Friday, October 26, 2012

Security Management Weekly - October 26, 2012

header

  Learn more! ->   sm professional  

October 26, 2012
 
 
Corporate Security
  1. "3 Dead After 5 Family Members Shot in California"
  2. "Report Sheds Light on Intellectual Property Theft"
  3. "Microsoft Dropping Physical Box Sales of Windows 8 in China"
  4. "Wis. Gunman Accused of Killing 3, Wounding 4 at Salon Where Wife Worked Had History of Abuse"
  5. "Rotterdam Gallery Had No On-Site Security Guards on Night of Art Theft"

Homeland Security
Sponsored By:
  1. "Remote U.S. Base at Core of Secret Operations"
  2. "A CIA Veteran Transforms U.S. Counterterrorism Policy"
  3. "E-mails: White House Knew of Extremist Claims in Benghazi Attack"
  4. "Plan for Hunting Terrorists Signals U.S. Intends to Keep Adding Names to Kill Lists"
  5. "Jordan Disrupts Major al-Qaeda Terrorist Plot"

Cyber Security
  1. "BYOD Resistance Loosening but Security Practices Lacking" Bring Your Own Device
  2. "Hackers' New Super Weapon Adds Firepower to DDOS" Distributed Denial of Service Attacks
  3. "Barnes & Noble Customer Data Stolen"
  4. "In Cyberattack on Saudi Firm, U.S. Sees Iran Firing Back"
  5. "Apple Drops Java After Security Scare"

   

 
 
 

 


3 Dead After 5 Family Members Shot in California
Associated Press (10/24/12)

Police in Downey, Calif., report that a gunman shot three people at a family-owned fire extinguisher business on Wednesday. The shooting was reported by someone from the company, the United States Fire Protection Services Inc., who called 911. The police say that they do not believe the business, which is owned by a group of brothers, was targeted randomly. Immediately after the shooting at the office, two more people were shot at a home belonging to the business owners nearby. Three of the five victims have died, but police have not identified any of them, saying that they have not yet been able to notify family members. Two of the victims were also at the business before heading to the home in a black Camero, which was later taken by the suspect. Police do not know if they were kidnapped from the business by the suspect or if they fled. They do not believe the suspect was a former employee, friend, or family member, and a teenager who survived the shooting did not recognize him.


Report Sheds Light on Intellectual Property Theft
SecurityInfoWatch.com (10/24/12) Griffin, Joel

The recently released 2012 edition of Verizon's annual Data Breach Investigations Report (DBIR) is exposing the trends and threats that underpinned intellectual property (IP) theft in 2011. The report found that a total of 174 million records were compromised by data breaches last year and identified 85 cases of confirmed IP theft over the past two years. The DBIR found that in 2011 no economic sector was immune from IP theft, but breaches in the financial services and public administration sectors accounted for two thirds of the 84 cases. Outsiders were behind the majority of IP theft cases, 85 percent, though some degree of collusion with insiders was seen in 45 percent of the cases. The threats contributing to IP theft included misuse of privileged access, hacking, social engineering, physical threats, malware, and user error. Misuse of privileges, hacking, and social engineering attacks were the most common, seen in 52, 47, and 41 percent of cases, respectively. Verizon Enterprise Solutions' Jay Jacobs said that IP thefts tended to involve more long-term breaches and a focus on gaining access through the use of valid credentials obtained through social engineering attacks or by exploiting network vulnerabilities. To combat this, Jacobs advised organizations to make use of two-factor identification systems.


Microsoft Dropping Physical Box Sales of Windows 8 in China
PC World (10/23/12) Kan, Michael

In a move to counter rampant software piracy, Microsoft has announced that it will not be releasing its new Windows 8 operating system as a boxed retail product in China. Instead, the new operating system, which will be officially released in China on Friday, will only be available in that country as an official download from Microsoft or preloaded on new PCs and devices. Microsoft hopes the move will help cut down on the enormous market for pirated software in China, which at $9 billion a year is almost triple that for legitimate software. Many stores in China are already selling boxed bootleg copies of the free preview version of Windows 8 for as little as 60 yuan (less than $10 US), but Microsoft hopes that not releasing boxed copies will prevent pirates from releasing true bootlegs of the operating system as quickly as they did with Windows 7. Pirated copies of that OS were available in China months before the product's official release. Microsoft also hopes that not offering boxed retail copies will help Chinese consumers better distinguish between official and bootleg copies of the operating system. This is a valuable security as well as financial move, because most bootlegged operating systems tend to be riddled with viruses and malware.


