Search This Blog

Friday, September 30, 2011

Security Management Weekly - September 30, 2011

header

  Learn more! ->   sm professional  

September 30, 2011
 
 
Corporate Security
  1. "China Pullout Deals Blow to Pakistan"
  2. "In China, Business Travelers Take Extreme Precautions To Avoid Cyber-Espionage"
  3. "Attackers Eye Nuclear Plants"
  4. "Integrating Security at the New World Trade Center Site"
  5. "Pre-Employment Background Screening: More to It Than Meets the Eye"

Homeland Security
Sponsored By:
  1. "Prominent US-Born al-Qaida Cleric Killed in Yemen"
  2. "Mass. Man, 26, Charged in Plot to Use Remote Control Planes to Blow Up Federal Buildings"
  3. "A Hijacker, a Longtime Fugitive, a Prisoner" Capture of Suspect in 1972 Delta Air Lines Hijacking
  4. "Even Those Cleared of Crimes Can Stay on F.B.I.'s Watch List" Terrorist Watch List
  5. "Gunman Kills American at Kabul CIA Office"

Cyber Security
  1. "Authenticity of Web Pages Under Attack By Hackers"
  2. "Mac OS X Lion: Losing Its Security Pride"
  3. "Homeland Security Revamps Cyber Arm"
  4. "MySQL.com Hacked to Serve Malware"
  5. "Pentagon Extends Program to Defend Corporate Networks as Cyberattacks Get More Sophisticated"

   

 
 
 

 


China Pullout Deals Blow to Pakistan
Wall Street Journal (09/30/11) Wright, Tom; Page, Jeremy

The Chinese coal mining company China Kingho Group has announced that it has pulled out of a $19 billion deal to build a coal mine and power and chemical plants in Pakistan's Sindh province over the next two decades. The company said it made the decision because of concerns about the security of its personnel in Pakistan. There have been several bombings in major Pakistani cities as of late, and a number of Chinese workers have been killed in Pakistan over the past 10 years by militants opposed to Beijing's investments in the country. Although China remains concerned about Pakistan's ability to provide security for its investments, some deals between the two countries are still moving forward. For example, Pakistan recently signed a preliminary agreement with the Chinese mining company Global Mining Co. to invest $3 billion in a mine and power plant project in the same area that China Kingho Group was to have built its projects. Meanwhile, China Kingho Group's decision to pull out of the project is having homeland security implications. Pakistan had been trying to develop stronger ties with China in order have an alternative to the U.S. as its primary ally, though China's response has been less than enthusiastic. As a result, Pakistan is likely to remain dependent on U.S. military and civilian aid for the foreseeable future.


In China, Business Travelers Take Extreme Precautions To Avoid Cyber-Espionage
Washington Post (09/27/11) P. A1 Nakashima, Ellen; Wan, William

Security experts are warning that travelers should avoid bringing electronic devices carrying important company contacts and confidential information with them to China if at all possible. This warning stems from the pervasive electronic surveillance and cyber-espionage undertaken by the Chinese government and other regional sources. Although experts have posted similar warnings about other countries, China stands out because much of its focus is on using cyber-espionage that is aimed at improving the country's economy by stealing information from travelers, among other sources. “I’ve been told that if you use an iPhone or BlackBerry, everything on it — contacts, calendar, e-mails — can be downloaded in a second. All it takes is someone sitting near you on a subway waiting for you to turn it on, and they’ve got it,” said Kenneth Lieberthal, a former senior White House official for Asia who is at the Brookings Institution. In order to prevent such attacks, some corporate travelers bring disposable cell phones or temporary laptops that have been stripped of all classified data. Others do not take any electronic devices at all, or hide files on a thumb drive that they only use on off-line computers. A few will even take detours to Australia instead of risk talking in a bugged Chinese hotel room or purchase iPads or other devices for one-time use on a trip.


