Thursday, December 23, 2010

Security Management Weekly - December 23, 2010

header

  Learn more! ->   sm professional  

December 23, 2010
 
 
Corporate Security
  1. "L.A. Antipiracy Raid Nets $4 Million in Counterfeit Goods"
  2. "ICE Comes Calling for Businesses - to Help" U.S. Immigration and Customs Enforcement
  3. "Ship Underwriters Widen Somali Piracy Threat Zone"
  4. "Music Websites Dispute Legality of Their Closing"
  5. "Mitigating the Prospect of and Appropriately Responding to Workplace Violence"

Homeland Security
  1. "Congress Bars Gitmo Transfers"
  2. "Christmas Bomb Plotters Were Radicalised in Jail" United Kingdom
  3. "Auditors Question TSA's Use of Spending on Technology" Transportation Security Administration
  4. "Latest Terror Threat in US Aimed to Poison Food"
  5. "Monitoring America" Domestic Counterterrorism Efforts

Cyber Security
  1. "Botnet Holiday Spam Levels Drop for Christmas"
  2. "SQL Injection Blamed for New Breach" Structured Query Language
  3. "DARPA Goal for Cybersecurity: Change the Game" Defense Advanced Research Projects Agency
  4. "Password Diversity Urged in Wake of Gawker Attack"
  5. "NASA Ahead of the Curve in Real-Time IT Security"

   

 
 
 

 


L.A. Antipiracy Raid Nets $4 Million in Counterfeit Goods
Los Angeles Times (12/22/10) Verrier, Richard

The Los Angeles Police Department wrapped up what it said were the biggest antipiracy raids in the city's history on Monday. The raids, which began last month, resulted in 109 arrests and the seizure of more than $4 million in counterfeit goods, including CDs, DVDs of movies that are still in theaters, and other products. The majority of the counterfeit goods were seized from vendors and flea markets in downtown Los Angeles. Criminal gangs are believed to have been behind most of the piracy activity, authorities said. Since it was created in 2004, the LAPD's antipiracy squad has seized nearly $94 million worth of counterfeit goods and has arrested almost 500 people. According to the Los Angeles County Economic Development Corporation, the sale of counterfeit goods costs local businesses $5.2 billion in lost revenue each year, while workers lose $4.4 billion in wages annually as the result of the problem.


ICE Comes Calling for Businesses - to Help
Washington Post (12/22/10) P. B07 Labbe-DeBose, Theola

U.S. Immigration and Customs Enforcement (ICE) has begun partnering with businesses in an effort to keep illegal immigrants out of the country. Under ICE's IMAGE (ICE Mutual Agreement Between Government and Employers) program, federal agents educate employers on how to reduce their chances of hiring illegal workers. However, businesses that participate in the program have to allow ICE to audit their employee records and begin using an electronic database to verify records. More than 100 companies around the country are participating in the program, including Springfield, Va.-based Interstate Worldwide Relocation Services. The company's president, Bud Morrissette, said he decided to participate in the IMAGE program because it would give the company the chance to learn directly from federal officials on how to screen out job candidates that are ineligible to work in the U.S. ICE benefits from the program as well, since it allows the agency to stretch its resources to focus on companies that are the biggest violators of laws against hiring illegal immigrants, said John P. Torres, the special agent in charge of ICE's Washington, D.C., field office.


Ship Underwriters Widen Somali Piracy Threat Zone
Reuters (Africa) (12/21/10) Saul, Jonathan

Lloyd's Market Association (LMA) has widened the zones at high risk of Somali pirate attacks as those gangs strike further away from the coastlines. Ship owners could see premium hikes as a result of the growing pirate threat near the Indian Ocean and the Gulf of Aden. Pirates have struck even as far south as Tanzania and Madagascar and as far east as the coast of India. LMA Senior Technical Executive Neil Roberts says, "These are long range vessels which can support operations much further off Somalia." Meanwhile, the Joint War Committee added the Gulf of Oman and a wider section of the Indian Ocean to its list of areas prone to war, strikes, terrorism, and related perils. Insurers are likely to charge higher rates as the number of hijackings increase and claims costs skyrocket. International naval forces have struggled to contain piracy in the Indian Ocean, and some are concerned that ship owners and workers will take matters into their own hands, which would further ramp up the violence. Many shipping firms already are hiring private armed guards for their vessels. For additional information about this story, please click here.


