Search This Blog

Friday, January 21, 2011

Security Management Weekly - January 21, 2011

header

  Learn more! ->   sm professional  

January 21, 2011
 
 
Corporate Security
Sponsored By:
  1. "South Korea Kills 8 Pirates, Rescues Hijacked Crew" Arabian Sea
  2. "Ex-City Supervisor Jailed in Theft Case" Honolulu
  3. "Zambian Miners Riot Over Labor Dispute"
  4. "Pirate Attacks Rise Again"
  5. "WikiLeaks Promises to Reveal Swiss Banking Secrets"

Homeland Security
  1. "U.S. to Press Ahead on Guantanamo Trials"
  2. "Crackdown on Illegal Workers Grows"
  3. "Lawyers for Former Guantanamo Inmates Cite WikiLeaks Cables in French Terrorism Trial"
  4. "NYPD Still on Guard Against Terrorism, Commissioner Says "
  5. "Obama Administration Scraps 'Virtual Border'"

Cyber Security
  1. "Researchers Turn USB Cable Into Attack Tool"
  2. "Facebook 'Should Mimic Apple App Security Restrictions'"
  3. "Two Arrested in iPad Security Breach"
  4. "Report: Breaches in the Cloud Illustrate Need for Stronger Authentication"
  5. "Administration Says It Will Give Industry and Academia Heads Up on Cyberattacks"

   

 
 
 

 


South Korea Kills 8 Pirates, Rescues Hijacked Crew
Associated Press (01/21/11)

The South Korean military on Friday launched a raid to free a freighter that had been hijacked by Somali pirates. During the raid, which took place in the Arabian Sea, South Korean special naval forces pulled up alongside the chemical carrier Samho Jewelry in a small boat while a South Korean destroyer and a helicopter provided cover. The naval forces then stormed the Samho Jewelry, a South Korean-owned vessel that was hijacked while sailing from the United Arab Emirates to Sri Lanka a week ago. The raid resulted in the deaths of eight Somali pirates, though 20 of the 21 crewmembers who were being held captive were released unharmed. The other crewmember was shot by a pirate and taken to a nearby country for treatment. Raids such as the one launched by the South Korean military are rare because navies often do not want to do anything that would put hostages in danger. Rescues of hostages on board ships that have been hijacked are normally only attempted when the hostages are locked in a safe room with two-way communications.


Ex-City Supervisor Jailed in Theft Case
Honolulu Advertiser (HI) (01/19/11) Daranciang, Nelson

A judge in Hawaii has sentenced former Honolulu street sweeper supervisor Manuel Castro to a one-year prison sentence for bribery, second-degree theft, and tampering with government records. The charges were filed after an employee reported that Castro took kickbacks from city workers to determine who got overtime. The judge imposed the sentence as a conviction of a five-year probation, ordered Castro to pay a $25,000 fine, perform 250 hours of community service, write a letter of apology to the city, and repay the $19,505 prosecutors say he made in overtime that he did not work. Castro denied any involvement in theft, bribery, or tampering, but later confessed to police that he was trying to boost his retirement earnings. Four other individuals have pleaded guilty or no contest in connection with the case.


Zambian Miners Riot Over Labor Dispute
Wall Street Journal (01/19/11) Bariyo, Nicholas

At least 12 people were arrested in a riot in the African nation of Zambia on Monday. Those who took part in the riot were miners who worked for the Chinese mining company NFCA mining, who were upset that the company decided to sign a mining contract with a contractor without notifying union leaders first. Hundred of rioters used logs and stones to block the road between the city of Kitwe and the city of Chingola in Zambia's Copperbelt Province. Police were subsequently called in and dispersed the crowd with tear gas. Authorities said that order was restored to NFCA's mining units after police were called in, though heavily-armed policemen were still deployed in the area on Wednesday. This is not the first time a Chinese mining company has been at the center of violence in Zambia. Last October, at least 13 miners were shot by Chinese supervisors at the Collumn coal mine in Zambia's Sinazongwe district.