Attackers Eye Nuclear Plants
EnergyBiz (09/11) Silverstein, Ken

Security has always been tight at power facilities; but since the terrorist attacked of 2001, precautions have become much stronger. Since September 11, 2001, the nuclear energy sector reportedly has spent $2 billion to increase security in order to protect against everything from airliners deliberately flying into facilities to cyber attacks to armed physical assaults. The industry says that the efforts are ongoing and that no plant has suffered at the hands of the enemy. Among the steps taken by American Electric Power’s Cook Nuclear Plant in Bridgman, Mich., for example, are sophisticated detection systems that include night-time monitoring as well as newly-trained armed security forces. Additionally, the plant, which comprises 6 percent of AEP’s generation, instills a corporate culture that encourages workers to raise any concerns and know that, if justified, corrective actions will be taken. While critics acknowledge that the Nuclear Regulatory Commission has bolstered the protective measures that plant operators must take, they also say progress is too slow. Laws enacted in 2005 require those regulators to conduct security measures every three years that examine “force-on-force” exercises, which would then trigger a shut-down of a plant. The greatest danger to nuclear plants could come from the air, or possibly by missile. At risk are the nuclear reactors and radioactive fuel deposits as well as spent fuel that is in transport, all items that regulators are charged with securing. Special concern has been raised that a hijacked airplane could hit a containment wall, made only of concrete and steel, and wreak havoc at a site with a core reactor, which would then release radioactive materials. However, the Electric Power Research Institute says this method of attack would not work because the barriers protecting both the core and the spent fuel rods could withstand such an attack. Meanwhile, other experts, such as the National Academy of Sciences, agree that those plants are difficult to penetrate but not impossible. In addition to terrorism, natural disasters remain a threat. During the Japanese nuclear crisis in March, following the earthquake and tsunami, the back up power failed, allowing the core to melt down and to release radiation. In the U.S., AEP’s Larry Weber, chief nuclear officer, says that the redundancies set up to ensure that the fuel rods remain cooled are rigorously tested -- and that such a scenario cannot happen in the U.S.


Integrating Security at the New World Trade Center Site
SecurityInfoWatch.com (09/21/11) Griffin, Joel

The new World Trade Center site in New York presented numerous challenges for Louis Barani, World Trade Center security director at the Port Authority of New York and New Jersey. The site will consist of five towers, a memorial site, a transit hub and a performing arts center spread across 16 acres, and each facility will operate independently and use disparate technologies. The task of integrating security for all those systems was assigned to Barani, and he began by conducting a risk assessment. The number of casualties that could result from a certain threat, loss of income from the potential event and the cost of replacing what is lost are the three things that security executives should remember to make a part of their risk analysis, according to Barani. "The biggest challenge with any assessment like this is how you are going to present it to your executive," he says. Barani developed a comprehensive security plan, with assistance from Philip Santore, principal at the security consulting firm of Ducibella Venter & Santore, choosing to tie all systems together with Situational Awareness Platform Software (SAPS) created by VidSys and Quantum Secure, from a Sitewide Operations Coordination Center (SWOCC) that is located in one of the buildings on the site. The setup will allow information to be quickly distributed to the proper personnel. The site is expected to be completed by early 2016, and will have nearly 50,000 access card holders, 4,000 surveillance cameras, 20,000 fire alarm points, 5,000 building management system points, 2,000 elevator points, and 1,000 CBRN points.


Pre-Employment Background Screening: More to It Than Meets the Eye
Security Magazine (09/11) Vol. 48, No. 9, P. 112 Sawyer, David C.

Employers should learn the fundamentals of pre-employment background screening because information obtained about a potential hire can be confusing and misleading. Moreover, prospective employees are entitled to privacy in certain areas, and can pursue legal action against the organization if it violates their rights. Most employers use criminal records as a screening source, but searching the private database of a background screening firm has limitations and makes them legally responsible of verifying the information at the original source. Also, screening firms conduct searches of statewide repositories for criminal records, but a county court search generally has more accurate and up-to-date information. The courthouse where the record originated is the best place to search for a criminal record, therefore, employers should consider working with a professional background screening firm that has an established national network of court researchers. Employers should make sure they have the correct identification information on a job candidate, considering a false date of birth could potentially return a "no record found" for someone who has a serious criminal conviction. With regard to a consumer report, the Fair Credit Reporting Act requires employers to obtain written consent from the candidate before seeking this documentation. Employers that pass on candidates based on consumer report information must provide them with a copy of the report and inform them of their right to challenge the information.




