Friday, July 29, 2011

Security Management Weekly - July 29, 2011

header

  Learn more! ->   sm professional  

July 29, 2011
 
 
Corporate Security
  1. "City Attorney Considers Filing Charges in Near Riot in Hollywood" Los Angeles
  2. "Infosys Employee Testifies on Alleged Visa Fraud"
  3. "NYC Bouquet Bandit Pleads Guilty to Bank Robberies"
  4. "Most Workplace Bullying Claims Fall Short" Australia
  5. "Texas Gunman Kills Wife, 4 of Her Relatives, Then Himself"

Homeland Security
  1. "Police Say Soldier Targeted Fort Hood"
  2. "St. Paul Police Chief Shares Strategy With House Panel Studying Somali Terrorism" Minnesota
  3. "Officials: Al-Qaeda Close to Collapse"
  4. "Gunman is Ordered Held, Warns of More Terror Cells" Oslo Attacks
  5. "Norway Mourns Its Dead as Harsh Rhetoric Spreads"

Cyber Security
  1. "Cloud Security Fears Exaggerated, Says Federal CIO"
  2. "Easing Burden to Comply With IRS Rules"
  3. "Sniffer Hijacks Secure Traffic From Unpatched iPhones"
  4. "Stuxnet Clones May Target Critical US Systems, DHS Warns"
  5. "U.S. Officials Tell Congress the Country Lags in Fortifying IT Security"

   

 
 
 

 


City Attorney Considers Filing Charges in Near Riot in Hollywood
Los Angeles Times (07/29/11) Gelt, Jessica; Blankstein, Andrew; Winton, Richard

Officials in Los Angeles are considering whether to move forward with criminal or civil actions against those who organized an impromptu concert outside of Grauman's Chinese Theatre on Wednesday. The theater was premiering a movie called "Electric Daisy Carnival Experience," which documents one of the country's biggest electronic music festivals. At about 2:30 Wednesday afternoon, a D.J. known as Kaskade sent out a message via Twitter that he was heading to Grauman's Chinese Theatre for a block party to celebrate the premier of the film. Kaskade had planned to arrive at the theater in a flatbed truck equipped with his equipment, play two songs, and head into the premier. The organizers of the event had been given a permit by the Fire Department. But within a matter of minutes, thousands of people had converged on the theater. One eyewitness said he saw roughly 1,000 kids run down the middle of the street with traffic coming at them. Police responded in riot gear, and Kaskade sent out another tweet asking people to leave. When all was said and done, three people had been arrested for allegedly vandalizing police cruisers. Kaskade later issued a statement and said that he did not mean to cause any trouble. The chief executive of the rave producer Insomniac Inc., which organizes the electronic music festival documented in the film, said it had nothing to do with Kaskade's planned block party.


Infosys Employee Testifies on Alleged Visa Fraud
Wall Street Journal (07/28/11) Bahree, Megha; Jordan, Miriam

Jay Palmer, an employee of India-based Infosys Technologies Ltd., has accused his company of visa fraud before a Senate Judiciary Subcommittee on Immigration, Refugees and Border Security. According to Palmer, Infosys has used illegal employees to staff projects for clients including Goldman Sachs, American Express, Wal-Mart, and Johnson Control. Palmer previously filed suit against the company in Circuit Court in Alabama for seeking his help to violate U.S. law. Infosys is cooperating with the subsequent investigation by U.S. authorities and denies the allegations. Paul N. Gottsegen, chief marketing officer for Infosys, said in a statement, “There is not, nor was there ever a strategy, scheme, or policy by the company to use the B-1 visa program to circumvent the H-1B visa program. The company did not have a practice of sending unskilled employees to the United States on B-1 visas to do the work expected of skilled individuals in the U.S. on H-1B visas.” Palmer disagrees, claiming he overheard a conversation during a March 2010 visit to Bangalore, India that indicated the company planned to increase the use of B1 visas in order to circumvent new restrictions on H-1B visas. Infosys then flooded the local consulate with visa applications in order to get as many approved as possible, regardless of the employee's skill level. Infosys then sent these unskilled workers to the United States, paying them much lower salaries but charging their U.S. clients for U.S.-standard salaries. The company also allegedly failed to pay taxes on payments to these workers.


NYC Bouquet Bandit Pleads Guilty to Bank Robberies
Associated Press (07/28/11)

A New York City man known as the Bouquet Bandit has pleaded guilty to robbing two banks while using bouquets of flowers to hide his intentions. The man, Edward Pemberton, plead guilty on July 27 in Manhattan state Supreme Court. Pemberton was arrested last year following the publication of security camera photos showing a man carrying flowers at a Manhattan bank. The neatly-bundled flowers had a hidden note that demanded $50 and $100 bills. Pemberton was able to get away with about $2,400 from both robberies. He is expected to be sentenced on Sept. 14.


Most Workplace Bullying Claims Fall Short
Sydney Morning Herald (Australia) (07/25/11) Wells, Rachel

The number of complaints of workplace bullying that Australia's WorkSafe Victoria has received in the past year has more than doubled to 6,000. But while the number of complaints has increased, no action was taken on the majority as most fell short of what constitutes workplace bullying under the law. WorkSafe's executive director of health and safety, Ian Forsyth, said the increase in complaints is likely related to the greater public awareness that has developed since the case of 19-year-old waitress Brodie Panlock, who killed herself after being bullied by four coworkers at her job. Of the 6,000 bullying complaints made in the past year to WorkSafe, only 10 percent were referred to the bullying response unit, with just 10 percent of those resulting in a workplace visit and evaluation by an inspector. However, many of the complaints were passed on to organizations such as Fair Work Australia and the Australian Human Rights Commission. The Occupational Health and Safety Act defines bullying as "repeated unreasonable behavior directed towards a worker or group of workers that creates a risk to health and safety." Experts say that if employees feel they are being bullied, they should report it to the appropriate person at their company before filing a complaint with a government agency.


Texas Gunman Kills Wife, 4 of Her Relatives, Then Himself
Seattle Times (07/24/11) Dickson, Gordon; Ramirez, Domingo

Six people were killed in a shooting at a roller-skating rink in Grand Prairie, Texas, on Saturday night. Authorities say Tan Do and his estranged wife Trini Do were hosting a birthday part for their 11-year-old son when Tan ordered the children to leave the rink's snack area. He then began shooting, hitting his estranged wife and four of her relatives. Bystanders in the roller-skating rink fled across the street to a bowling alley. Police surrounded the building with guns drawn in a matter of minutes, though Tan had turned the gun on himself. He was pronounced dead at a Dallas hospital. No children were killed in the shooting, which is believed to have been prompted by the Do's marital problems.




Police Say Soldier Targeted Fort Hood
Wall Street Journal (07/29/11) Eaton, Leslie

Authorities in Texas have uncovered another possible plot against soldiers at Fort Hood, which was the scene of a shooting rampage that resulted in the deaths of 13 people in 2009. Pfc. Naser Jason Abdo, a 21-year-old AWOL soldier who was facing a court martial at Fort Campbell, Ky., on charges of possessing child pornography, was arrested by police in Killeen, Texas, on Wednesday after a clerk at a gun store near Fort Hood became suspicious about a purchase he made. During that purchase, which took place at the same store that Maj. Nidal Hasan is believed to have bought the gun he allegedly used in the 2009 shooting, Abdo bought shotgun ammunition, gunpowder, and a magazine for a semi-automatic handgun. After being alerted by the clerk at Guns Galore, Abdo was arrested at a hotel in Killeen and was found to be in possession of gunpowder, firearms, and ammunition. Abdo later told investigators that he wanted to attack the military. Abdo has complained that he has faced discrimination in the military because he is a Muslim. Authorities do not believe that Abdo ever made his way into Fort Hood and that he may have been planning to attack soldiers at a bar or restaurant near the base.


St. Paul Police Chief Shares Strategy With House Panel Studying Somali Terrorism
St. Paul Pioneer Press (MN) (07/28/11) Gottfried, Mara H.

The House Homeland Security Committee held a hearing on Wednesday about the Somalis who live in Minnesota and have traveled back to their home countries to fight with the al-Qaida-linked group al-Shabaab. During the hearing, committee Chairman Rep. Peter King (R-N.Y.) said that more than 40 Americans have been recruited by the Somali militant group and have traveled back to the East African nation to take part in violent activities. At least 15 of these individuals have been killed. Also appearing at the hearing was former assistant U.S. Attorney William Anders Folk, who said that there is a chance that some of the individuals who have traveled to Somalia to fight with al-Shabaab could return to the U.S. However, local authorities in St. Paul, Minn., which is home to a large Somali-American community, are taking steps to ensure that al-Shabaab is not able to recruit new members in the U.S. in the first place. Speaking at Wednesday's hearing, St. Paul Police Chief Thomas Smith detailed the African Immigrant Muslim Community Outreach Program (AIMCOP), in which police officers spend time with Somali youths to help prevent them from being recruited by militants.


Officials: Al-Qaeda Close to Collapse
Washington Post (07/27/11) P. A1 Miller, Greg

Al-Qaida may be on the verge of collapse, thanks to the pressure from CIA drone strikes and the killing of Osama bin Laden in May, U.S. officials have said. Among the officials who believe that al-Qaida's demise may be near is Defense Secretary Leon Panetta, who said during a recent visit to Afghanistan that the U.S. is close to "strategically defeating" the terrorist organization. Senior officials at the CIA, the National Counterterrorism Center, and other government agencies hold similar views. According to one U.S. counterterrorism official, the term "strategic defeat" would likely mean that al-Qaida is largely incapable of mounting major attacks against the U.S. However, the official added that al-Qaida's ideology would remain a threat in the long-term, even if the group is defeated. Those who continue to adhere to that ideology could someday reconstitute al-Qaida if the organization was to be broken up, the official said. U.S. officials have also pointed out that the defeat of al-Qaida would not completely eliminate the threat from terrorism against the U.S., since attacks could still be carried out by radicalized individuals and al-Qaida affiliates like al-Qaida in the Arabian Peninsula (AQAP). In fact, AQAP is now seen as being a bigger threat than al-Qaida. The U.S. has responded by increasing the CIA's role in Yemen and working with the Saudi government to break up the group.


Gunman is Ordered Held, Warns of More Terror Cells
Wall Street Journal (07/26/11) Grundberg, Sven; Fuhrmans, Vanessa; Roldander, Niclas

The suspect in the July 22 Oslo attacks stepped back from his claims that he acted alone when he told a judge in a Norwegian court on Monday that he belonged to an organization with two other European terrorist cells. Norwegian police responded to the claims from 32-year-old Anders Behring Breivik by saying that they could not rule out the possibility that he was indeed part of a larger organization. Breivik's claims are being investigated by police. Meanwhile, the Norwegian Police Security Service has reported that Breivik has been on a list of Norwegian nationals who had made purchases from a Polish chemical store. However, no precautions were taken after Breivik was added to the watch list in March. Breivik was added to the watch list at about the same time that the Police Security Service issued a warning about increased activity among right-wing extremist groups and individuals, though it said that such groups and individuals did not pose a major threat to Norway. Norwegian officials, as well as officials in other European countries, have reassessed the threat from right-wing extremists in the days since the Oslo attacks. In the U.K., for example, the National Security Council agreed to scrutinize right-wing extremists more closely. Back in Norway, the death toll from the Oslo attacks has been revised downward from 93 to 76, though authorities said that the number of casualties could rise again as missing individuals are accounted for.


Norway Mourns Its Dead as Harsh Rhetoric Spreads
Wall Street Journal (07/25/11) Fuhrmans, Vanessa; Grundberg, Sven

Nearly 100 people were killed in twin attacks in Oslo, Norway, on July 22. The first attack involved the bombing of government offices in Oslo that killed at least seven people. Following the bombing, the confessed attacker, Anders Behring Breivik, made his way to an island north of Oslo where a summer camp for the youth wing of Norway's Labor Party is located. Dressed as a police officer and armed with a handgun and an automatic weapon, Breivik allegedly shot at people on the island for more than an hour, killing at least 86. Many of the victims were teenagers who were unable to escape the island, which lacks any bridges to the mainland. Breivik allegedly hunted down his victims in the woods of the island, and tricked some into coming out of hiding by telling them that he was a police officer. Breivik surrendered after a SWAT team arrived on the island. Authorities believe that the Labor Party was the target of the attacks. Breivik is thought to have been motivated to attack the Labor Party because he is opposed to the party's pro-immigration and pro-multiculturalism policies. Officials learned of Breivik's views from reading a manifesto he wrote entitled "Islamization of Western Europe."




Cloud Security Fears Exaggerated, Says Federal CIO
Computerworld (07/28/11) Thibodeau, Patrick

Several federal chief information officers spoke at a forum on the government's use of cloud computing technologies at the U.S. Capitol on July 27. Among those who appeared at the forum was federal CIO Vivek Kundra, who said that concerns about the security of cloud computing technologies have been exaggerated in order to discourage the adoption of the technologies. Kundra, who has made the adoption of cloud computing a priority for federal agencies, added that the security concerns have been blown out of proportion in order to preserve the status quo. In addition, Kundra discussed the government's tendency to treat all of its IT systems like they are national security systems. Kundra gave the example of the federal Recovery.gov Web site, which is being hosted on Amazon's EC2 cloud and contains public data, which means that it does not need to be treated the same way that a CIA or National Security Agency system does. Also appearing at the forum was Federal Emergency Management Agency CIO Richard Spires, who said that his department's use of public cloud providers is expected to grow in the future. He also noted that public cloud vendors could handle more sensitive government information in the future, particularly after a planned security certification system for public cloud vendors has been completed.


Easing Burden to Comply With IRS Rules
GovInfoSecurity.com (07/28/11) Chabrow, Eric

The IRS requires that government agencies at all levels, as well as any organization that receives tax information from the IRS, provide documentation that details how they safeguard the taxpayer data they receive. Agencies in Oregon that were required to comply with the mandate initially responded by developing their own plans for how they would satisfy the IRS rules. But under the guidance of Oregon CISO Theresa Masse, the affected agencies began working together to develop an approach that each agency could use. Representatives from various state agencies formed committees and subcommittees to develop procedures that they could all use to comply with the IRS rules. Masse says the agencies decided to adopt this approach because they believed that it would be more cost effective and efficient than going it alone. She says the collaborative approach to meeting the IRS rules was revolutionary for state agencies. "They're very protective of IRS and [tax information] data, but they could see the benefits of working together," Masse says.


Sniffer Hijacks Secure Traffic From Unpatched iPhones
Computerworld (07/27/11) Keizer, Gregg

Apple has released a patch for a vulnerability that exists in the parsing of Secure Sockets Layer (SSL) certificates on its iOS operating system. The release of the patch means that attackers will no longer be able to intercept and decrypt SSL traffic when users of the iPhone 4, iPhone 3GS, and the third- and fourth-generation iPod touch visit secure sites using a public Wi-Fi hotspot. However, those who use the original iPhone, the iPhone 3G, and the first- and second-generation iPod Touch are still vulnerable to this attack because Apple no longer supports these devices with security and iOS updates. As a result, these devices should not be used for any purpose that requires security or privacy, says Sophos security researcher Chet Wisniewski. Those who use the newer iOS devices should only make phone calls with their devices until they download the patch from Apple, Wisniewski notes.


Stuxnet Clones May Target Critical US Systems, DHS Warns
The Register (UK) (07/27/11) Goodin, Dan

Department of Homeland Security officials who testified at a congressional hearing on July 26 warned about the threat from cyberattacks involving clones of the Stuxnet computer worm. According to the officials, attackers could use technical details and code samples from Stuxnet to develop clones of the worm that could be used to attack power plants, water treatment facilities, and other forms of infrastructure. Stuxnet is a self-replicating piece of malware that spreads virally through supervisory control and data acquisition (SCADA) systems that are used to control valves, gears, and other equipment used at industrial plants and factories. The worm exploits vulnerabilities in Microsoft Windows and Siemens software. Although it was used to disrupt Iran's nuclear weapons program, officials believe that security vulnerabilities in SCADA software that was made in China and used in the U.S. could leave the users of these systems open to Stuxnet-style cyberattacks.


U.S. Officials Tell Congress the Country Lags in Fortifying IT Security
eWeek (07/26/11) Rashid, Fahmida Y.

Several government officials recently testified before the U.S. House Energy and Commerce Subcommittee on Oversight about the nation's efforts to strengthen IT security. The Government Accountability Office's Gregory Wilshusen noted that the U.S. has been lagging on the implementation of necessary security measures, including the recommendations from President Obama's cyberspace policy review. Just two of the 24 recommendations from that review have been put in place. Wilshusen attributed the slow progress to the fact that federal cybersecurity officials do not have clearly defined roles and responsibilities, as well as the need for the Department of Homeland Security to improve its analysis and warning capabilities to respond to threats. Meanwhile, the National Cybersecurity and Communications Integration Center's Sean McGurk noted that there are about 300 U.S. companies using systems from Siemens that could be attacked with the Stuxnet worm. It remains unclear whether these companies had implemented the recommended security measures to guard against this threat, McGurk said. Bobbie Stempfley with the DHS' Office of Cyber Security and Communications said that DHS is concerned that attackers could use publicly available information to target industrial control systems with variants of the Stuxnet worm.


Abstracts Copyright © 2011 Information, Inc. Bethesda, MD


  ASIS also offers a daily and a non-sponsored, special-content Professional Edition of
Security Newsbriefs. Please click to see a sample or to contact us for more information.

Unsubscribe | Change E-mail | Advertising Opportunities | Security Management Online | ASIS Online

No comments:

Post a Comment