| |
BP Report Warned of Risks in Algeria
Wall Street Journal (02/14/13) P. A9 Faucon, Benoit
Several reports that were being circulated among officials at BP, one of the companies that co-owned the In Amenas natural gas facility that was attacked by terrorists last month, indicates that there was concern at the company about the threat of terrorism in Algeria. Among the internal reports that have recently come to light is a document dated May 2011, shortly after the killing of Osama bin Laden. That report noted that al-Qaida's affiliate in Algeria could ramp up its activity in the wake of bin Laden's death. The May 2011 report also warned about the instability that followed the collapse of Libyan leader Moammar Gadhafi's regime earlier that year. "It will take time for the central government to re-establish order nationwide, and the saturation of arms throughout the country will contribute to lawlessness," the document stated. A subsequent report issued in January 2012 also discussed the threat from al-Qaida, and said that the group was less capable of attacking targets in the U.S. and Europe following the killing of bin Laden. However, the report expressed concern about the threat from militants in Somalia and Nigeria. The report said that the threat from militants in those countries was exacerbated by porous borders, ineffective or non-existent central governments, and readily available weapons and explosives.
Norwalk Man Arrested for Wall Street Theft
Connecticut Post (CT) (02/14/13) Mayko, Michael P.
Agents from the FBI on Feb. 14 arrested Thomas Turey of Norwalk, Conn., the controller at Rothstein-Tauber Inc., for allegedly stealing from company accounts over the past three years. Company lawyers confronted Turey last month about four checks he is believed to have written to cover "a margin call in his personal trading account," according to forensic accountant FBI Special Agent Meaghan Fallon. The FBI investigation discovered that Turey's monthly cash reconciliation reports did not include multiple checks that he wrote to himself. Officials at Webster Bank, where Turey allegedly deposited the checks, flagged the scheme when they noticed the four checks Turey deposited this year were for thousands more than the account usually pays. Turey has been charged with one count of wire fraud, will have to pay restitution, and will likely be fined up to two times the overall amount stolen.
New Policies Ordered on Federal Workplace Violence
Washington Post (02/11/13) Yoder, Eric
Federal officials have been asked to produce more comprehensive policies for preventing and responding to domestic violence, sexual assault, and stalking in government workplaces. The Office of Personnel Management (OPM) has requested these changes so that the Federal government can provide an example for private industry. Guidance issued by OPM is based on recommendations from an interagency workgroup, which was put together at the request of the White House. The guidelines cover a number of concerns, including flexible working schedules, confidentiality, physical security, employee assistance programs, and disciplinary actions against employees who are perpetrators. OPM will also offer a series of Webinars on topics related to the guidance, such as "the impact of domestic and sexual violence on the workplace, the role of employers when responding to domestic violence, sexual assault and/or stalking in the workplace, and the critical components of a workplace response."
Proposed Legislation Would Let Hospitals Form Own Police Departments
FOX59.com (02/10/13) Spehler, Dan
Indiana state Sen. Dennis Kruse recently introduced a bill that would allow hospitals to set up their own private police departments to defend against active shooters and other threats that might arise. Such departments would only have jurisdiction on hospital grounds, similar to how police on college campuses only have jurisdiction within the college limits. Kruse said the police force could help protect against less conventional threats such as mentally unstable patients who gain access to a weapon. "Who knows, if somebody gives [an unstable patient] the wrong kind of weapon, they could go berserk in the hospital, so I think in today's world, it's probably wise for the hospital to have better protection," he said. Establishing a police department would not be mandatory for hospitals and would require the hospital to use money from its own coffers. Kruse said the bill passed a Senate committee unanimously last week and could be considered by the full senate later in the month.
Mall of America Uses Behavior Profiling
SecurityInfoWatch.com (02/08/13) Pittman, Elaine
The Mall of American in Minnesota has instituted widespread behavior profiling in the decade since 9/11, says Security Director Doug Reynolds. While many businesses looking to improve security have resorted to traditional cameras and metal detectors, Reynolds attended a training in Israel to study how behavior profiling is used at Tel Aviv's Ben Gurion International Airport. He then brought in former Israeli Airports Authority security agent Michael Rozin to help adapt behavioral profiling best practices to the needs of the mall. Together, Rozin and Reynolds developed a Risk Assessment and Mitigation (RAM) program that uses a small percentage of traditional security staff to search for out-of-place objects or behaviors, run security interviews, and handle operational deployment. Officers also work closely with local police to obtain additional information during security interviews or if a potential threat is identified. Finally, the RAM program has enlisted aid from a wide array of mall employees, since they are most likely to notice suspicious people or objects.
