Friday, December 18, 2009

Security Management Weekly - December 18, 2009

header

  Learn more! ->   sm professional  

December 18, 2009
 
 
Corporate Security

  1. "Former Security Guard Pleads Guilty Over Bomb Threats at ITT" Roanoke, Va.
  2. "MasterCard Blinks, Drops Dec. 31 Level 2 PCI Deadline"
  3. "Mass. Supreme Court Throws Out Lawsuit Against BJs Over '04 Data Breach"
  4. "Apple Fires Back at Nokia in Patents Battle"
  5. "A Good Fit" Guard Booths
Homeland Security

  1. "Muslims Say F.B.I. Tactics Sow Anger and Fear"
  2. "Insurgents Hack U.S. Drones"
  3. "Congress Investigating Charges of 'Protection Racket' by Afghanistan Contractors"
  4. "Obama's Illinois Prison Plan Faces a High Wall: the GOP"
  5. "Nature of Evidence Could Complicate Prosecution of Five Americans in Pakistan"
Cyber Security

  1. "Twitter Hacked by 'Iranian Cyber Army'"
  2. "Adobe to Patch Zero-Day Reader, Acrobat Hole"
  3. "Botnet Operators Infecting Servers, Not Just PCs"
  4. "CAO Recommends Tighter Security Rules for House Laptops, Wireless Devices"
  5. "In Shift, U.S. Talks to Russia on Internet Security"

   

 
 
 

 


Former Security Guard Pleads Guilty Over Bomb Threats at ITT
Roanoke Times (VA) (12/18/09) Gangloff, Mike

Daniel Lee Hines, a former security guard at ITT Night Vision in Roanoke, Va., has pleaded guilty to writing a bomb threat on the defense contractor's bathroom wall. The threat stopped production, prompted and evacuation, and reportedly cost Night Vision $297,777.67. Hines could face up to five years in prison and a fine of $250,000 in addition to any restitution he might be ordered to pay the company for conveying false information about a bomb. Because he pled guilty, however, prosecutors have agreed to recommend a sentence at the low end of federal guidelines, which will likely include six months of incarceration. According to prosecutors, Hines made the false threats because a co-worker received a promotion instead of him. ITT brought in private investigator Richard Ress to examine the threat. Ress reportedly told Hines his handwriting appeared very similar to the graffiti. At that time, Hines admitted he was responsible for the messages.


MasterCard Blinks, Drops Dec. 31 Level 2 PCI Deadline
Storefront Backtalk (12/16/09) Schuman, Evan

MasterCard has decided not to mandate that Level 2 merchants have an on-site qualified security assessor (QSA) evaluation completed by the end of next year. MasterCard revised the deadline to June 30, 2011, and also has redrafted the definition of what level a retailer is to reflect for the first time whatever level Visa has assigned. Furthermore, Level 1 and Level 2 merchants will be permitted to carry out their own assessments, provided the retailer's audit staff have completed PCI-sanctioned training courses. Cost savings is one benefit of the revision, as it will likely cost much less to train existing audit staffers than to pay for an outside QSA. Although 403 Labs QSA Walt Conway lauded MasterCard's strategy, he cautions that the agreement to mirror whatever level Visa has assigned will probably promote many retail chains that have substantially more Visa transactions than MasterCard transactions.


Mass. Supreme Court Throws Out Lawsuit Against BJs Over '04 Data Breach
Computerworld (12/16/09) Vijayan, Jaikumar

A lawsuit filed against BJ's Wholesale Club by more than 60 credit unions and their insurer over a data breach in 2004 has been tossed out by the Massachusetts Supreme Judicial Court. BJs admitted that hackers had compromised magnetic stripe data on more than 9 million credit and debit cards—data that should have been purged from the wholesaler's systems under PCI security rules. The complainants claimed that BJs' failure to remove the banned data broke its agreement with Fifth Third Bank, which was responsible for processing BJs' credit card transactions. However, the Massachusetts Supreme Judicial Court affirmed a lower court's ruling to dismiss the case on the grounds that the credit unions could not seek remuneration from BJs. The high court determined that the contract between Fifth Third and BJs had been an exclusive agreement between the two entities that was not intended to be enforced by third parties. The court also ruled that since the only injury in this instance was economic loss and since it entailed no physical hurt or property damage, the credit unions could not press ahead with charges of negligence. Furthermore, the court said that any statements BJs may have made about its being compliant with PCI security standards was not the same as the company deliberately or negligently misrepresenting facts.


