Friday, October 21, 2011

Security Management Weekly - October 21, 2011

header

  Learn more! ->   sm professional  

October 21, 2011
 
 
Corporate Security
Sponsored By:
  1. "'Flash Robs' Vex Retailers"
  2. "Protests Are a Payday for Security Firms"
  3. "Patents Are a Virtue" Intellectual Property Theft and Counterfeit Products in China
  4. "Employee Theft: The Largest Source of Shrink in North America"
  5. "Ex-Marines Fighting Pirates as World Shipping Lanes Attacked" Former British Marines

Homeland Security
Sponsored By:
  1. "Eccentric and Brutal, He Met End as a Fugitive" Moammar Gadhafi
  2. "Turkish Forces Pursue Militants Into Iraq"
  3. "Pentagon Warns Against Bills Changing Rules on Detainees"
  4. "Demonstration Tests Police Playbook" Occupy Wall Street Protests in New York City
  5. "Iran 'Set Back' on Nuclear Program"

Cyber Security
  1. "IT Security Staffing Challenges Hinder Threat Response: Symantec"
  2. "Your Wall Has Ears" Security Risks Posed by Social Networking Sites
  3. "Mass SQL Injection Attack Hits 1 Million Sites" Structured Query Language
  4. "'Son of Stuxnet' Virus Could be Used to Attack Critical Computers Worldwide"
  5. "Hacker Group Threatens Industrial Computer Systems" Anonymous

   

 
 
 

 


'Flash Robs' Vex Retailers
Wall Street Journal (10/21/11) Zimmerman, Ann; Bustillo, Miguel

As retailers gear up for the holiday season, they are also working to protect themselves from flash mobs that come into stores and steal merchandise. Flash-mob attacks, which are also known as flash robs and are organized primarily by teens and young adults via social networking sites and text messaging, are being reported by a number of retailers. Of the 106 retailers who took part in a National Retail Federation (NRF) survey this summer, 10 percent said that they had been victims of flash robs. A suburban Philadelphia Sears store was among the retailers that have been attacked by flash mobs. In an incident in June, roughly 40 boys went into to the store and stole thousands of dollars in sneakers, socks, and other merchandise. The NRF says that there are a number of things that retailers can do to protect themselves from flash robs, including working with police to monitor social networks and other Web sites for indications that a flash mob attack is imminent. Retail employees should also be sure that they tell their managers or loss-prevention workers when they see an unusually large group of people inside or directly outside the store, the NRF says. One thing that retailers should not do, security experts say, is intervene in a flash mob attack to try to stop participants from shoplifting, since doing so could risk a violent response from those trying to steal merchandise.


Protests Are a Payday for Security Firms
New York Times (10/19/11) Roose, Kevin

In the face of the expansion of the Occupy Wall Street movement and, with it, increasing awareness and unrest regarding their business practices, many of the major financial institutions targeted by the protesters are stepping up security measures. The private security firms who provide these changes say that the protests have been extremely good for their business. Much of the new revenue is coming from executives bringing in outside security firms to supplement their internal security teams. One executive reportedly even asked Risk Control Strategies co-founder Paul Viollis to send undercover agents to the protester's camp in Zuccotti Park to find out if they were planning to harm him or his colleagues. Viollis said that he would likely decline that particular request. Even executives who are not usually visible to the public are starting to get nervous as the protests increase their profile, potentially making them the target of research-based individual attacks. Executives in the financial industry are willing to pay millions of dollars to protect themselves from these kinds of risks. The first step in such protection is creating a risk profile that determines vulnerabilities like scheduling or parking quirks that makes the target easier to find physically. They also check for Facebook profiles that post photos of family members or homes to protect them from cyber risks. The profile is then presented to the client so they can correct these oversights. Only then does the company begin fortifying the client's home with high-tech products such as biometric door locks and infrared cameras or motion sensors.