Wis. Gunman Accused of Killing 3, Wounding 4 at Salon Where Wife Worked Had History of Abuse
Associated Press (10/22/12)

Radcliffe Franklin Haughton, who killed three women and wounded four others before killing himself in a shooting at the Wisconsin salon where his wife worked on Sunday, reportedly had a history of domestic abuse. Several weeks earlier, Haughton had reportedly slashed his wife's tires, after which she was able to obtain a four-year restraining order against him. The same order was supposed to prohibit Haughton from owning a firearm. Police have not said whether Haughton surrendered any weapons prior to the shooting. They did say that an improvised explosive device was also found at the scene of the shooting, but sources denied that they were "immediately aware" of a motive for Haughton's actions.


Rotterdam Gallery Had No On-Site Security Guards on Night of Art Theft
Irish Times (Ireland) (10/22/12) Cluskey, Peter

The director of the Dutch art gallery that was the victim of a major art theft on Oct. 16 says that there were no security guards on duty the night that seven paintings were stolen. According to the director, the gallery was dependent on its "state-of-the-art" security system to protect the stolen works, which included a Picasso, a Matisse, two Monets, a Gauguin, a Lucian Freud, and a work by Dutch artist Jacob Meijer de Haan. Officials defended the security at the Kunsthal, saying that it had been installed in consultation with the gallery's insurers. Although no details on the thieves have been released and they are not clearly visible in security footage, police say they carried very distinctive bags that may possibly be tracked. In the meantime, Dutch police have appealed to the public for assistance. Art Loss Register Director Chris Marinello said that the theft may have been an inside job, given how easily thieves were able to steal the paintings.




Remote U.S. Base at Core of Secret Operations
Washington Post (10/26/12) Whitlock, Craig

The U.S. military's base in the East African nation of Djibouti plays an important, though largely secret, role in the fight against al-Qaida and its allies. The base, which is known as Camp Lemonnier, was originally a temporary staging ground for U.S. Marines but has since become the center of the U.S. drone campaign against al-Qaida militants in Yemen and Somalia. The roughly 300 Special Operations personnel who are stationed at Camp Lemonnier plan raids and coordinate 16 drone flights per day, most of which are bound for Yemen and are used in the fight against al-Qaida in the Arabian Peninsula. Some other flights head to the southeast, where they fly missions over Somalia. Africa Command, the branch of the U.S. military that oversees Camp Lemonnier, says that the intelligence collected in these drone flights is used to gain a better understanding about the activities of extremist organizations. Documents show that drone flights from Camp Lemonnier increased significantly following the arrival of eight Predator drones at the camp last year, and these same documents show that drone operations at the base are set to increase further in the coming months. Camp Lemonnier's role in the fight against terrorism is likely to expand in the coming years, as the Pentagon has drawn up plans to build a large new compound that could house as many as 1,100 Special Operations forces.


A CIA Veteran Transforms U.S. Counterterrorism Policy
Washington Post (10/25/12) DeYoung, Karen

Many of the counterterrorism decisions made by the Obama administration are handled by John O. Brennan, the president's counterterrorism adviser. Much of the ability to influence decisions on lists of terrorists targeted for killing rests with Brennan, as does much of the power to shape decisions on how armed drones should be allocated. In addition, it is Brennan who ensures that each drone attack is justified, and it is he who tries to restrain both the CIA and the military when he feels they become overzealous in going after terrorists. Brennan has also worked to limit the list of targeted terrorist suspects in Yemen and is also the one who brings recommendations for attacks against terrorist targets to President Obama, who ultimately decides whether or not to approve the strikes. Although Brennan's presence has been viewed by the administration as being beneficial, given his long history of working at the CIA, there are critics who say that so much power should not be concentrated in the office of one person who is neither accountable to voters or confirmed by Congress. Critics also say that the opaque nature of Brennan's actions have made it impossible to determine whether the counterterrorism actions taken by the administration comply with the laws of war or are reflective of the nation's values.