Prominent US-Born al-Qaida Cleric Killed in Yemen
Associated Press (09/30/11) Al-Haj, Ahmed

A key figure in al-Qaida's affiliate in Yemen was killed in that impoverished Middle Eastern nation on Friday. Anwar al-Awlaki, the American-born Muslim cleric who is believed to have inspired the attempted Times Square bombing in May 2010 and the Fort Hood shootings in November 2009, was killed in an air strike on his convoy about 87 miles east of the Yemeni capital. Yemeni security officials and tribal leaders believe that the air strike was carried out by the U.S., as pilotless drones had been seen in the area in the run up to the attack. Al-Awlaki has been a target of the U.S. government since April 2010, when President Obama approved his placement on the CIA's kill or capture list. At least two air strikes were ordered against al-Awlaki between then and now, though they were unsuccessful. Al-Awlaki has been viewed as a threat because he has inspired and sometimes recruited militants to carry out terrorist attack. The Pakistani-American man who has admitted to carrying out the attempted Times Square bombing, for example, has said that he was inspired by the cleric after making contact with him over the Internet. Army Maj. Nidal Malik Hasan, who is accused of carrying out the Fort Hood shootings, said that he was inspired by al-Awlaki's online sermons. Al-Awlaki had said that he did not give Hasan orders to carry out the shooting at the Texas Army base, though he has called Hasan a hero for killing American soldiers that were set to be deployed to Afghanistan and Iraq.


Mass. Man, 26, Charged in Plot to Use Remote Control Planes to Blow Up Federal Buildings
Associated Press (09/29/11)

A 26-year-old Massachusetts man has been charged with plotting to attack the U.S. Capitol and the Pentagon. Rezwan Ferdaus is accused of planning to crash three remote-controlled, GPS-guided airplanes packed with several pounds of explosives into the two buildings. Ferdaus also allegedly planned to use explosives to blow up bridges in the area near the Pentagon. In addition, Ferdaus is charged with planning a follow up attack involving two teams of six people armed with automatic weapons. To prepare for his alleged plot, prosecutors said, Ferdaus traveled to Washington, D.C., in June to conduct surveillance and develop a 15-phase plan for his attack. Ferdaus was arrested in Framingham, Mass., following a federal sting operation in which undercover agents delivered a number of items that he allegedly asked for, including grenades, machine guns, and two dozen pounds of what he thought was C-4 explosives. Unlike other recent federal sting operations, Ferdaus is accused of planning the terrorist plot himself, though he allegedly discussed his plans with undercover federal agents posing as al-Qaida members. Ferdaus is believed to have wanted to carry out the attack after becoming radicalized by jihadi videos and Web sites. Officials have said that there was never any danger from the explosives, as they were always under control and closely watched.


A Hijacker, a Longtime Fugitive, a Prisoner
New York Times (09/29/11) Barron, James

A man accused of hijacking a Delta Air Lines flight for ransom in 1972 has been arrested in Portugal. Several hours into a flight from Detroit to Miami, George Wright--who was posing as a priest--allegedly pulled out a gun from a hollowed-out Bible and held the weapon against a flight attendant's head. Wright then allegedly demanded a $1 million ransom, which was the highest ransom of its kind at the time, and said that he would begin killing people on board the plane and throwing their bodies out of the aircraft's door every minute if the ransom was not delivered by FBI agents. Wright and the other hijackers also allegedly demanded that the plane be flown to Algeria so that they could be given asylum. The ransom was eventually delivered, the passengers were released, and the plane was flown to Algeria, where Wright and his accomplices lived for a period of time. Wright's accomplices were eventually found in Paris in 1976 and were convicted by a French court. The trail on Wright, meanwhile, had grown cold by 2002, though he was found in Portugal after U.S. authorities identified his fingerprints on his Portuguese identity card. Wright, who has lived in a village in Portugal under a fake name for the past 20 years, is in custody while the extradition request from the U.S. is being reviewed.