Patents Are a Virtue
Wall Street Journal (10/19/11) Nairn, Geoff

Experts say that companies must always be vigilant about the threat from intellectual property theft and counterfeit versions of their products. Much of the world's pirated goods come from China. According to statistics released by the European Commission, 85 percent of the counterfeit products that were seized in the European Union in 2010 came from China. A variety of different products are being counterfeited, including electronics, toys, and high-end fashions. Some of these products are being counterfeited after they are taken apart by workers in back street garages in China to see how they are put together. Other products are being counterfeited after criminals steal design files and software code from the product's manufacturer. Many of these thefts are state-sponsored, as most companies do not have the time or the resources to carry out such attacks on their rivals, said Thomas Winfield, a professor of international law at the George C. Marshall European Center for Security Studies. Despite the threat posed by counterfeiting and intellectual property theft, most companies do not fully appreciate the value of their intellectual property. As a result, intellectual property is easier for criminals to steal, particularly when it is stored in digital files. However, some companies that do business in China have taken steps to protect their intellectual property. Bowers & Wilkins, a British company that makes top-of-the-line speakers, opted to build its own facility in China rather than sub-contract the job to a Chinese company so that it would not have to provide the company with details about its complex manufacturing process.


Employee Theft: The Largest Source of Shrink in North America
Security Management (10/18/11) Purvis, Carlton

Shrinkage cost retailers around the world more than $119 billion over the past year, or 1.45 percent of their sales, according to the Centre for Retail Research's Global Retail Theft Barometer for 2011. The causes that are most commonly responsible for retail shrinkage are different in various regions of the world. Customer theft was the primary cause for shrinkage in most countries around the world, resulting in $51.5 billion in losses so far this year. However, dishonest employees were the biggest cause of retail shrinkage in North America. Employee theft resulted in $47 billion in losses for North American retailers so far this year, up from $37.8 billion last year. Shrinkage that resulted from employee theft represented 44 percent of all the retail shrink that has taken place so far in 2011. However, employee theft may seem to be higher in North America than in other parts of the world because retailers here are so focused on the problem that more workers are being caught, said professor Joshua Bamfield, the author of the report. Bamfield also said that employee theft could be the result of retailers using part-time or temporary workers, who may be less hesitant than their full-time, permanent counterparts to steal merchandise.


Ex-Marines Fighting Pirates as World Shipping Lanes Attacked
Bloomberg Business Week (10/18/11) Arnsdorf, Isaac

U.K.-based Protection Vessels International Ltd. (PVI) has announced that it plans to add about 250 former Royal Marines to its force of 750 to protect oil tankers and other ships from pirates off the coast of East Africa. Currently, 15 percent of the ships in the Indian Ocean are protected by armed ex-marines. In 2012, that number is expected to rise to 17 percent. PVI Managing Director Dom Mee said that the presence of armed guards usually convinces pirates to "back off and wait to find a vessel that isn't armed." A.P. Moller-Maersk A/S, which is the largest owner of vessels that carry manufactured goods, has also announced it will start using armed security on some of its oil and gas tankers. PVI's guards are paid by the day, and the average cost is $50,000 per voyage. The company exclusively hires former Royal Marines. It has a staff of 60 to handle regulatory compliance and purchases all of its weapons in Britain. In the first nine months of 2011, Somali pirates attacked 199 ships and hijacked 12 percent of them, down from 28 percent in 2010, according to the International Maritime Bureau. Pirate attacks globally rose to 352. For its part, PVI said its guards have been attacked 30 times in three-and-a-half years, repelling all attacks without incurring any deaths or injuries. They have found that warning shots are usually sufficient to drive the pirates away. Despite this success, the U.K government says it will soon announce a change of policy that discourages the use of private security on board ships. Shipping lobbies, in the meantime, have asked the U.N. to set up a military force to defend vessels from pirates in the Indian Ocean.




