweroqw.com, ITmeter Inc., and ote2008.info. Microsoft associate general counsel Tim Cranton said that the company does not yet know the names of the individuals responsible, though it hopes the lawsuits will uncover their identities. Spam, Malware Dominate Online User Comments, Websense Reports Network World (09/16/09) Messmer, Ellen An incredible 95 percent of all user-generated comments for blogs, chat rooms, and other online forums are spam or predatory, finds the latest Websense study on security attack trends. The Websense Security Labs "State of Internet Security Q1 -Q2 Study," which covers the first six months of 2009, also observes that the number of virus-laden Web sites for the period increased by more than 300 percent. Additionally, more than three in four compromised Web sites--77 percent--are said to be authentic sites that have been hacked. "The bad guys are finding new ways for disseminating malware," says Websense's Patrick Runald. "It's getting worse." Close to 50 percent of the 100 most popular sites, especially social-networking sites such as Facebook or YouTube enable user-generated input, which the report claims is an increasingly preferred way to spread malware and launch attacks. "On Facebook and other social-networking sites, there's an explicit sense of trust," Runald says. "That's why the bad guys are attempting to exploit it, with malware like Koobface, which could hijack your machine and send messages." Users Prefer Device Fingerprinting to Passwords InternetNews.com (09/15/09) Barrett, Larry A recent Ponemon Institute survey found that 70 percent of 551 respondents would be willing to have their computers authenticated by an online merchant before purchases are completed. Three-quarters of participants said they prefer computer authentication to entering user names and passwords or answering preselected questions, which is less convenient. "The responses were overwhelmingly positive and it's clear people are becoming more comfortable with technology that can authenticate their machines," says Ponemon Institute's Larry Ponemon. The study suggests that the market for device fingerprinting software and technology will soon open up as online retailers, online payment processors, and social networking sites adopt such products. The Ponemon survey also found that 78 percent of users believe e-tailers, banks, and social networks should use technology, such as a cookie or other invisible software, to shield consumers' identities. Meanwhile, 7 percent of e-merchants with more than $25 million in yearly sales are using device fingerprinting software and another 47 percent said they plan to deploy it by the end of the year, according to CyberSource. "What they've come to realize is that previous methods for authenticating credit card transactions and IDs are failing," says ThreatMetrix's Tom Grubb. "This technology identifies the device and gives you another tool to use with other security technologies and processes to secure all these transactions." Lieberman to Draft Cyber Bill The Hill (09/14/09) Hart, Kim Senators Joe Lieberman (I-Conn.) and Susan Collins (R-Maine) are looking into creating legislation that would boost government cybersecurity and may place new security standards on private companies. The senators told Department of Homeland Security (DHS) officials and financial-services representatives at a hearing that there is not enough private-public coordination to prevent cyberattacks. Lieberman said that hackers and other enemies could hijack the financial services or smart-grid networks. He added that he is concerned that private companies could be doing more to prevent this. Stronger encryption standards may be a possible solution, as well as federal funding to the financial industry for consumers and company education about preventing data and identity theft. Because coordinating with law enforcement agencies is becoming increasingly difficult for private companies, legislation may not address the biggest problems, according to Michael P. Merritt, assistant director of the Secret Service's Office of Investigations. Collins said that federal procurement standards may be updated, requiring private companies to incorporate better security into the technology systems sold to the government. Varying jurisdiction over cybercrime, such as the FBI, DHS, and state and local governments has also made it more confusing for small and medium-sized businesses to seek the quickest help. Senate Majority Leader Harry Reid (D-Nev.) has asked committee leaders with any jurisdiction over cybersecurity to consider drafting legislation to address security threats. Hounding the Hackers BusinessWeek (09/14/09) P. 30; Edwards, Cliff Computer hacking remains a growing problem worldwide, but the traditional method of building walls to keep the hackers out has not worked. Symantec is one of several security companies who are fighting hackers by recruiting security victims and other computer users to track them down instead. With the release of its new Norton Internet Security, Symantec has asked customers to allow a program that will collect data on attempted computer break-ins and then pass this information on to the authorities. On its Web site, Symantec will also post the FBI's top-10 computer hackers, and next year the company plans to offer cash bounties for information leading to an arrest. There are risks involved, however, such as hackers seeking revenge by damaging the computers or stealing the identities of novices who are attempting to track them down. Some security experts believe that computer hacking is best resisted by getting more people involved, rather than "from the top down," according to Assistant U.S. District Attorney Matthew A. Parrella. The Internet Crime Complaint Center reports that the number of hacking complaints increased 33 percent last year, to 275,284. Abstracts Copyright © 2009 Information, Inc. Bethesda, MD |
No comments:
Post a Comment