Apple Fires Back at Nokia in Patents Battle
Reuters (12/14/09) Oreskovic, Alexei; Virki, Tarmo

Apple Inc. has filed a countersuit against Nokia for anti-competitive practices and patent infringement. Nokia had initially sued Apple for allegedly infringing on 10 Nokia patents for technologies such as wireless data, speech coding, and security. Apple had denied these accusations in court documents, claiming that patents asserted by Nokia were not essential for technology standards used in cell phones. Approximately 40 companies have licensing agreements with Nokia, including most major handset vendors-- except Apple. According to Apple's countersuit, it did enter licensing negotiations with Nokia in 2007 related to certain communications patents. However, Apple maintains these talks dissolved when Nokia boosted royalty rates for the patents as much as three times higher than previously proposed prices and demanded that Apple grant Nokia a license to certain of its patents as part of the compensation agreement. The 13 patents Apple cites in its countersuit include computing technologies, graphical interfaces, teleconferencing, power conservation, and touch screen technologies, all of which were popularized by the iPhone. Apple's suit argues that Nokia's E71 and its N900 phones infringe on these patents. In response to the countersuit, Nokia said that it needs time to review the court documents but that it does not change the circumstances of its original case.


A Good Fit
Security Products (12/09) MacLoone, Aengus

In June of 2005, the Bush administration mandated a heightened level of security at nuclear power plants, chemical facilities, and many other facilities operating within the United States. As a result, many facilities have hired licensed security-contracting firms to upgrade their perimeter security assessment and infrastructure, which is a key element of any effective security model. Nuclear Security Services Corp. is one of those contractors who has designed security solutions that protect more than $125 billion in U.S. critical infrastructure. NSSC's Tim Collins advises that "The functionality, or the purpose of, the guard booth is to give an advantage to one's officers. Inside this guard booth, armed responders need to have the ability to interdict--to respond to high-threat levels with a high probability of survival." Due to the increased security needs of the guard booth, many are now being designed to be both blast and ballistic resistant enclosures. Guard booths need to be ergonomically friendly as well as secure, because they are a confined space. "This sort of protection demands unique specialty engineering skills in the construction of the guard booth, which not every pre-fab company possesses," claims Collins. Security preparation at the perimeter is key to not only stopping attacks but in deterring them as well.




Muslims Say F.B.I. Tactics Sow Anger and Fear
New York Times (12/18/09) Vitello, Paul; Semple, Kirk

The FBI has worked to build relationships with Muslim and Arab-American leaders in order to obtain reliable information in its counterterrorism efforts while protecting the interests and civil liberties of mosques and communities. However, this relationship has become strained in recent months as Muslim leaders have begun raising concerns that the FBI is overstepping its bounds by using informers to infiltrate mosques and offer fake encouragement to would-be radicals. As Ingrid Mattson, president of the Islamic Society of North America complains, "There is a sense that law enforcement is viewing our communities not as partners but as objects of suspicion." Counterterrorism experts warn that this fallout could have serious consequences for national security because the Muslim-American community serves as an invaluable early-warning system for the FBI and other intelligence agencies. In order to rebuild the damaged trust between the agency and Muslim communities, agents have met privately with Muslim and Arab-American leaders to hear their grievances. In addition, Attorney General Eric Holder recently took questions about counterterrorism tactics from 200 young Muslims at a Mosque in Los Angeles. The FBI has defended its tactics, saying that it does not target communities, only individuals.


Insurgents Hack U.S. Drones
Wall Street Journal (12/17/09) P. A1; Gorman, Siobhan; Dreazen, Yochi J.; Cole, August

Officials say that militants in both Iraq and Afghanistan have discovered a way to intercept live video feeds from the U.S. Predator drones that are being used for anti-terrorism missions in the two countries. The problem was discovered last year, when U.S. military personnel in Iraq discovered drone video feeds on laptops belonging to a number of Shiite militants. Those discoveries have led some officials to conclude that militant groups trained and funded by Iran were regularly intercepting video feeds from drones. Officials believe that the militants are intercepting the feeds by using software programs such as SkyGrabber--which is designed to intercept free legal content such as music, photos, and videos that other users download from the Internet--to take advantage of the unencrypted downlink between the drones and ground control. However, there are no indications that militants were able to control the drones or interfere with their flights. Nevertheless, officials are still concerned about the ability of militants to intercept video feeds from drones because it could allow them to evade attacks and determine which roads and buildings are under U.S. surveillance. The military is working to correct the problem by encrypting all of its drone feeds from Iraq, though doing so is a difficult process because it involves upgrading many components of the networks that connect drones to their operators.