Eccentric and Brutal, He Met End as a Fugitive
Wall Street Journal (10/21/11) Boudreaux, Richard

The death of former Libyan leader Moammar Gadhafi has been confirmed by the country's interim prime minister. Gadhafi was tracked down Thursday by rebels in Sirte, the Mediterranean coastal city that was the former leader's hometown and the place where he was making his final stand. After being found, Gadhafi was shot and eventually died from his injuries. Although President Obama stopped short of confirming Gadhafi's death on Thursday, Arab news media outlets broadcast photos and videos showing Gadhafi's corpse. While Gadhafi repaired relations with the West for a time after he decided to join the fight against terrorism and abandon the development of weapons of mass destruction in 2003, Libya was a pariah state for most of his tenure. Gadhafi had a policy of promoting terrorism, and was behind a number of attacks in the mid-to-late 1980s, including the 1986 bombing of a Berlin nightclub. The 1988 bombing of Pan Am Flight 103 was also the work of Libya. The U.S. responded to the Berlin nightclub bombing by launching air strikes on Gadhafi's home. Despite the thaw in relations in recent years, the U.S. decided to take action against Gadhafi again this year when his regime launched a bloody crackdown on an uprising inspired by similar revolutions in other Middle Eastern nations.


Turkish Forces Pursue Militants Into Iraq
Wall Street Journal (10/20/11) Champion, Marc

Turkey on Wednesday retaliated against the Kurdish guerrillas who are believed to have carried out recent attacks on Turkish military bases. Those attacks, which took place early Wednesday morning, were carried out by roughly 200 fighters from the Kurdistan Workers Party (PKK), which is considered by the U.S. to be a terrorist organization. Some of the ensuing gun battles that took place at the Turkish military bases, which are located along Turkey's border with Iran and Iraq, lasted for four hours. At least two dozen Turkish soldiers were killed and 18 others were injured. Later in the day on Wednesday, Turkish special forces invaded northern Iraq to pursue the PKK members who carried out the attacks. In addition, Turkish jets bombed Iraqi territory. Analysts said that the Turkish military could also launch a land attack against the PKK's bases in the mountainous areas of northern Iraq. Such an offensive was reauthorized by the Turkish Parliament earlier this month. The PKK has been fighting Turkey since 1984, though the group's goals have changed from creating an independent Kurdish state to achieving limited autonomy.


Pentagon Warns Against Bills Changing Rules on Detainees
Wall Street Journal (10/19/11) Barnes, Julian E.

The Pentagon has raised objections to two similar House and Senate bills designed to significantly restrict the transfer of detainees out of the Guantanamo Bay detention facility in Cuba. The bills could also require civilian authorities to defer prosecution of terrorist suspects to the military. Currently, the Justice Department has primary responsibility for reviewing detainee cases, but, under the new bills, these reviews would be undertaken by military panels. In a statement, Pentagon general counsel Jeh Johnson said that the military "cannot be the only answer" for dealing with terrorist suspects. "There is a danger in over-militarizing our approach to al-Qaida and its affiliates," he explained. "There is risk in permitting and expecting the U.S. military to extend its powerful reach into areas traditionally reserved for civilian law enforcement in this country." The conservative Heritage Foundation, which Johnson addressed with these remarks, supports his position. As former Pentagon official Charles Stimson argues, "Most of the proposed legislation potentially encroaches on the commander in chief's executive power under the U.S. Constitution." Democrats as well as Republicans have backed both bills, but Senate Majority Leader Harry Reid (D-Nev.) has blocked consideration of the broader defense-authorization bill that contains them. Some Senate members have pushed to place the changes on a separate bill.