At Pentagon, 'Pivot to Asia' Becomes 'Shift to Africa'
Washington Post (02/15/13) Whitlock, Craig
Although President Obama intended to focus his foreign policy on Asia when he first took office in 2009, his administration has instead been forced to turn its attention to pressing security problems in Africa. Since the creation of the U.S. military's Africa Command in 2007, the Pentagon has slowly created a network of staging bases in the continent, including bases in Ethiopia and the Seychelles for launching drones and a forward operating base in Kenya for special operations forces. The Defense Department is also working on plans to open a drone base in Niger, a West African nation that borders several countries dealing with the threat from al-Qaida's affiliates and other Islamist militants. Meanwhile, a small rapid-reaction force has been approved for Africa Command, following criticism from some in Congress that the Pentagon was not able to appropriately respond to the attack on the U.S. diplomatic post in Benghazi, Libya, last fall. Pentagon officials say that the attention that is being paid to Africa is necessary because the U.S. needs to halt the spread of al-Qaida affiliates in North Africa and Somalia. However, Pentagon officials also say that more military resources need to be deployed to Africa to combat this threat.
DHS IG Finds 22 Ports Not Adequately Screening Cargo Containers for Radiation
HSToday.us (02/13/13) Kimery, Anthony
Cargo that arrives at the 22 U.S. ports that handle the highest volume of shipping containers might not be adequately screened for radioactive signatures that could be a warning of a nuclear device entering the country, according to a recent audit by the Department of Homeland Security's Office of Inspector General. The audit report, called "United States Customs and Border Protection's Radiation Portal Monitors at Seaports," said that some radiation portal monitors (RPM) were "utilized infrequently or not utilized at all" when examining cargo making its way through the port. The report further found that U.S. Customs and Border Protection (CPB) did not properly gather and review RPM utilization data to ensure the monitors were being used to their fullest extent. "Unfortunately, this report shows that this critical port security technology ... is not being managed as effectively as it must be," said Rep. Bennie G. Thompson (D-Miss.), a ranking member of the House Committee on Homeland Security. "With limited resources to scan the millions of containers entering the U.S. each year, we cannot afford to mismanage this critical technology resource." The report specifically found that CPB does not properly gather information to ensure ports are using all of their RPMs efficiently, does not adequately monitor the screening environment and move RPMs accordingly, and does not accurately track and monitor the inventory of RPMs.
Thailand Tightens Security at U.S. Consulate
Associated Press (02/12/13)
Security has been beefed up at the U.S. consulate in Thailand's northern Chiang Mai province amid concerns that it could be targeted by terrorists. The additional security, which was put in place on Feb. 6, includes the deployment off additional Thai security personnel at the facility. Thai officials said that the security was put in place because domestic intelligence sources indicated that the consulate was possibly being targeted by al-Qaida and Salafist terrorist groups. Thailand's Deputy Prime Minister, Chalerm Yubumrung, refused to provide additional information about the threat. However, he did say that the additional security will remain in place at the consulate until the conclusion of multinational military exercises that the U.S., Thailand, and several other countries are taking part in. Those exercises began on Monday and will wrap up on Sunday. The possible threat to the U.S. consulate comes despite the fact that Thailand has not been a major target for terrorist attacks. However, there were concerns last year that terrorists may have been planning attacks in Bangkok. That case ended with the arrest of a suspect who was accused of possessing thousands of pounds of fertilizer that could be used to construct bombs.
Del. Police Continue Probe of Courthouse Shooting
Associated Press (NY) (02/12/13) Chase, Randall
A shooting at New Castle County Courthouse in Delaware on Feb. 11 left three people dead, including the gunman. The gunman -- who has yet to be identified -- entered the courthouse and opened fire with a semiautomatic pistol on two women, one of whom is believed to have been his estranged wife who was involved in a custody dispute with him. A witness at the scene said the shooter exchanged fire with two police officers before being shot and falling to the floor. Police officials said the two officers were shot in the gunfight but only sustained minor injuries because of their bulletproof vests. The officers were treated at a local hospital and later released. Officials said the gunman opened fire outside of the security perimeter at the courthouse where people line up to go through metal detectors. A witness described the shooter as a heavyset man in his 50s. Police are in the process of reviewing surveillance footage and taking witness statements.
Blimplike Aircraft May Soon be Used to Protect Washington
Reuters (02/12/13) Wolf, Jim
The North American Aerospace Defense Command (NORAD) has announced the launch of two 243-foot blimplike aircraft that will protect Washington, D.C., from air attacks for as long as three years. The helium-filled "aerostats" will be moored to the ground and fly up to 10,000-feet in the air, operating as part of the city's Joint Land Attack Cruise Missile Defense Elevated Netted Sensor System (JLENS) beginning on Sept. 30. One of the aerostats will use long-range surveillance radar with a range of up to 340 miles, while the other uses radar used to target potential threats. Officials say the $450 million system will provide faster detection times, giving the military more time to react to threats than ground-based radar. "We're trying to determine how the surveillance radar information from the JLENS platforms can be integrated with existing systems in the national capital region," said NORAD spokesman Michael Kucharek.
