| |
FBI Raids Alleged Boiler Room
Wall Street Journal (06/10/10) Bray, Chad
The FBI shut down a suspected boiler room operation in Manhattan on Wednesday. Law enforcement officials say the boiler-room scam, which involved the use high-pressure sales calls to convince potential clients to invest in certain companies, defrauded a number of mostly elderly investors out of more than $12 million. Authorities also say that the mastermind of the scam, suspected Bonnano crime family member Anthony Guarino, used the funds he obtained from investors to invest in several companies and pay "commissions" to members of the boiler room. Guarino and six others were arrested in connection with the case on Wednesday. A total of 13 people have been indicted on charges related to their involvement in the boiler room. Two of those individuals are expected to surrender to authorities at some point in the near future, while one other person remains at large. Guarino and the seven others who appeared with him in court in Manhattan on Wednesday have pleaded not guilty to the charges against them.
AT&T: iPad User Data Exposed Via Security Flaw
Reuters (06/09/10) Madway, Gabriel
A network security flaw has led to the exposure of the e-mail addresses of more than 100,000 users of Apple's iPad. The security breach was announced on Wednesday by AT&T, the wireless carrier that has the exclusive rights to carry Apple's iPad. According to AT&T, the network security flaw led to the exposure of the iPad's integrated circuit card IDs, which are used to identify SIM cards in mobile devices. That in turn allowed hackers to obtain the e-mail address connected to the device, AT&T said. The company added that it has since corrected the network security flaw that led to the breach, and that its investigation into the incident is continuing.
$217,000 'Skimmed' From ATMs
Wall Street Journal (06/09/10) Gardiner, Sean
Reports indicate that thieves used "skimmer" devices to steal $217,000 from Long Island Banks between April and the end of May. The skimmer, which looks exactly like an ATM bank-card reader, can be slipped over the ATM's regular card slot. Then, when a customer uses their bank card, the device records their banking information while still allowing the transaction to be conducted. The thieves were able to obtain customer PIN numbers using either a hidden, wireless mini-camera aimed at the ATM's keypad, or they placed a keypad overlay on top of the ATM's keypad to record the PIN numbers. The banking information was then re-encoded onto the magnetic strips of blank gift cards. Investigators report that the thefts occurred at four Bank of America branches in Suffolk County, N.Y. They estimate that between 100 and 200 accounts may have been cloned. There are six suspects in the theft ring and their photographs have been released to the press.
Gunman's Rampage at Hialeah Restaurant Leaves 5 Dead
Miami Herald (06/07/10) Moskovitz, Diana
A gunman went on a shooting rampage at a restaurant in Hialeah, Fla., on Sunday night, killing four people and injuring three others before killing himself. The incident began when the gunman got into an apparent domestic dispute with a woman in the parking lot of the restaurant, which is located in a suburb of Miami. The argument ended when the gunman shot the woman. After shooting the woman, the gunman walked into the restaurant and began shooting indiscriminately. Among the victims inside the restaurant were several employees. The gunman fled and was found dead of a self-inflicted gunshot wound several blocks away. Police are trying to determine what prompted the gunman to open fire inside the restaurant.
Workplace Violence: New Regulation, Threats, & Best Practices
Security Director's Report (05/10) Vol. 2010, No. 5,
The Occupational Safety and Health Administration (OSHA) currently is pushing for tougher workplace violence regulations, while at the same time experts are calling for a different "zero" approach, and the judgment of line employees is being tested like never before. Organizations adopt zero-tolerance policies because "they sound good," says Barry Nixon, executive director for the National Institute for the Prevention of Workplace Violence Inc. Unfortunately, these policies do little to eliminate the issue because they tend to be reactive -- "this is what we will do" -- rather than preventive, Nixon says. Speaking at the iSecurity online trade show and conference in March, Nixon called for a "zero-incidents" approach instead, because it emphasizes the prevention of unwanted behavior rather than detailing how the organization will handle it after the fact. In addition to tweaking policy language, Nixon recommended addressing workplace violence in the interview stage along with drug screening. While many potential employees expect a drug and background check, Nixon implored companies to similarly issue a proclamation to applicants that workplace violence is not tolerated. Most importantly, a zero-incidents approach -- rather than zero tolerance -- focuses security personnel on activities it needs to carry out at many points along the prevention continuum. These include: detection by identifying and anticipating possible problematic scenarios before issues actually surface; prevention by taking reports and signs seriously; and protection by putting the response plan into motion and taking immediate action.