Demonstration Tests Police Playbook
Wall Street Journal (10/18/11) Gardiner, Sean; El-Ghobashy, Tamer

The strategies used by the New York Police Department for dealing with large crowds of people have been tested by the Occupy Wall Street protests, which are now entering their second month. Those strategies were developed following the 1991 Crown Heights riots. The NYPD responded to those riots by dividing the area where the unrest was taking place into four sections and designating special arrest teams. In addition, police officers on motorcycles and horseback were deployed to the riot zone to hunt down groups of people causing trouble. Police officers then began to make large numbers of arrests, which helped stop the riots. The NYPD's strategy for dealing with large events has not changed a great deal in the 20 years since those riots took place, a department spokesman said, though he noted that some changes have been made on occasion. For example, police officers used scooters to help patrol the protests at the Republican National Convention in 2004. However, the department has had trouble adapting its strategies to the Occupy Wall Street demonstrations. One reason why the protests have posed a challenge is the fact that the demonstrations have been constantly changing, and because there is no leader of the protest movement. Compounding the problem is the fact that protesters march through New York without giving any notice and without asking for permission.


Iran 'Set Back' on Nuclear Program
Washington Post (10/18/11) P. A1 Warrick, Joby

Experts say that Iran's nuclear program has suffered a number of setbacks since being affected by the Stuxnet computer virus last year. The cyberattack, which was designed to disable thousands of centrifuges that were being used to enrich uranium at Iran's nuclear facility in Natanz, resulted in a major equipment failure that caused a major drop in the production of enriched uranium in 2009 and 2010. Although production levels recovered after Iranian scientists replaced more than 1,000 centrifuges at Natanz that were not operational, the production of enriched uranium has once again fallen. There could be a number of reasons why Iran's production of enriched uranium is dropping off again, including the fact that equipment used in the enrichment process is breaking down, an analysis of data collected by nuclear officials at the United Nations indicates. In addition, the new centrifuges that are being used by Iran to replace older models are made of a weaker type of metal that is more likely to cause a break down, a report by the Institute for Science and International Security shows. The decline in the output of enriched uranium has rendered the Natanz facility incapable of meeting the needs of Iran's nuclear reactor, though experts say that the problems will not permanently derail Tehran's effort to build nuclear weapons. Diplomats and nuclear efforts have also said that the anger Iranian officials are feeling over problems with the country's nuclear program can be seen in Tehran's alleged plot to assassinate Saudi Arabia's ambassador to the U.S. One senior Obama administration official said that the plot was so bizarre that it may have been a sign that Iranian officials are feeling desperate following the setbacks to the nuclear program.




IT Security Staffing Challenges Hinder Threat Response: Symantec
eWeek (10/20/11) Eddy, Nathan

Most organizations lack confidence in their IT security postures, according to a recent survey by Symantec. Of those who took part in the 2011 Threat Management Survey, 57 percent said that they did not have confidence in the ability of their IT security staff members to respond to new cybersecurity threats. There were several reasons why respondents lacked confidence in their IT security staffs, including insufficient staffing levels. Nearly half of those who expressed a lack of confidence in their organization's IT security posture cited a lack of sufficient security staffing as a top reason why. More than 40 percent of all organizations, and 53 percent of organizations in North America, reported having problems with staffing levels. Insufficient staffing levels also had an impact on staff effectiveness, which was a problem for 66 percent of respondents. Recruiting, retention, and skill set gaps with existing staff members were the top three problems affecting the effectiveness of IT security staffs, cited by 46 percent, 42 percent, and 35 percent of respondents, respectively. That suggests that the effectiveness of an IT security staff is related to staffing levels, staff experience, and the skill sets that staff members have.


Your Wall Has Ears
Wall Street Journal (10/19/11) Nairn, Geoff

Social networking Web sites like Twitter and Facebook have the potential to offer new avenues for industrial espionage, and, consequently, new security risks, says Mikko Hypponen, chief research officer as security software company F-Secure. According to his research, corporate spies may search social media feeds for information that can amount to valuable intelligence on a target organization. Alternatively, some corporate spies use "social engineering," a technique that tricks employees into clicking on links in posts and e-mails that supposedly come from colleagues or social networking friends. Instead, the links install Trojans and other information-gathering malware on corporate IT systems. Abhilash Sonwane, senior vice-president of Indian security software company Cyberoam, recently conducted a study of 20 businesses whose employees posted on social networks and found that he was able to obtain some sensitive information by monitoring the posts of those employees. With these kinds of risks, many companies are taking action to prevent information breaches via social media. Some businesses, particularly those in regulated sectors, go so far as to ban employees from accessing social networking accounts at work. Others use software that prevents employees from posting sensitive data on their feeds or otherwise moderate or restrict downloading or chatting. However, security experts say that the best protection, and the one that is least likely to create bad will amongst employees who consider social networking an essential tool, is to educate users about the risks of these Web sites.