Music Websites Dispute Legality of Their Closing
New York Times (12/19/10) Sisario, Ben

The operators of some of the five Web sites that were shut down last month under the federal government's "Operation in Our Sites" say that they are not guilty of copyright infringement as the government claims. In an affidavit seeking a warrant to seize the sites' domains, an Immigration and Customs Enforcement agent said that the sites--rapgodfathers.com, torrent-finder.com, rmx4u.com, dajaz1.com, and onsmash.com--were used to commit or facilitate copyright infringement. The affidavit also noted that both the Motion Picture Association of America and the Recording Industry Association of America confirmed that the songs and films that were contained on the sites were not released with the authorization of their copyright holders. However, the operator of dajaz1.com said that the songs that were on his site had been sent to him for promotional purposes by record labels and artists. The operator offered several e-mails from record label employees and third-party marketers to support his claim. Meanwhile, the investigation into the 82 domain names that were targeted during Operation in Our Sites for allegedly engaging in copyright infringement and selling counterfeit goods is continuing. The operation has been criticized by Peter Eckersley of the Electronic Frontier Foundation, who said that he found it "troubling" that a site that the government feels has too much infringing material on it could just disappear without any warning.


Mitigating the Prospect of and Appropriately Responding to Workplace Violence
Mondaq Business Briefing (12/08/2010) Carey, Raymond J.

Workplace violence policies should, at the minimum, express zero tolerance for violence of any kind; explain what constitutes and the repercussions of prohibited behavior; state that employees are required to report actual, threatened, or perceived episodes of prohibited behavior without fear of retribution of any kind; and provide a system for reported real, threatened, or perceived episodes. The zero-tolerance policy should be disseminated to all impacted employees and acknowledged in writing by workers. All reports of prohibited behavior should be timely and thoroughly investigated with appropriate corrective and other action taken based on the findings of the investigation. Local law enforcement or appropriate authorities may also need to be notified of the outcome of the investigation depending on the circumstances. A company's policies, practices, and procedures related to workplace violence should periodically be reviewed and updated as necessary to ensure ongoing effectiveness. These also should be reissued periodically to underline expectations about health employee behavior in the workplace. Employers should train all of their employees about policies relating to zero tolerance for workplace violence, reporting procedures, and resources. Additionally, employers should emphasize: Each element of the policy governing zero tolerance for workplace violence; behaviors that are considered prohibited workplace violence; potential precursors to workplace violence; and each employee's responsibility to report situations of real or perceived workplace violence.




Congress Bars Gitmo Transfers
Wall Street Journal (12/23/10) Landers, Peter

The fiscal year 2011 defense authorization bill that was passed by Congress on Wednesday will effectively prevent terrorist detainees at Guantanamo Bay from being tried in civilian courts. Under the measure, the Pentagon would be prohibited from using funds to bring Guantanamo detainees to the U.S. for any reason. In addition, the Department of Defense would be forbidden from spending money on a facility in the U.S. that would be used to replace the Guantanamo prison, including the Illinois facility that the Obama administration was considering using for that purpose. Supporters of the provisions say that Guantanamo Bay is the safest place to detain terror suspects, and that detainees should be tried in military tribunals rather than civilian courts. President Obama, however, has said that he remains committed to closing Guantanamo Bay. Meanwhile, the Obama administration is working on a framework that would allow terrorist suspects to be held indefinitely. Such a framework would allow terrorist detainees to challenge their detentions but would prevent the release of those who remain dangerous, President Obama said.


Christmas Bomb Plotters Were Radicalised in Jail
Telegraph.co.uk (12/22/10) Gardham, Duncan; Hutchison, Peter; Bingham, John; et al.

Three of the 12 men who were arrested in the U.K. earlier this week on suspicion of being involved in a terrorism plot were radicalized in jail, one source says. According to a neighbor of the three men who were arrested in the Welsh capital of Cardiff, the trio began "expressing extreme views" after they served time in prison for theft and drug offences. The neighbor added that the men were likely radicalized by an extremist preacher in the prison. The three men arrested in Cardiff, along with the nine others who were arrested in London, Stoke-on-Trent, and Birmingham on Monday, are believed to have ties to the banned extremist group al-Muhajiroun and its affiliate Islam4UK. The 12 are also believed to be linked to the radical Muslim cleric Anwar al-Awlaki, who is currently in hiding in Yemen. Authorities believe the group was planning a major attack on banks, shops, and landmarks in London. The men are still being questioned by counterterrorism officers in the U.K.


Auditors Question TSA's Use of Spending on Technology
Washington Post (12/21/10) Hedgpeth, Dana

The Government Accountability Office (GAO) says that the Transportation Security Administration (TSA) and the Department of Homeland Security have failed to properly test and evaluate airport security technologies before spending money on them. One such technology was the puffer machines that the TSA deployed to respond to the threat posed by a suicide bomber in the wake of the incidents on Russian airliners in 2004. The machines, which are designed to detect explosive particles by firing blasts of air at passengers, were deployed at a cost of roughly $30 million. However, the machines were installed at airports before they were fully tested, the GAO said. In addition, the GAO noted that the machines were deployed despite the fact that tests showed that they were not reliable in airports. The puffer machines were eventually mothballed when the TSA determined that they were unreliable and expensive to operate. Such episodes have prompted lawmakers and national security experts to question whether the government is too eager to use technology to address security issues and whether TSA is too quick to pay for technologies that are unproven. TSA Administrator John Pistole defended his agency, saying that they money the TSA has spent on technology has been a wise investment but that developing security technologies is risky.


Latest Terror Threat in US Aimed to Poison Food
CBS News (12/20/10) Keteyian, Armen

According to a report by CBS News, the latest terror threat to the U.S. involves the use of the poisons ricin and cyanide to simultaneously target hotels and restaurants at many locations over the course of one weekend. Sources have said the threat is "credible," and the Department of Homeland Security, Department of Agriculture, and the Food and Drug Administration have briefed corporate security officers from the hotel and restaurant industries on the matter. According to authorities, individuals with ties to al-Qaida in the Arabian Peninsula were planning to slip ricin and cyanide into salad bars and buffets earlier this year. Manuals and videos on jihadist Web sites associated with the group explain how to easy it is to make both ricin and cyanide. "Initially it would look very much like food poisoning," said Dr. Susan Ford, a professor of pharmaceutical sciences at St. John's University. She pointed out that a fatal dosage of sodium cyanide--250 mg--could easily be slipped into cups. In light of the threat, former Homeland Security Secretary Michael Chertoff said it is important to make sure public health authorities are aware that what initially appears to be an outbreak of food poisoning could be a terrorist attack.


Monitoring America
Washington Post (12/20/10) Priest, Dana; Arkin, William M.

In an effort to prevent terrorist attacks on the homeland, the U.S. is working to build a massive domestic intelligence apparatus made up of more than 4,000 federal, state, and local agencies to collect information about some Americans. Among the local agencies participating in this intelligence gathering effort is the Memphis Police Department, which uses many of the same types of techniques and technologies that are used in Afghanistan to collect information and identify potential terrorists. Since 2003, Memphis has received $11 million in homeland security grants, though much of these funds have been used to fight crime. Fingerprints collected by the Memphis Police Department are also sent to the FBI's data campus in Clarksburg, W.Va., where they are stored along with the fingerprints of prisoners being held in Saudi Arabia, Yemen, Iraq, and Afghanistan. Meanwhile, the FBI is building a database known as Guardian that it hopes will someday contain files sent by police departments across the country. The data already includes information about people who have not committed any crimes but have behaved in such a way that there are suspicions that they may be involved in terrorism. The database includes personal information such as the person's employment history and is accessible to local law enforcement agencies and military criminal investigators. The database has been criticized by the American Civil Liberties Union, which fears that the information could be abused. However, the FBI says that anyone who has access to the database has received training in privacy regulations and understands the penalties for breaking those regulations.




Botnet Holiday Spam Levels Drop for Christmas
eWeek (12/21/10) Prince, Brian

According to security solutions providers, the amount of holiday-related spam has dropped significantly for 2010. Though the end of the year has usually been a time for a spike in Christmas holiday spam, it now accounts for less than 1 percent of all the spam circulating on the Internet, according to M86 Security Labs. The major botnets that are operating are currently spamming their affiliate networks in the usual manner, mostly touting pharmaceuticals and replicas, says M86 analyst Phil Hay. "With the demise of Bredolab, the amount of spam and malware has drastically reduced, and what is left is not Christmas themed," Hay says. McAfee Labs' Sam Masiello says that while traditional e-greeting scams continue to make rounds, botnet traffic appears to have plummeted during the past five to six weeks. What little holiday spam McAfee has spotted lately has mostly disseminated from the Cutwail and Rustock botnets, which are the two highest spam-generating botnets on the Internet today, Masiello says.


SQL Injection Blamed for New Breach
BankInfoSecurity.com (12/20/10) Kitten, Tracy

Hackers were recently able to access the cardholder information for 110,000 credit cards by launching an SQL injection attack against the Web server of the New York tourism company City Sights NY. The breach was discovered in October, when a programmer noticed that an unauthorized script had been loaded onto the server, which was storing the cardholder information. Such attacks are a common way for hackers to obtain credit card data. Verizon Business' 2010 Payment Card Industry Compliance Report found that 24 percent of payment-card breaches were the result of SQL injection attacks, making the technique the second most commonly used method for obtaining card information, after malware. Experts say a number of things need to be done to prevent breaches such as the one that took place at City Sights NY. For example, merchants need to invest in a Web application firewall, which is perhaps the best way to prevent an SQL injection attack from succeeding, says 451 Group research director Josh Corman. Despite their effectiveness, Web application firewalls are not required under the PCI Data Security Standard, Corman notes.


DARPA Goal for Cybersecurity: Change the Game
DVIDS (12/20/10) Pellerin, Cheryl

The U.S. Defense Advanced Research Projects Agency (DARPA) has developed programs that deal with cybersecurity threats by surprising the attackers. The agency created the Clean-slate Design of Resilient, Adaptive, Secure Hosts (CRASH) and Programming Computation on Encrypted Data (PROCEED) programs to enhance the agency's cybersecurity research, says DARPA's Kaigham Gabriel. CRASH aims to develop new computer systems that resist cyberattacks the same way organisms fight bacteria and viruses. Gabriel says the researchers are developing computer hardware that give systems a kind of genetic diversity that would make them more resistant to cyberinfections by learning from attacks and repairing themselves. He notes that over the last two decades, the lines of code in security software has increased from approximately 10,000 to about 10 million lines, but the number of lines of code in malware has remained constant at about 125 lines. This analysis and others "led us to understand that many of the things we're doing are useful, but they're not convergent with the problem," Gabriel says. The PROCEED program is working to improve the efficiency of working on encrypted data that has not been decrypted. "If we were able to do relevant sorts of operations without ever having to decrypt, that would be a tremendous gain because ... whenever you decrypt into the open, you create vulnerability," he says.


Password Diversity Urged in Wake of Gawker Attack
Dark Reading (12/17/10) Chickowski, Ericka

As more information is revealed about the breach at Gawker.com that compromised 1.5 million accounts, authentication experts say the incident is a stern warning for Gawker users and everyone else to practice strong password management across Internet accounts. According to IT experts, some of the largest risks posed by this recent attack are not from sensitive information being accessed from Gawker data stores, but instead from repeated attacks somewhere else using the same username and password combinations in other sensitive areas. The ubiquity of social networks and Web 2.0 sites with protected content and comment boards makes usernames and passwords problematic. Many users recycle passwords, but this practice can exacerbate situations in which a single credential is discovered by nefarious users. Most hackers understand how frequent password reuse is and will often take lists of credentials they have stolen from breaches, such as those at Gawker, and cross-reference them against banking and financial Web site login screens.


NASA Ahead of the Curve in Real-Time IT Security
Government Computer News (12/17/10) Rowinski, Dan

NASA is making strides in monitoring and securing its sensitive information databases, with a NextGov report saying NASA is ahead of schedule on its requirement from Congress and the White House to strengthen its cybersecurity and institute reporting platforms to be able to more readily comply with the Federal Information Security Management Act. "Luckily, with features like the IT security dashboard providing quick and topical information for everyone from upper management to system administrators, we got a lot of support driving these initiatives," says NASA's Marion Meissner. The security system consists of dashboards that continually monitor network systems and dispense the automated reports that are sent to CyberScope, FISMA's inbox for IT security reports. NASA is one of the first federal agencies to permit real-time monitoring and report generation on risk management. "While our specific products and implementations may be unique to NASA, the same basic principles are used by other agencies such as the State Department," Meissner notes. The inclusion of data from NASA's mobile labor force will be the next integration challenge for the dashboard security system.


Abstracts Copyright © 2010 Information, Inc. Bethesda, MD


  ASIS also offers a daily and a non-sponsored, special-content Professional Edition of
Security Newsbriefs. Please click to see a sample or to contact us for more information.

Unsubscribe | Change E-mail | Advertising Opportunities | Security Management Online | ASIS Online

No comments:

Post a Comment