E-mails: White House Knew of Extremist Claims in Benghazi Attack
CNN.com (10/24/12) Labott, Elise

New State Department e-mails sent during the hours immediately following the Sept. 11 attack on the U.S. diplomatic mission in Benghazi, Libya, show that the Obama administration had received reports that the militia now suspected of the attack, Ansar al-Sharia, had initially claimed responsibility for the assault. The e-mails specifically allude to claims of responsibility made on Facebook and Twitter that were later denied by an Ansar al-Sharia spokesman. While some are claiming the e-mails are further proof of initial confusion and double talk by the administration concerning the attack, Secretary of State Hillary Clinton and other administration officials have pushed back against such claims. On Wednesday Clinton admonished the media for "cherry picking one story here or one document there" and said, "posting something on Facebook is not in and of itself evidence." White House Spokesman Jay Carney noted that the e-mail, an unclassified State Department communique, was only reporting what was freely knowable to everyone at the time and that it did not carry the same weight as official intelligence accounts of the incident. Indeed, it is very common for there to be multiple, often conflicting claims of responsibility for major terror attacks such as that seen in Benghazi, and it takes time for intelligence analysts to properly parse and evaluate such claims.


Plan for Hunting Terrorists Signals U.S. Intends to Keep Adding Names to Kill Lists
Washington Post (10/24/12) Miller, Greg

The Obama administration's campaign of drone strikes against terrorist targets is guided in part by a list known as the "disposition matrix." The matrix, which was developed by the National Counterterrorism Center (NCTC), serves as a supplement to the separate but overlapping lists of targets that are maintained by the CIA and the U.S. Joint Special Operations Command (JSOC). Among the pieces of information that are included in the matrix are the histories of terrorists, their locations, the names of those who they are known to associate with, and the organizations with which they are affiliated. The matrix also includes strategies for capturing or killing terrorists and the types of charges that the Justice Department should prepare. The information included in the matrix is constantly changing, with new names being added to the capture or kill lists as old names are removed. The addition of new names to the list could go on for years, underscoring the fact that there is no end in sight to the efforts to eradicate al-Qaida. Some say that operations against terrorist targets could go on for at least another 10 years, a timeline which has prompted some to express concern about the potential that the counterterrorism campaign could further sow anti-U.S. sentiments.


Jordan Disrupts Major al-Qaeda Terrorist Plot
Washington Post (10/22/12) Warrick, Joby; Luck, Taylor

Jordanian officials said Sunday that they have arrested 11 individuals with ties to al-Qaida in Iraq who were allegedly planning to launch a coordinated series of attacks in Jordan as part of an effort to destabilize that country's government. Officials said that the terrorist cell, which had been planning the attacks since June, had been amassing a cache of explosives and mortar rounds that they had obtained from battlefields in Syria in order to carry out the attacks. The suspects are believed to have been planning several different attacks on shopping centers and cafes in the Jordanian capital of Amman in order to distract emergency responders and security officials while they carried out simultaneous strikes on government buildings and embassies. Among the embassies that are believed to have been targeted is the U.S. Embassy in Amman, though the State Department has not yet confirmed or denied that its diplomatic outpost in the Jordanian capital was in the terrorists' crosshairs. A former Western intelligence official who is familiar with the case said that the plot was "serious" and that there was the potential for a significant number of casualties had the plan been executed. Other officials said that the disruption of the plot is the latest sign that the conflict in Syria could be spilling out over that country's borders.




BYOD Resistance Loosening but Security Practices Lacking
Network World (10/25/12) Messmer, Ellen

The SANS Survey on Mobility/BYOD Security Policies and Practices queried 650 information and security professionals about how the bring your own device (BYOD) trend is affecting their organizations, and found that 25 percent of them prohibit use of personally owned devices such as smartphones and tablets on the network. However, most of those that allow such devices lack substantive policies or security controls related to them. When asked what kind of products or services they are utilizing for mobile devices, about half indicated a mix of data protection via encryption for secure access to corporate resources, while less than half used anti-malware or data-loss prevention, for instance. Two in three, however, plan to implement cloud-based provisioning in the next 12 months. The SANS report on BYOD claims there has been improvement in addressing BYOD security and management since the last survey of its kind in March, but that there is still over-reliance on hoping the BYOD user does what he or she promised. The most recent SANS survey shows that those who do have policies are primarily turning to technologies they are familiar with, such as authentication, access controls, firewalls, and VPNs, and applying them to mobile devices. SANS also says employers still appear hesitant to add controls directly onto employee-owned devices because the devices do not belong to the organization.