Mass SQL Injection Attack Hits 1 Million Sites
Dark Reading (10/19/11) Chickowski, Ericka

Researchers at Armorize have discovered a new mass SQL injection attack that is similar to the LizaMoon attacks that took place earlier this year. The new attack involves the injection of script into ASP.NET Web pages that load an iFrame. This in turn initiates browser-based drive-by download exploits on the computers of those who visit the infected sites. So far more than 1 million Web pages running ASP.NET have been infected with the new attack, Armorize says. According to Armorize CEO Wayne Huang, the large number of affected sites could be an indication that most of the infected pages were put up by small- and medium-sized businesses (SMBs) that have little in the way of understanding of security practices. Huang notes that these businesses can start to combat the SQL injection by upgrading to the newest version of their third-party libraries or frameworks. SMBs also should be sure to use tools that can scan for vulnerable code and use Web site vulnerability scanning services, Huang says.


'Son of Stuxnet' Virus Could be Used to Attack Critical Computers Worldwide
MSNBC (10/18/11) Sullivan, Bob

Researchers at Symantec have discovered a new virus that they say is very similar to the Stuxnet virus that was used to attack Iran's nuclear program. Like Stuxnet, the new virus--which is known as Duqu and may have been in use since last December--targets industrial command and control systems. In addition, much of the code used in Duqu is similar to the code used in Stuxnet. Both Stuxnet and Duqu also use fraudulent digital certificates that are purportedly issued by Taiwanese companies. As a result, Duqu must have either been created by the same group that developed Stuxnet or was created by a group that was able to obtain Stuxnet's source code. However, there are some differences between Stuxnet and Duqu, which creates a backdoor in the systems it infects and connects them to a command computer in India. For instance, Stuxnet was designed to attack the computers used in Iran's nuclear research program. Duqu is not as targeted, and may be designed to collect intelligence such as design documents before an attack on infrastructure computers is launched, Symantec said.


Hacker Group Threatens Industrial Computer Systems
Washington Times (10/17/11) Waterman, Shaun

A bulletin leaked from the Department of Homeland Security's National Cybersecurity and Communications Integration Center shows that officials are concerned about possible attacks on computer systems used to operate the nation's critical infrastructure. According to the bulletin, which was issued in September and posted on Monday by the Web site Public Intelligence, the hacker group Anonymous has posted computer code and other material that shows that it is interested in attacking industrial control software (ICS) systems, which are used to run equipment at power stations, chemical plants, and water and sewage facilities, among other facilities. Successful attacks on such systems could have disastrous consequences, such as explosions at power generators, the release of dangerous chemicals, and the pollution of water supplies. Although hackers from Anonymous have shown some ability to access ICS systems, the DHS bulletin noted that the group has not yet carried out any attacks. If and when Anonymous does decide to carry out attacks on ICS systems, oil and gas companies could be tempting targets for the hackers to advance their environmental agenda, the bulletin noted. The bulletin also said that other activist hackers could attack the ICS systems of energy companies.


Abstracts Copyright © 2011 Information, Inc. Bethesda, MD


  ASIS also offers a daily and a non-sponsored, special-content Professional Edition of
Security Newsbriefs. Please click to see a sample or to contact us for more information.

Unsubscribe | Change E-mail | Advertising Opportunities | Security Management Online | ASIS Online

No comments:

Post a Comment