Even Those Cleared of Crimes Can Stay on F.B.I.'s Watch List
New York Times (09/28/11) P. A1 Savage, Charlie

Newly-released documents are shedding light on the terrorist watch list that is kept by the federal government. The documents, which were released by the FBI in response to a Freedom of Information Act request that was made by the Electronic Privacy Information Center, show that people can remain on the terrorist watch list even after they have been found not guilty of terrorism-related crimes, or if terrorism-related charges against them have been dropped. One of the documents that was released, a guidance memorandum that was sent to FBI field offices last December, shows that someone can remain on the terrorist watch list after being acquitted of terrorism charges if FBI agents still have a "reasonable suspicion" that the individual still may have ties to terrorism. In addition, the names of people who are no longer the subject of an active terrorism investigation but are still thought to be a national security risk are kept in a special file maintained by the FBI. The practice of keeping former terrorism suspects on the nation's terrorist watch list has been criticized by Electronic Privacy Information Center counsel Ginger McCall, who said that it violates the principle of being innocent until proven guilty. However, the practice has been defended by former Homeland Security official Stewart Baker, who noted that it could still be appropriate to keep someone on a terrorist watch list even if information about the person's possible ties to terrorism did not meet the courtroom standard of proving guilt beyond a reasonable doubt.


Gunman Kills American at Kabul CIA Office
Wall Street Journal (09/26/11) Abi-Habib, Maria

One American was killed and another was injured in shooting at a U.S. facility in Kabul on Sunday. A spokesman for the American Embassy said that the attack was carried out by an Afghan employee in a U.S. Embassy annex. However, there were reports that the attack took place at the CIA's offices in Kabul. The embassy spokesman would not say whether the shooting took place at the CIA's offices, nor would he say that whether the attack involved CIA employees. A Western security official in Kabul, meanwhile, said that the person who carried out the shooting was able to gain entrance to the U.S. Embassy annex and gain access to a gun because he was someone who was trusted by CIA employees. The security official noted that the man may have been a CIA informant, and that he may have made his way to the roof of the CIA building and fired on the nearby U.S. Embassy. The motivation for the attack remains unclear. It is also not clear whether the attacker had ties to the Haqqani network, the militant group which has been blamed for the recent attack on the U.S. Embassy in Kabul.




Authenticity of Web Pages Under Attack By Hackers
USA Today (09/28/11) Acohido, Byron

The underlying security of the Internet is under attack, and security professionals have become very concerned about their ability to protect users' most sensitive personal information, such as account logons and credit card numbers. One recent attack involved three of the more than 650 digital certificate authorities (CAs), which ensure that Web pages are legitimate when displayed on Web browsers. A hacker gained access to digital certificate supplier DigiNotar and began issuing forged certificates for several companies. "The infrastructure baked into the Internet, which is based on trust, is starting to fall apart," says Zscaler's Michael Sutton. The successful hacks demonstrated that it is possible to impersonate any site on the Web, according to AppSec's Josh Shaul. "No one knows where the next breach will occur," says Venafi CEO Jeff Hudson. F-Secure's Mikko Hypponen notes that hackers currently are targeting personal data from email services, social networks, credit bureaus, and blogging sites. The hacks put pressure on CAs and browser makers to do more to identify and quickly stop counterfeit certificates and faked Web pages. "The security of the Web is our collective responsibility," says Mozilla's Johnathan Nightingale.


Mac OS X Lion: Losing Its Security Pride
CSO Online (09/28/11) Hulme, George V.

Security researchers have recently found that Mac OS X could be vulnerable to a number of security threats. For instance, F-Secure has discovered a Trojan dropper that creates a backdoor in systems running Mac OS X that allows attackers to forcibly open a politically inflammatory Chinese-language PDF file. However, the file is opened merely to distract victims from the downloading of malware from a Russian server. In another potential threat discovered by Intego, users visiting malicious Web sites could be tricked into clicking on a link or an icon to download and install Adobe Flash Player. If users click on this link or icon, they will install a Trojan horse and malware that will try to turn off some network security applications and install attack code that allows code to be injected into any application run by the user. Intego says that users whose browsers are set to automatically run installer packages are at the greatest risk from this attack. Security firms are divided on what this spate of threats against Mac OS X means. Intego says it believes that the rash of threats means OS X users should prepare for other new attacks and exploit code, while Securosis analyst and founding CEO Rich Mogull says he is not concerned about the possibility of an increased risk of malware targeting OS X users.


Homeland Security Revamps Cyber Arm
InformationWeek (09/26/11) Hoover, J. Nicholas

Changes are coming to the National Protection and Programs Directorate, the Department of Homeland Security agency that is responsible for carrying out much of the federal government's cybersecurity responsibilities, following the departure of deputy undersecretary Phil Reitinger. DHS undersecretary Rand Beers told staff that the growing importance of cybersecurity to his department and the nation as a whole means that Reitinger's former job should be divided into two positions. The person who holds one of the new deputy undersecretary positions will deal with cybersecurity, while the person that holds the other will assist in efforts to protect crucial infrastructure, secure federal facilities, and manage the US-VISIT biometric identity management system. While Beers has not said who the new deputy undersecretary for cybersecurity will be, he said the agency will make that announcement soon. "This position will help the directorate ensure robust operations and strengthened partnerships in the constantly evolving field of cybersecurity," Beers wrote in an e-mail to employees.


MySQL.com Hacked to Serve Malware
IDG News Service (09/26/11) McMillan, Robert

The Web site for the open source MySQL database recently was hacked and used to disseminate malware to visitors. Hackers had installed JavaScript code that bombarded visitors to the site with a variety of known browser attacks, so those with outdated browsers or unpatched versions of Adobe Flash, Reader, or Java on their Windows PCs could have been stealthily infected with pernicious software. The issue was cleared up quickly, notes Armorize CEO Wayne Huang. He believes the malicious code was on the site for less than 24 hours. Huang says the attackers used the Black Hole exploit kit to attack visitors to the site, but his team has not yet determined what the malicious software that it installed was designed to do. Hackers who struck MySQL.com in March posted a list of usernames and passwords following the breach, and that data may have been used to penetrate the site again, according to Trend Micro researcher Maxim Goncharov.


Pentagon Extends Program to Defend Corporate Networks as Cyberattacks Get More Sophisticated
Associated Press (09/26/11)

The Pentagon has announced that it is expanding a pilot program aimed at protecting vital U.S. defense contractors from cyberattacks. The program, which is part of the Obama administration's effort to better secure critical networks by sharing intelligence with private companies and helping those companies better protect their computer systems, currently involves at least 20 defense contractors. The pilot program will be extended through the middle of November as officials discuss how to expand it to even more companies and subcontractors. In addition, the pilot program could also serve as a model for the Department of Homeland Security's efforts to offer similar cybersecurity protections to critical infrastructure such as power plants and the nation's electric grid. However, a senior official at DHS said that any effort to expand the program would face a number of challenges, though he said those challenges could be addressed by a new law that would explicitly give DHS the responsibility for helping private companies protect themselves from cyberattacks. The official also noted that the law should exempt companies from privacy statutes and other laws so that they can share information with the government in order to improve cybersecurity.


Abstracts Copyright © 2011 Information, Inc. Bethesda, MD


  ASIS also offers a daily and a non-sponsored, special-content Professional Edition of
Security Newsbriefs. Please click to see a sample or to contact us for more information.

Unsubscribe | Change E-mail | Advertising Opportunities | Security Management Online | ASIS Online

No comments: