| |
Accounts Raided in Global Bank Hack
Wall Street Journal (10/01/10) Bray, Chad; Bryan-Low, Cassell; Gorman, Siobhan
Federal and state prosecutors announced on Sept. 30 that they have arrested or charged 80 people with being involved in a cybercrime ring that stole at least $3 million from U.S. bank accounts between May 2009 and September of this year. According to prosecutors, members of the cybercrime ring - some of whom have left the United States and remain at large - used malicious computer software known as Zeus Trojan and embedded it into an innocent looking e-mail in order to steal victims' online banking usernames and passwords. After breaking into their victims' accounts, the ring moved money into accounts held by their network of mules, who then wired the funds overseas or withdrew the cash. Five banks are believed to have been defrauded in the scheme, including units of J.P. Morgan Chase, Ally Financial, and PNC Financial Services. Authorities say the investigation is in its early stages and could result in law-enforcement actions in other countries. The 80 people who have been arrested and charged in the U.S. with being involved in the fraud are connected to the 19 people who were arrested in London earlier this week on charges of stealing at least $9.5 million from bank accounts in Britain.
The New Presence on Oakland's Streets
Wall Street Journal (09/30/10) White, Bobby
Some businesses in Oakland, Calif., are banding together to provide their own security. Last year, more than a dozen businesses in the city--including Clorox and the property firm Metrovation--formed community benefit districts in Lake Merritt/Uptown and Downtown Oakland, which are nonprofit organizations that tax member businesses so that they can improve or maintain their neighborhoods. The businesses decided to form the associations after Oakland reduced city services in order to close a $30 million budget deficit. Since being launched in February 2009, the Downtown and Uptown associations have grown to include roughly 100 members each. Among the steps the associations have taken is the hiring of a group known as the Ambassadors, which consists of 18 unarmed security guards that patrol the streets of the Downtown, Lake Merritt, and Uptown neighborhoods. Some city leaders, including Oakland city council member Patricia Kernighan, say that the benefit districts have helped improve security in Downtown Oakland. However, some police officers say that the Ambassadors do not act as a deterrent to criminal activity.
Important Details to Look for When Doing Employee Background Checks
Helium (09/28/2010) Rose, Suzanne
There are a number of factors to consider when performing employee background checks. The first thing companies need to consider is whether or not the potential employee has a criminal history. Although some convictions might not prevent companies from hiring the individual, it is important to be aware of them when considering how the person might contribute to company culture. When making these decisions, employers should first look at the type of conviction. Companies should be cautioned against hiring anyone with any kind of violent conviction in order to reduce the risk of workplace violence. A criminal history of theft or other white collar crime is also important to look for, particularly if the person will be handling money. Most companies do not want to hire someone who has a current drug problem. Not only can it affect their behavior or performance, but it can also affect the company. Bringing drugs to the workplace or mishandling a situation with a customer can have long term consequences for the company. That said, potential employees should be given an opportunity to show they have overcome their addictions. In all cases, it is best for employers to trust their own judgment.
Hollywood Sounds Alarm on Streaming Piracy
San Francisco Chronicle (09/27/10) P. D5 Chmielewski, Dawn C.
A growing number of Web sites are offering Internet users the ability to stream pirated videos, including programs that can normally only be seen on premium cable channels. According to a study by one independent measurement service, the number of streaming pirate sites rose 42 percent between July and August. In addition to using streaming pirate sites, Internet users are also utilizing so-called "cyberlockers" to store and stream pirated content. The Motion Picture Association of America, the lobbying arm for the U.S. film industry, says that streaming and downloading from cyberlockers will become more common than peer-to-peer file sharing--which is currently the most popular way for Internet users to find pirated TV episodes and movies--by 2013. Brian Baker, the president and chief executive of the Internet streaming technology maker Widevine, says that the growth of streaming piracy will be fueled by the growing number of Internet-connected TVs in consumers' homes. These TVs contain software that makes it easy for viewers to find pirated video streams on the Web.
Vigilant Camera Eye
Fraunhofer-Gesellschaft (09/10)
Researchers from the Fraunhofer Institute for Applied Information Technology have replicated key aspects of the human eye and brain in a new automated camera system. The researchers say that Smart Eyes' human-like capabilities in identifying and processing moving images could be used to enhance security in public areas and buildings. The system, developed as part of the European Union's Smart Eyes: Attending and Recognizing Instances of Salient Events project, makes use of a fixed surveillance camera that covers a certain area and two ultra-active stereo cameras. The hardware resembles human eyes in that the cameras can fix on and follow various points quickly in succession, but also can zoom in on details. However, the heart of the system is a program that automatically analyzes image sequences by ascertaining the degree of movement of each pixel, identifying the particular active areas of a scene, learning motion patterns and storing them as models, identifying and classifying events, and identifying image patterns. The system picks out salient events and focuses on them using the active stereo cameras.
Tips to Prevent Workplace Violence
Lincoln Journal Star (NE) (09/23/10) Pascale, Jordan
Workplace violence, including verbal abuse and assaults, affects 2 million victims each year, according to Patrick Fiel, a national public safety adviser for ADT. Fiel says that many companies fail to take precautions that would prevent workplace violence because they do not think that such incidents could happen to them. However, workplace violence can happen at any place and at any time, Fiel adds. As a result, companies need to take precautions, including working with employees to create a safe work environment and a zero-tolerance policy on workplace violence. In addition, companies should ensure that their parking lots are well lit and that access to their facilities is controlled by technologies such as key cards. Companies may also want to consider creating an anonymous tip line that employees can use to report suspicious behavior or concerns about a colleague. Finally, companies should be on the lookout for signs that an employee may be about to commit an act of workplace violence, including dramatic changes in attitude, behavior, and work ethic, and conflicts with supervisors and other employees.
Senate Moves FPS Reform Bill
Homeland Security Today (10/10) McCarter, Mickey
The Senate Homeland Security Committee unanimously approved a bill on Wednesday that would address what Sen. Susan Collins (R-Maine) called a "security crisis" at the Federal Protective Service, the agency that is responsible for protecting federal buildings. The bill, known as the Supporting Employee Competency and Updating Readiness Enhancements for (SECURE) Facilities Act, calls on FPS to hire a consultant to study the possibility of federalizing its contract guard workforce and to submit a report on its findings within a year. In addition, the bill would require FPS to add 500 full-time employees over the next four years so that it has at least 1,200 full-time federal employees on staff at all times. Another provision of the legislation calls on FPS to standardize testing programs to ensure contract guards are adequately trained and have obtained appropriate certifications for protecting federal buildings. The bill also aims to improve security at federal buildings by requiring the Department of Homeland Security to establish standards of checkpoint detection technologies for the detection of explosives. Several other provisions also aim to improve operations at FPS. Collins noted that the bill will address the security gaps that were uncovered during a number of recent audits of FPS, including a 2009 Government Accountability Office audit in which inspectors were able to successfully smuggle explosives into 10 federal buildings. The full Senate is expected to take up the bill after the mid-term elections.
Europe, U.S. Track Clues on Possible Urban Terror Plot
Wall Street Journal (09/30/10) Crawford, David; Gorman, Siobhan; Fidler, Stephen
American and European counterterrorism officials are continuing to investigate the suspected terrorist plot that was made public earlier this week. According to a senior European intelligence official, European police are still looking for the group that was believed to have been planning to carry out the alleged plot, which is thought to consist of a shooting spree in a major urban center similar to the 2008 Mumbai attacks. Officials believe that the group is planning to launch such an attack on unprotected targets in the U.K., France, or Germany. However, authorities are unable to take action against the plot because the threat reports are too broad. Counterterrorism officials do not have any reliable information on the members of the group that is believed to have been planning the plot, though they do think that the individuals are from a variety of different countries. One member of the group who the investigation is focusing on, a man known only as "Mauritani," is believed to be from North Africa. Authorities are having trouble obtaining information about the group because its members have avoided traveling together.
Texas Tech Officials Stress Campus Security After UT Shooting
Lubbock Avalanche-Journal (TX) (09/29/10) McGowan, Matthew
The University of Texas at Austin's campus was put on lockdown and classes were cancelled on Tuesday after a gunman was seen near the university's library. Police say that the gunman, 19-year-old Colton Tooley, then went into the library with his AK-47 assault rifle and opened fire several times on the building's sixth floor. Tooley then shot and killed himself. No other students were injured or killed during the incident. Meanwhile, officials at Texas Tech in Lubbock are calling on students, faculty, and staff to review campus security procedures in the wake of the shooting at the University of Texas at Austin. For instance, faculty, students, and staff are being asked to ensure that their records for the TechAlert! emergency alert system are up to date. The system is used to send emergency notifications to subscribers through telephone, text, and e-mail messages in the event of an emergency. In addition, students, faculty, and staff are being urged to log on to Texas Tech's emergency communications Web site to watch a video that explains what they should do in the event of a campus shooting.
Terrorism Fears Put Paris on High Alert
Washington Post (09/28/10) P. A14 Cody, Edward
A package found abandoned in Paris' Saint-Lazare metro station on Monday set off a terrorism scare throughout the city. Specialists responded and determined within a half an hour that there were no explosives present. Even though the situation was resolved, observers say the level of caution exercised by French authorities indicates the country is taking the terrorism threat it faces seriously. Terrorism tensions have risen following the Sept. 15 kidnapping of five French people and two Africans in Niger. Al-Qaida in the Islamic Maghreb took responsibility for the abduction. France is expected to negotiate for their return. Bernard Squarcini, who heads the Central Directorate of Internal Intelligence, warned in two interviews that the threat for terrorism within France was also particularly high. The Interior Ministry said a foreign intelligence service had passed along a report that a woman had been overheard suggesting a suicide bombing was being prepared for Paris. Although the report was later dismissed, alert levels have remained elevated. Additional armed soldiers have been dispatched to airports, train stations, and tourist attractions throughout the country. More specific sources of the increased threat and the reason France would be a target have not been released, and may not have been known.
Money Transfers Face New Scrutiny
Washington Post (09/27/10) P. A1 Nakashima, Ellen
The Obama administration has proposed new regulations that aim to crackdown on the financing of terrorism. Under the new rules, financial institutions would have to report money transfers into and out of the U.S. to the Treasury Department, regardless of how small those transactions are. Financial institutions are currently only required to report transfers of $10,000 or more, as well as transfers that they feel are suspicious. The new rules call for money-transfer businesses to report money transfers coming into and leaving the country if they are worth $1,000 or more. In addition to reporting that a money transfer has taken place, both financial institutions and money-transfer businesses would have to report the name, address, and account number of the sender and recipient. Money-transfer businesses would also have to provide the Treasury Department with an identifier like a driver's license or passport number, while financial institutions would be required to provide the Social Security numbers for all money-transfer senders and recipients in a given year. Supporters of the new rules say that they will help them identify transfers like the ones that were used to carry out the September 11, 2001 terrorist attacks, though critics--including financial institutions--say the rules are burdensome and overly invasive. The new rules are not expected to take effect until 2012.
Defending a New Domain
Foreign Affairs (10/10) Lynn III, William J.
The Pentagon is striving to insulate government networks and critical infrastructure from cyber threats in collaboration with the U.S. Department of Homeland Security, while efforts to expand these defenses globally are being carried out in partnership with the U.S.'s closest allies, writes U.S. Deputy Secretary of Defense William J. Lynn III. Attributes of the cyber threat that the Pentagon is concentrating on to develop a counteractive strategy include the asymmetric nature of cyber warfare, the overwhelming advantages of cyber offensive strategies compared to cyber defensive tactics, and the fact that traditional Cold War deterrence models of assured retaliation are inapplicable in the cyber realm. "The challenge is to make the defenses effective enough to deny an adversary the benefit of an attack despite the strength of offensive tools in cyber space," Lynn writes. Because some intrusions will inevitably succeed despite detection measures, there also must be a way for U.S. cyber defenses to locate intruders once they have penetrated a network, and this job is an element of the Pentagon's dynamic defense capability accomplished through the consolidation of the Defense Department's collective cyber defense capabilities under one roof and their linkage with signals intelligence. Lynn stresses that the security of civilian infrastructure is vital for ensuring the defense of military networks, and it is up to the Pentagon to "leverage its 10 years of concerted investment in cyber defense to support broader efforts to protect critical infrastructure." He also argues that there must be stronger pacts between the United States and its allies to enable the exchange of information, technology, and intelligence so that they do not lag behind the cyber threat. The private sector's innovative capability is a resource that the Pentagon needs to tap through continuing investments in science, technology, and education at every level, Lynn says.
Smartphone Apps Harvest, Spread Personal Info
Penn State Live (09/29/10) Messer, Andrea
Researchers at Penn State and Duke universities have found that publicly available cell phone applications are releasing consumers' private information to online advertisers. The researchers developed a realtime monitoring service called TaintDroid that analyzes how private information is obtained and subsequently released by smartphone applications. In a study of 30 popular applications, TaintDroid found that 15 send users' geographic location to remote advertisement servers. The study also found that seven of the 30 apps send a unique hardware identifier, the phone number, and SIM card serial number to developers. "The cases we found were suspicious because there was no obvious way for the user to know what happened or why," says Penn State's William Enck. The researchers note that applications rarely provide privacy policies that state how users' information will be used, and users have no way of knowing where applications send that information.
CISOs Paint Gloomy Picture of State IT Security
GovInfoSecurity.com (09/28/10) Chabrow, Eric
A recent survey of state CISOs by NASCIO and Deloitte has found that a lack of funding is the biggest obstacle to protecting state information technology systems from security breaches. Nearly 90 percent of the surveyed CISOs said that the lack of funding was their biggest barrier to securing their states' IT systems. In addition, the survey found that nearly 80 percent of CISOs worked in states that had cut or frozen their IT security budgets from last year. In the private sector, meanwhile, spending on IT security actually rose in spite of the recession, a separate survey by Deloitte found. Besides a lack of funding, the survey also found that state CISOs believed that the growing sophistication of threats, the lack of security professionals, and the lack of support from business stakeholders, among other factors, were all significant barriers to protecting IT systems. Finally, the survey found that states are increasingly using strategic planning as part of their cybersecurity strategies and are utilizing the National Institute of Standards and Technology risk assessment framework for strategic alignment. However, NASCIO and Deloitte warn that it will be difficult to achieve compliance with the NIST framework in the absence of compliance audit and enforcement requirements that deal with IT security in the federal government.
Web 2.0 Breaches Cost Businesses $1.1 Billion
InformationWeek (09/27/10) Diana, Alison
Business professionals admit that Web 2.0, while integral to many corporate initiatives, still carries some serious security risks. More than 60 percent of respondents to a survey reported Web 2.0-related losses averaging $2 million, according to a McAfee study. A primary factor in these breaches, which totaled $1.1 billion collectively, was use of social media by employees, according to the report. In their attempts to mitigate Web 2.0-related threats, close to half of the organizations surveyed block Facebook, and 33 percent limit employee access to social media, the study says. Twenty-five percent monitor use and 13 percent block social media access altogether, the McAfee study determines. Roughly 50 percent of the 1,000 global corporate leaders surveyed said they had concerns about the soundness of Web 2.0 applications such as social media, microblogging, collaborative platforms, Web mail, and content sharing applications. Furthermore, 60 percent said they worry about the possible loss of reputation as a result of Web 2.0 abuse. "As Web 2.0 technologies gain popularity, organizations are faced with a choice—they can allow them to propagate unchecked, they can block them, or they can embrace them and the benefits they provide while managing them in a secure way," says McAfee CTO George Kurtz. Web 2.0 is employed by over three-quarters of businesses, and about half of the survey respondents use Web 2.0 applications for information technology operations. About one-third of polled firms lack a social media policy and nearly half are missing a policy for Web 2.0 use on mobile devices.
Facebook, Twitter See More Spam Attacks
USA Today (09/27/10) Acohido, Byron
Cybersecurity experts say that Facebook and Twitter users will see increasing volumes of spam as cybercriminals increasingly target the social networking sites. Hackers transmit spam messages to users of Facebook and Twitter by constantly probing the two sites for security vulnerabilities, particularly ones that provide them access to mechanisms for quickly disseminating content to large numbers of users. After hackers discover such holes, they attempt to prove their skills by sending out a test posting that spreads in the manner of a worm. Spamming gangs then send out large amounts of spam, including advertising-related surveys, through the vulnerabilities for as long as they remain unpatched. Such attacks, particularly those that use advertising-related surveys and clickjacking attacks, can be extremely lucrative, bringing in hundreds of thousands of dollars a day. However, both Twitter and Facebook expect to protect their users from spam by relying on certain users to quickly report attacks and by teaching users to protect themselves. But the social networking sites are having trouble just keeping their basic services up and running,. This means that they could be used to distribute large amounts of malware unless they implement security measures, says Dasient CTO Neil Daswani.
Abstracts Copyright © 2010 Information, Inc. Bethesda, MD |
No comments:
Post a Comment