Pirate Attacks Rise Again
National Underwriter (Property & Casualty - Risk & Benefits Management Edition) (01/18/11) Hemenway, Chad

The International Maritime Bureau (IMB) indicated that for the fourth consecutive year the number of pirate attacks against ships has increased, and 92 percent of all ship seizures were off the coast of Somalia. As of Dec. 31, 2010, more than 630 hostages were being held for ransom, and ransoms paid to Somali pirates rose to $5.4 million on average in 2010 from $150,000 on average in 2005. The American insurance market does not write a significant level of "blue water hull" or coverage for ocean-going vessels that would include ransom payments, says American Institute of Marine Underwriters President James M. Craig. Most of the hull coverage is written by the London, Norwegian, and Japanese markets. However, U.S. firms do write coverage for cargo on seized ships. One Earth Future estimates that the total cost of piracy in 2010 reached between $7 billion and $12 billion, with insurance premiums accounting for between $460 million and $3.2 billion of the cost. IMB reports that Somali pirates are more adventurous, reaching as far south as the Mozambique Channel.


WikiLeaks Promises to Reveal Swiss Banking Secrets
CNN.com (01/17/11)

The Swiss banker and whistleblower Rudolf Elmer gave two discs containing secret Swiss banking records to WikiLeaks founder Julian Assange on Monday. The discs contain the records of roughly 2,000 clients, though Elmer said that he could not determine how many individuals were involved because of the manner in which trusts and corporations are set up. Elmer, who is scheduled to go on trial on Wednesday on charges of violating Switzerland's banking secrecy regulations, said that he gave the discs to Assange because he wanted to expose the secretive nature of Swiss banks. Elmer noted that he has been involved in a battle with Swiss banks over secrecy for quite some time now. The information contained on the discs will be released after it is processed by WikiLeaks, which could take as little as several weeks.




U.S. to Press Ahead on Guantanamo Trials
Wall Street Journal (01/21/11) Perez, Evan

Military tribunals are set to resume at Guantanamo Bay, Cuba, despite the fact that President Obama has said that he still wants to close the facility. U.S. officials said Thursday that Defense Secretary Robert Gates would soon approve the start of a military trial against Abd al-Rahim Nashiri, who is accused of being involved in the attack on the U.S.S. Cole in 2000 as well as three other bombings. The government originally announced its intention to try Nashiri and four others before a military tribunal at the same time it announced that Khalid Sheikh Mohammed and his alleged co-conspirators in the September 11, 2001 terrorist attacks would be tried in civilian trials in New York City. However, concerns about security and other issues stopped plans to try Mohammed and his co-defendants in civilian court. The Obama administration was hoping that the progress of existing cases would result in increased support for its policy of holding civilian and military trials for accused terrorists. But the Obama administration experienced a major setback in its plans to hold civilian trials for terrorist detainees when a New York jury rejected all but one of the 285 counts against a man accused of being involved in the 1998 bombings of two U.S. embassies in Africa last November. Meanwhile, roughly 173 terrorist detainees are still in U.S. custody at Guantanamo Bay. Some of these detainees will be put on trial, while others will be sent to third countries or detained indefinitely without ever being tried.


Crackdown on Illegal Workers Grows
Wall Street Journal (01/20/11) Jordan, Miriam

The Obama administration is planning to step up its efforts to crackdown on employers who hire illegal immigrants. As part of that effort, the administration on Thursday will announce the creation of the Employment Compliance Inspection Center, which will examine I-9 employee files from companies that have been audited. According to Immigration and Customs Enforcement chief John Morton, the center would provide support to regional immigration offices that conduct large audits, thereby allowing it to audit large employers with a very large number of workers. Audits of employers have been one of the tools used by the Obama administration to enforce its immigration policy. ICE conducted audits of more than 2,740 companies during the 2010 fiscal year, which was nearly twice as many audits as were conducted in the 2009 fiscal year. Such audits result in the firing of any illegal immigrant that is found to be working at a company. In addition, ICE levied $7 million fines on companies that were found to be employing illegal workers. Meanwhile, ICE is planning to expand a voluntary program called IMAGE (ICE Mutual Agreement Between Government and Employers), which provides companies with training and assessments to help them ensure that they are not hiring illegal workers. Only 115 companies have signed up to participate in the program since its inception in 2006. Many companies have been hesitant to give the government access to their records and to invest in training and new systems to improve their ability to verify the legality of potential employees.