Pistole Impresses at Confirmation Hearing
Homeland Security Today (06/11/10) McCarter, Mickey
During his first of two confirmation hearings on Thursday, Transportation Security Administration (TSA) administrator nominee John Pistole declined to tell Republican lawmakers on the Senate Commerce Committee that he was opposed to giving collective bargaining rights to TSA screeners. Pistole noted that he would launch a review of the issue, which scuttled the nomination of the Obama administration's first choice to be TSA administrator earlier this year, should he be confirmed. Meanwhile, Sen. Jim DeMint (R-S.C.) called for Pistole to oppose giving collective bargaining rights to TSA screeners, saying that providing the rights would hurt national security because it would allow screeners to make demands for changes in their workplace that could make it difficult for them to be redeployed or assigned to different work schedules in response to terrorist threats. In addition to collective bargaining, Pistole also discussed what he would do to combat terrorism if he is confirmed. Pistole noted that his top priority would be ensuring that the TSA has the most up-to-date intelligence and threat information in order to prevent a repeat of the failures that led up to the attempted bombing of Northwest Airlines Flight 253 last Christmas. Pistole also said that he would work to boost security on soft targets like passenger rail systems and look into how security could be improved at general aviation airports like the one that was used by a man who flew an airplane into a federal office building in Austin, Texas, earlier this year. Pistole's second confirmation hearing is scheduled for June 16. He could be confirmed shortly after that.
Cameron Abandoned Afghan Base Visit After Assassination Plot
Hindu (06/11/10)
British Prime Minister David Cameron abandoned plans to visit Shahzad forward operating base in the Helmand province of Afghanistan on Thursday following intelligence warnings that Taliban militants planned to shoot down his helicopter. In radio intercepts, Taliban commanders were heard giving instructions for attacking a VIP helicopter using shoulder firing missiles, forcing Cameron's helicopter to be suddenly diverted less than 10 minutes before landing at the base. The helicopter landed at the nearby British brigade headquarters in the town of Lashkar Gah, where the Prime Minister was notified of threats on his life.
UN: Illicit Cigarette Trade Funds Terrorism, Organized Crime
Malaysia Star (06/10/10)
The United Nations Security Council's Group of Experts has released a report that found that millions of dollars of revenue from illegal tobacco sales are being used to fund al-Qaida, the Taliban, and other terrorist organizations. The World Health Organization estimates that 600 billion counterfeited and smuggled cigarettes cross borders annually. This represents approximately $50 billion in sales. In addition to terrorist and militant groups, these funds are also supplying organized crime gangs throughout the world. The first large-scale cigarette trafficking case linked to terrorism was the prosecution of Mohamad Hammoud, who was charged in North Carolina in 2002 for providing material support to terrorist groups by funneling profits from a multimillion-dollar cigarette-smuggling operation to them.
NYPD Undercover Unit Key in NJ Terror Arrests
Associated Press (06/08/10) Hays, Tom
The recent arrests of two New Jersey men who allegedly planned to travel to Somalia to join the terrorist group al-Shabab have drawn attention to the New York City Police Department's counterterrorism efforts. The undercover officer who gained the trust of the two men and helped arrest them was one of the more than 1,000 NYPD officers who have been assigned to counterterrorism duties since the September 11, 2001 terrorist attacks. All of these officers signed up to be patrolmen with the NYPD, but were diverted from the police academy because they were young men with Muslim or Arab backgrounds. In addition, recruits that are chosen to perform counterterrorism functions speak foreign languages such as Arabic. Instead of police academy, recruits that are singled out for counterterrorism work enter a separate training program operated by the NYPD's Intelligence Unit. Upon completion of the program, the officers are given false names and a cover story, and are ordered to investigate leads and gather information on potential terrorist threats in or around New York City. In addition to the two New Jersey men who were arrested last Saturday, NYPD counterterrorism officers have also helped arrest the suspect in a plot to blow up Manhattan's Herald Square subway station.
U.S. Military Borrows From NFL: Technology for TV Broadcasts May Be Used To Catalog Spy Footage
Los Angeles Times (06/07/10) Barnes, Julian E.
The U.S. military is reportedly in talks with television broadcasters to determine if technology used to catalog footage from sporting events could be used to organize the 24 million minutes of video collected by unmanned Predator drones and other remotely piloted aircraft in Afghanistan. The technology allows sports broadcasters to embed text tags that can be used later to search hours of footage to find a particular player or play. The military is hopeful similar tags could be used to track specific militants or potential threats on the battleground. There are now currently 7,000 drones operating in both Iraq and Afghanistan, so organizing the footage from these drones would be a major boon to the intelligence community. The Air Force is hopeful that eventually, the technology being developed would automatically allow analysts to search a database for specific people, places, and vehicles with unique identifiers. In addition to improving the archives, the new tools may help analysts combine live video feeds with other intelligence sources such as intercepted phone calls from the area currently being monitored by a drone. Asides from news and sports technologies, the Air Force has reportedly considered video applications used by reality TV that allows editors to cut together images from a variety of different cameras and angles to track a single subject.