Congress Investigating Charges of 'Protection Racket' by Afghanistan Contractors
Washington Post (12/17/09) Pincus, Walter

The House oversight subcommittee on national security and foreign affairs has initiated an investigation into allegations that private security companies hired to protect Department of Defense supply convoys in Afghanistan may be paying off warlords and the Taliban to ensure they are not attacked. Secretary of State Hillary Rodham Clinton raised similar concerns in her recent testimony before a Senate committee. In her remarks, Clinton noted that one of the major sources of funding for the Taliban is protection money. The subcommittee's investigation will initially focus on eight trucking companies that share a $2.2 billion Defense Department contract to transport goods and materials from main supply points in Afghanistan. Committee chairman Rep. John F. Tierney (D-Mass.) has written letters to Defense Secretary Robert M. Gates, the Armed Contractor Oversight Directorate, and the companies that share the contracts in order to obtain records on the contractors as well as their subcontractors for expenses and convoy security.


Obama's Illinois Prison Plan Faces a High Wall: the GOP
Los Angeles Times (12/16/09) Parsons, Christi; Oliphant, James

The Obama administration on Tuesday outlined its proposal to move terrorism detainees from Guantanamo Bay to the Thomson Correctional Center in Thomson, Ill. Under the administration's plan, the federal government would purchase the nearly-empty 1,600-cell facility from Illinois and turn a unit over to the Department of Defense to use as a military detention center. Officials say roughly 100 terrorism detainees could be housed at the facility, some of whom the government will not be able to either prosecute or release. In addition, the Obama administration's plan calls for the creation of a courtroom at the prison to be used for military commission trials of detainees. As many as 75 detainees could be tried by the military commissions at Thomson. But before the Obama administration's plan can be implemented, the White House will need to persuade Congress to change a law that forbids detainees from being sent to the U.S. for other purposes besides prosecution. That could be difficult to do, since many congressional Republicans--even those who have favored Obama's efforts to close Guantanamo Bay--oppose bringing terrorism detainees to the U.S. mainland. Several Democratic senators, including Nebraska's Ben Nelson, have also expressed concerns about the plan.


Nature of Evidence Could Complicate Prosecution of Five Americans in Pakistan
New York Times (12/15/09) Shane, Scott; Johnston, David

Several U.S.-based prosecutors report that the five Americans accused by Pakistan of attempting to obtain training at terrorist camps there will likely face vigorous prosecution in the states. However, such prosecution will require clear evidence of their intentions, which could be complicated by several factors evidenced by similar cases tried in recent years. Specific issues they say could arise include questions about their treatment while in Pakistan as well as the timing of any Miranda warning issued by FBI agents. In order to avoid these questions, prosecutors say one of the men could be offered a plea bargain to testify against his cohorts. In the meantime, a Pakistani court has barred the deportation of the five men, saying that they cannot be sent back to the United States until the court has a chance to fully review their case. Pakistani officials report that the men arrived in Karachi on Dec. 1 and then traveled to Hyderabad to visit an Islamic school associated with the banned militant group, Jaish-e-Muhammad, where they told school officials they wanted to train to fight American troops in Afghanistan. When their advances were rebuffed they went to Lahore in an attempt to contact members of Jamaat-ud-Dawa, which is considered a front for Lashkar-e-Taiba. The men were again rejected because they did not speak Urdu and the radical groups suspected an infiltration attempt. At that time they were arrested at the home of a relative by Pakistani authorities.




Twitter Hacked by 'Iranian Cyber Army'
CNN International (12/18/09)

The social networking site Twitter was down for almost an hour early Friday morning after it was hacked by a group calling itself the Iranian Cyber Army. According to Twitter, the site's DNS records were temporarily compromised by the group, which caused those who tried to access the service to be redirected to another site that had a green flag along with the message "This site has been hacked by Iranian Cyber Army." It remains unclear whether the Iranian Cyber Army is connected to Iran.


Adobe to Patch Zero-Day Reader, Acrobat Hole
CNet (12/16/09) Mills, Elinor

Adobe has announced that it will release a patch on Jan. 12 for a zero-day vulnerability that exists in versions 9.2 and earlier of its Reader and Acrobat software. The vulnerability can be exploited by malicious Adobe Acrobat PDF files distributed as email attachments, according to Symantec. If a user opens such a file, the malware installs three files that appear to be Windows system files that are digitally signed with a forged Microsoft certificate. However, these files do not have an email address and a time stamp like legitimate Microsoft-signed certificates do. Despite the threat, Symantec said the rate of infection is very limited and the risk assessment level is very low. Adobe is urging its customers to take steps to protect themselves from the threat until the patch is released, including using a new JavaScript Blacklist mitigation feature that allows JavaScript to be easily disabled.


Botnet Operators Infecting Servers, Not Just PCs
Dark Reading (12/16/09) Higgins, Kelly Jackson

Security experts say that botnet operators are increasingly attacking a variety of different servers, including FTP servers and SSL servers. Botnet operators are going after FTP servers because they tend to be inadequately protected, says Axway's Paul French. Once botnet operators bypass this security and make their way into the FTP server, they can use the machines for a variety of purposes, including SQL injection attacks that compromise legitimate Web sites. These Web sites are then used to recruit more bots or steal sensitive data, such as log-in credentials or credit card numbers. In addition, FTP servers are being used by drive-by download malware and by regular bots as a downloading component, says F-Secure's Mikko Hypponen. Botnets also can use FTP credentials to break into other parts of a system with vulnerabilities and install malware at that location in order to infect and compromise the server, says Biscom's Bill Ho. Meanwhile, SSL servers are being targeted by botnet operators because proxy and gateway scanners cannot scan for malware that makes it through an HTTPS connection, which makes it easier to sneak in, Hypponen says.


CAO Recommends Tighter Security Rules for House Laptops, Wireless Devices
The Hill (12/15/09) Yager, Jordy

Beginning next year, House members and their staffers who use government-issued wireless devices and laptops will have to follow a number of new security recommendations made by the Office of the Chief Administrative Officer. Those recommendations, which were issued Dec. 15, call for House wireless devices and laptops to be checked by House officials before and after staffers take them outside the territorial United States. In addition, Blackberrys issued by the CAO will be required to be password-protected and will automatically lock when not in use. Finally, the recommendations call for House security policies to be changed in order to ensure that sensitive information is encrypted and not transmitted on any public access system without protective measures. The new security measures come in the wake of a recent incident in which a document that discussed investigations by the Committee on Standards of Official Conduct and the Office of Congressional Ethics was leaked to The Washington Post. Lawmakers say that document was leaked by a staffer who was using a computer with file-sharing software.


In Shift, U.S. Talks to Russia on Internet Security
New York Times (12/13/09) P. A1; Markoff, John; Kramer, Andrew E.

The U.S. government has reversed its policy toward bolstering cybersecurity by initiating consultation with Russia, rather than the other way round. Officials familiar with the negotiations say the Obama administration understood that more countries are developing cyberweapons and that halting a global cyberweapons arms race required a new strategy. In November, a delegation led by a Russian Security Council member convened in Washington, D.C. with members of the U.S. National Security Council and the departments of State, Defense, and Homeland Security, and several weeks later the United States agreed to talk about cyberwarfare and cybersecurity with representatives of the United Nations committee on disarmament and international security. Russia has espoused the idea that an international pact is the best instrument for tackling the growing challenges posed by military operations to civilian computer networks, and people familiar with the discussions say the U.S.'s resistance to the concept has started to wear down. Viktor V. Sokolov with Russia's Institute of Information Security says the latest round of discussions signals the opening of negotiations between the two powers on a possible cyberspace disarmament treaty. An anonymous U.S. State Department official says the United States has not resisted the idea of such a treaty, and that it is hoping to use the discussions to boost international cooperation in combating cybercrime. In contrast, the official says Russia has been pursuing the restriction of cyberweapons development. U.S. officials involved in the negotiations say that in addition to the cyberweapons ban, Russia is focusing on a prohibition against cyberterrorism, which they claim is an attempt to ban "politically destabilizing speech."


Abstracts Copyright © 2009 Information, Inc. Bethesda, MD


  ASIS also offers a daily and a non-sponsored, special-content Professional Edition of
Security Newsbriefs. Please click to see a sample or to contact us for more information.

Unsubscribe | Change E-mail | Advertising Opportunities | Security Management Online | ASIS Online

No comments:

Post a Comment