Lawyers for Former Guantanamo Inmates Cite WikiLeaks Cables in French Terrorism Trial
Canadian Press (Canada) (01/20/11) Souchard, Pierre-Antoine

At least three diplomatic cables that had been released by WikiLeaks were presented as evidence by the attorneys for five former Guantanamo Bay inmates during their trial in France on Thursday. The attorneys said that the documents showed that French investigators discussed the cases of the former inmates with American authorities--something that the lawyers said was inappropriate. In one diplomatic cable, French investigators told U.S. officials that the cases against two of the former inmates would be more difficult than the cases of other former French inmates of Guantanamo Bay. The defense argued that the documents were proof that the former inmates should be acquitted. Prosecutors disagreed, saying that the defendants should be sentenced to one year in prison each.


NYPD Still on Guard Against Terrorism, Commissioner Says
Los Angeles Times (01/19/11) Baum, Geraldine

Speaking at a fund raising event on Tuesday, New York City Police Commissioner Raymond Kelly said that his department is constantly improving its counterterrorism strategies and has been able to thwart a dozen terrorist plots against the city since the September 11, 2001 terrorist attacks. However, Kelly said that he is concerned that the U.S. government is allowing potential terrorists to enter the country. According to Kelly, potential terrorists could take advantage of a number of security loopholes to get into the U.S., including a visa waiver program that allows travelers from 36 mostly European countries to enter the U.S. without having to appear at an American embassy or consulate first. In addition, Kelly noted that U.S. borders are still insecure in a number of areas, and that the government is so overwhelmed with political asylum requests that it allows potential terrorists to enter the country. Kelly also addressed complaints by Rep. Peter King (R-N.Y.) that the Muslim community is not cooperating with police. Kelly noted that the NYPD has engaged in a great deal of interaction with Muslim leaders, and that he has spoken at mosques on a regular basis.


Obama Administration Scraps 'Virtual Border'
InformationWeek (01/15/11) Hoover, J. Nicholas

The Department of Homeland Security announced Jan. 14 that it will end SBInet, the $1 billion virtual fence that aimed to secure the U.S.-Mexico border. The decision to end the project comes after a review last year that found that SBInet would not have been able to meet its original goals. In addition, the review found that the uniform approach to border security that was being used by the project would not be effective along the entire Southwestern border. Instead, DHS plans to use a tailored approach to border security that would vary in different areas, depending on the terrain and the population density. The new plan will involve the use of technologies such as unmanned aerial vehicles, mobile surveillance, and thermal imaging. The decision to end SBInet has been praised by Rep. Bennie Thompson (D-Miss.), the ranking member of the House Homeland Security Committee, who said that the project has been a "grave and expensive disappointment" since it began.




Researchers Turn USB Cable Into Attack Tool
CNet (01/19/11) Mills, Elinor

George Mason University researchers will demonstrate a computer device attack using a USB cable at the Black Hat DC conference. Professor Angelos Stavrou and student Zhaohui Wang have written software that changes the functionality of the USB driver, enabling keyboard and mouse functionality to be added to the connection. The exploit of the USB protocol, which can be used to connect any device to a computing platform without authentication, allows the attacker to start typing commands, click the mouse to steal files, and download malware. Although Macintosh and Windows machines will produce a pop-up message saying a new human interface device has been detected, there is no easily recognizable way to stop the process. Stavrou describes the compromise as viral. "Say your computer at home is compromised and you compromise your Android phone by connecting them," he says. "Then, whenever you connect the smartphone to another laptop or computing device I can take over that computer also, and then compromise other computers off that Android." The original compromise can result from downloading the exploit from the Web or running a compromised app, and antivirus software would not be able to determine whether the exploit's activities are controlled or sanctioned by the user.