New Bipartisan Bill Would Give President Power To Step In and Stop 'Cyber 9/11'
The Hill (06/10/10) Nagesh, Gautham
The Protecting Cyberspace as a National Asset Act, which has been introduced in the Senate with bipartisan support, would give the president the authority to declare a national "cyber emergency" in the event of a major attack on federal civilian networks as well as any private-sector assets deemed critical to the national infrastructure. After notifying Congress, the president would be able to order immediate measures to safeguard critical assets. These emergency measures would expire after 30 days. However, the president could extend them by saying the threat still exists. The bill would also put the Department of Homeland Security's new National Center for Cybersecurity and Communications (NCCC) in charge of preventing and responding to attacks on such networks. The Office of Cyberspace Policy within the White House would be replaced with a Senate-confirmed presidential appointee who would advise the NCCC and would report to the secretary of Homeland Security. This director would also have the power to extend national cyber emergency measures.
DHS Network Policy Puts Systems at Risk, IG Finds
Federal Computer Week (06/09/10) Bain, Ben
The manner in which the Department of Homeland Security (DHS) uses Microsoft Windows Active Directory services to manage users, groups of users, computer systems, and services on its network has put its data at risk of being breached, according to a report from DHS Inspector General Richard Skinner. The report notes that although the federated model DHS uses for Active Directory results in policy and guidance being centrally determined, DHS' component agencies are responsible for the operations of their own networks. In addition, Skinner says that DHS has created "trusts" between its domain and the domains of its component agencies in order to provide users with access to centralized enterprisewide applications. But some systems in DHS' enterprise Active Directory domain are missing security patches and have other vulnerabilities that make them not fully compliant with DHS security guidelines. The report says that this situation is the result of systems from DHS component agencies being added to the department's domain before their security configurations had been validated. The report also found that DHS' Active Directory structure cannot support applications across the department's enterprise, and that DHS has not created policies for ensuring that security controls are installed on component agencies' systems.
Study: Social-Media Use Puts Companies at Risk
CNet (06/08/10) Whitney, Lance
Employees who use social networking sites expose their organizations to several security threats, including malware and brand hijacking, according to a report by the Information Systems Audit and Control Association (ISACA). The report also found that efforts to prevent employees from accessing social networking sites while on the job are generally futile. Such efforts tend to be unsuccessful because employees can easily bypass security guidelines set up by their employer, since they do not need special hardware or software to access Facebook or Twitter, the report says. Instead of blocking social networking sites, organizations should educate their employees about the appropriate use of the sites, as well as what their expectations are for workers who access social networks, the report recommends. ISACA notes that this can involve developing policies and training sessions to educate employees about how to use social networking sites. These polices and sessions should address issues such as the personal use of social networks while on and off the job, as well as the overall business use of social networking sites.
NIST's 7-Step Contingency Planning Process Measures Designed to Be Integrated Into Systems' Life Cycle
GovInfoSecurity.com (06/08/10)
The U.S. National Institute of Standards and Technology (NIST) has released updated guidance that defines the process for seven-step contingency planning that agencies can implement to develop and maintain a workable stopgap recovery program for their information systems. NIST created the seven progressive steps to be incorporated into each stage of the system development life cycle. First, draft a contingency planning policy statement that conveys the authority and competence necessary to develop an efficient contingency plan. Second, carry out a business impact analysis (BIA). Next, identify preventive controls to increase system availability and mitigate contingency life cycle costs. Fourth, create thorough contingency strategies to ensure that the system can be restored quickly and effectively after a disruption. Fifth, develop an information system contingency plan that contains detailed instructions and procedures for recovering a damaged system. Sixth, ensure the functionality of the plan through testing and training exercises. Finally, keep a contingency plan maintenance log that is updated regularly.
Open Source Could Mean an Open Door for Hackers
Technology Review (06/07/10) Lemos, Robert
Flaws in open source software are exploited more quickly and more often than flaws in closed software systems, according to a paper by Boston College (BC) researchers that analyzed two years of attack data. "If you think about this whole thing as a game between the good guys and the bad guys, by reducing the effort for the bad guys, there is much greater incentive for them to exploit targets earlier and hit more firms," says BC professor Sam Ransbotham. The researchers used alert data taken from intrusion-detection systems managed on behalf of 960 companies by SecureWorks. Ransbotham also found a correlation between the existence of signatures, which are used by various security products to match a known pattern with a flaw, and earlier attacks, suggesting that the updates used to improve defenses actually help the attackers. "That tells me that there is something about having that signature that is helping people ... giving them a clue about how to exploit the vulnerability," he says.
Abstracts Copyright © 2010 Information, Inc. Bethesda, MD |
1 comment:
Hi,
Your blog really is a worth reading. Wireless Mini Camera is yet another home security system that can be operated with ease. The most trusted place to buy a wireless mini camera is CheapsafetyProducts.com.
Post a Comment