Zero-Day PDF Exploit Affects Adobe Reader 11 and Earlier Versions, Researchers Say
IDG News Service (02/13/13) Constantin, Lucian
Attackers are actively using a remote code execution exploit that infects the latest versions of Adobe Reader 9, 10, and 11, warn FireEye security researchers. The attack drops and loads two DLL files on the system. The researchers say one file displays a fake error message and opens a PDF document that is used as a decoy. The second DLL installs a malicious component that calls back to a remote domain. It is unclear whether the PDF exploit is being delivered over email or over the Web, but FireEye researchers say users should not open any unknown PDF files until the exploit is patched. A successful exploit against a sandboxed program would have to leverage multiple flaws, including one that allows the exploit to escape from the sandbox. Such sandbox bypass flaws are rare, since the code that implements the actual sandbox in most cases is carefully reviewed and is fairly small in length compared to the program's overall codebase that could contain vulnerabilities. BitDefender's Bogdan Botezatu believes bypassing the Adobe Reader sandbox is a difficult task, but he expected this to happen at some point because the large number of Adobe Reader installations makes the product a lucrative target for cybercriminals.
Researchers: Surveillance Malware Distributed Via Flash Player Exploit
PC World (02/12/13) Constantin, Lucian
The antivirus vendor Kaspersky Lab recently announced that several political activists from the Middle East were targeted in attacks that used a Flash Player vulnerability to install a so-called lawful interception program named DaVinci. The program, which was manufactured by the Milan-based company HackingTeam, is purportedly only for the use of law enforcement officials. It allows users to record audio from chat programs like Skype, Yahoo Messenger, Google Talk, and MSN Messenger, steal Internet browsing history, turn off a computer's microphone and webcam, steal credentials stored on a computer, and more. Kaspersky said it detected about 50 incidents where DaVinci was used for illicit information gathering from users in countries that included Saudi Arabia, Turkey, and Iran. The Flash Player vulnerability, identified as CVE-2013-0633, was patched by Adobe on Feb. 7. It is still unclear if HackingTeam sold the zero-day exploit with the surveillance program or if the purchasers found the exploit on their own and used it to drop the program onto victims' computers.
Software Vulnerabilities Rise Again After 5-Year Decline
eWeek (02/11/13) Lemos, Robert
The number of software vulnerabilities tracked by the National Vulnerability Database in 2012 reversed a five-year decline, according to a new NSS Labs report. Software made by Adobe, Mozilla, and Oracle contained the highest number of critical flaws, while Microsoft was the sole entity to have fewer vulnerabilities in 2012 than its average over the past decade. NSS Labs research director Stefan Frei used the Common Vulnerability Scoring System to rate the vulnerabilities, ranking scores 7.0 or more as high-criticality. The report notes that low-complexity attacks have declined in the past decade, while medium-complexity attacks have increased. Frei points out that Web sites and services cannot be legally tested by researchers in the same manner as source code and binaries, and only a few Web companies, such as Google and Facebook, have asked researchers to test their systems.
Myanmar Denies Hacking After Gmail Warnings
The Wall Street Journal (02/11/13) Mahtani, Shibani
The Myanmar government has denied allegations from Google that its agencies were involved in the attempted hacking of the Gmail accounts of more than a dozen journalists covering the country. The alerts were sent to the journalists over the past week and prompted them to change their account credentials as well as tighten their security protocols to prevent state-sponsored hacking. Journalists say the alerts harken back to a time when the Myanmar government silenced the press by jailing journalists, monitoring their communications, and instituting tight censorship. "We don't know why they are checking us, or how far they are checking us, or who these state-sponsored groups are," said Zaw Ye Naung, the editor-in-chief of Eleven Media, an online publication. "This is not a good situation amidst the reform process." Google would not divulge how it determines if a hacking attempt is state-sponsored, but Eric Grosse, the company's vice president for security engineering, said its analyses "strongly suggest the involvement of states or groups that are state-sponsored."
U.S. Said to Be Target of Massive Cyber-Espionage Campaign
Washington Post (02/10/13) Nakashima, Ellen
The United States is the target of a massive, sustained cyber-espionage campaign that threatens the country's economic competitiveness, according to the National Intelligence Estimate (NIE). The report identifies China as the most aggressive country in trying to penetrate U.S. computer systems, although Russia, Israel, and France also were cited as having engaged in hacking for economic intelligence. Cyber-espionage increasingly is threatening the U.S.'s economic interests and the Obama administration is looking for ways to counter the online theft of trade secrets. "We need the NIE on cyber for a systematic and comprehensive understanding of what the most dangerous technologies are, who are the most threatening actors, and what are our greatest vulnerabilities," says former deputy defense secretary William J. Lynn III. A majority of China's cyberattacks are thought to be aimed at commercial targets with ties to military technology. "The problem with foreign cyberespionage is not that it is an existential threat, but that it is invisible, and invisibility promotes inaction," according to a former government official. “It’s fair to say we’re already living in an age of state-led cyberwar, even if most of us aren’t aware of it,” says Google CEO Eric Schmidt.
Abstracts Copyright © 2013 Information, Inc. Bethesda, MD |
No comments:
Post a Comment