Hackers' New Super Weapon Adds Firepower to DDOS
Government Computer News (10/24/12) Breeden, John

Public-sector IT workers should prepare themselves to counter an upgraded version of the distributed denial-of-service application favored by the hacker collective Anonymous. The High Orbit Ion Cannon (HOIC) is a substantially upgraded version of the Low Orbit Ion Cannon (LOIC) application that the hacker group has long used to carry out DDoS attacks on the Web sites of government agencies and organizations big and small. Like the LOIC, HOIC is a simple to use application that allows a user to take control of a portion of a botnet and, by coordinating with at least 50 or so other users, launch powerful DDoS attacks on their target of choice. Where HOIC varies from its predecessor is in the scope of the attacks it can launch. Although LOIC users would only be able to target a single URL, usually a Web site's homepage, at a time, HOIC has the ability to simultaneously target and attack all of a site's sub-pages in addition to its homepage. This sort of attack is harder to counter and can even be harder to detect, and IT security workers are advised to upgrade their firewalls and anti-DDoS software to better cope with the new cyberweapon.


Barnes & Noble Customer Data Stolen
CNN Money (10/24/12) Riley, Charles

Barnes & Noble announced Wednesday that the credit card information of customers at 63 of its stores in nine states may have been compromised by a data breach involving PIN pad payment devices. The security breach was discovered by Barnes & Noble in September, but the company waited to announce it to the public at the request of authorities who did not want to prematurely compromise the investigation. The affected stores were in California, Florida, Illinois, Massachusetts, New Jersey, Connecticut, New York, Pennsylvania, and Rhode Island. Barnes & Noble was not certain precisely how many customers had been affected or what the stolen data was being used for. However, the breach prompted the company to disconnect all the PIN pads in its stores in mid-September. Barnes & Noble has also warned that those who have shopped at the affected stores should check their recent credit card activity for any unauthorized transactions and change their PINs.


In Cyberattack on Saudi Firm, U.S. Sees Iran Firing Back
New York Times (10/24/12) Perlroth, Nicole

The cyber attack which took down nearly three-quarters of the computers at the Saudi Arabian oil company Saudi Aramco in August was among the most damaging cyber attacks on a corporate entity to date and many security analysts and officials believe that it originated in Iran. The attack was launched on Aug. 15, when the majority of Aramco's employees stayed home to celebrate the Muslim holy day Lailat al Qadr. Investigators believe that one or more company insiders infected Aramco's network with a virus dubbed Shamoon, possibly using a USB drive, that was programmed to activate itself at 11:08 that morning. Shamoon blitzed the Aramco corporate network, deleting files, documents, and e-mails and rendering computers useless by overwriting their system files with images of a burning American flag. Aramco immediately shut down its corporate network and are only now allowing their employees limited access to the rebuilt network. A group calling itself the "Cutting Sword of Justice" claimed responsibility for the attack, but many officials and security experts believe the Aramco attack and a similar one against the Qatari natural gas firm Ras Gas were the work of Iran. File names and other clues in the code of Shamoon have led analysts to conclude that the attack was meant as retaliation for the Flame and Wiper malware that were discovered to have been spying on and undermining Iranian oil companies earlier this year. It still remains unclear who created Flame and its related malware, but many believe it to have been a product of the same joint U.S.-Israeli cyber warfare program that produced the Stuxnet computer worm.


Apple Drops Java After Security Scare
CRN Australia (10/22/12)

Apple recently announced that it will remove old versions of Oracle's Java software when its customers install the most recent update to its Mac operating system. Apple added that customers will need to obtain Java from Oracle's website if they want to access Web content written written in the widely-used computer language. While Apple did not cite a specific reason for the change, both it and Oracle said two years ago that Apple would one day stop providing Java software to Mac customers. The move comes after Java experienced a security scare that prompted security experts to warn computer users to use the software on an as-needed basis. European security experts in August discovered Java bugs that hackers had exploited to launch attacks. New security vulnerabilities have since been discovered in Java that could make computers vulnerable to cyber attacks. However, removing Java from Mac browsers will reduce the chances that Mac users will fall victim to attacks that exploit Java vulnerabilities, said Security Explorations researcher Adam Gowdiak.


Abstracts Copyright © 2012 Information, Inc. Bethesda, MD


  ASIS also offers a daily and a non-sponsored, special-content Professional Edition of
Security Newsbriefs. Please click to see a sample or to contact us for more information.

Unsubscribe | Change E-mail | Advertising Opportunities | Security Management Online | ASIS Online

No comments:

Post a Comment