Facebook 'Should Mimic Apple App Security Restrictions'
BBC News (01/19/11)

Facebook should protect its users with tighter security measures, according to experts at security company Sophos. The site's 650 million users may be endangered by an increase in unmonitored Facebook applications, they said. In dealing with applications, Facebook may want to imitate Apple's App Store, which vets all downloadable programs. Facebook contests Sophos' conclusion, however, saying that its data shows the opposite, and that it already has "extensive" user protection. "We have a dedicated team that does robust review of all third party applications, using a risk based approach," Facebook said. "That means that we first look at velocity, number of users, types of data shared, and prioritize. This ensures that the team is focused on addressing the biggest risks, rather than just doing a cursory review at the time that an app is first launched." Sophos recently issued its 2011 Threat Report, outlining major online dangers that may be expected this year. The report points out that Facebook is currently a target for criminals and scammers, largely because of its size and popularity, but also because anyone can build applications and other programs. This leaves inexperienced users open to attacks from hackers attempting to steal private information.


Two Arrested in iPad Security Breach
Wall Street Journal (01/19/11) Bray, Chad

Two men were arrested on Tuesday and charged with being involved in a security breach involving AT&T and Apple iPad users last year. According to prosecutors, Andrew Auernheimer and Daniel Spitler created a computer script that was called the "iPad 3G Account Slurper" and used it to attack AT&T's servers over a period of several days last June. Auernheimer and Spitler designed the script to imitate the behavior of an iPad 3G so that it would trick AT&T's servers into thinking that they were communicating with an actual iPad. In addition, the script was designed to randomly guess the unique identifier for each iPad, which resulted in the iPad's e-mail address being displayed on AT&T's Web site. The attack allegedly allowed Auernheimer and Spitler to obtain the e-mail addresses and personal information of roughly 120,000 iPad users. However, there is no evidence that the information was used for illegal purposes. Prosecutors alleged that Auernheimer and Spitler carried out the attack to damage AT&T and to promote themselves and the hacker group that they were members of.


Report: Breaches in the Cloud Illustrate Need for Stronger Authentication
CSO Online (01/18/11) Violino, Bob

Fifty-four percent of 306 surveyed companies reported a data breach in the last 12 months, according to a new study from Forrester Research. Password concerns are the leading priority in the enterprise, according to the study. Forrester says that policies on password creation, expiration, and lockout that are adopted to enhance security have become a major impediment to users, affecting their ability to get their work done. They also result in help desk costs due to forgotten passwords. The Forrester study recommends that organizations promote strong authentication throughout the enterprise, not just for certain enterprises. Transitioning the entire infrastructure to robust authentication requires time and resources dedicated to assessment, analysis, and testing to determine if systems have the capability to be integrated, says Mercantil Commercebank's Mauricio Angee.


Administration Says It Will Give Industry and Academia Heads Up on Cyberattacks
NextGov.com (01/18/11) Sternstein, Aliya

Universities and businesses will be supplied with government intelligence and law enforcement disclosures about malicious Internet activities by the Obama administration so that they can defend their critical assets, says White House cybersecurity coordinator Howard Schmidt. "I think we all recognize that the government has unique access to information," Schmidt says. "We need to continue to look for ways to share that information, but also give our universities and our businesses information to be able to protect themselves." Meanwhile, the forthcoming National Strategy for Trusted Identities in Cyberspace is designed to provide people with a way to confirm who they are engaging with when they conduct Web transactions. The Commerce Department will supervise the ID process, in conjunction with the private sector, while Schmidt says the policy will be fixed to the Federal Trade Commission's fair information practice precepts, which encourage firms to provide notice about the information they gather from consumers. Rep. Bob Goodlatte (R-Va.) emphasizes that any attempt to protect the country's networked infrastructures must involve public-private collaboration. He says that "we need solutions that contain incentives to encourage business to adopt best practices to security."


Abstracts Copyright © 2011 Information, Inc. Bethesda, MD


  ASIS also offers a daily and a non-sponsored, special-content Professional Edition of
Security Newsbriefs. Please click to see a sample or to contact us for more information.

Unsubscribe | Change E-mail | Advertising Opportunities | Security Management Online | ASIS Online

No comments: