Friday, April 26, 2013

Security Management Weekly - April 26, 2013

header

  Learn more! ->   sm professional  

April 26, 2013
 
 
Corporate Security
Sponsored By:
  1. "Marathon Tragedy Should Bring Security Back to Where it Should Be, Security Official Says"
  2. "Why Jet Owners Don't Want to Be Tracked"
  3. "Security Firms Stand to Profit in Wake of Boston Marathon Bombings"
  4. "Elevated Risk" Risk Management and Security at Utilities
  5. "Protecting Company Coffers" Insider Fraud

Homeland Security
Sponsored By:
  1. "Times Square Was a Target, Officials Say"
  2. "CIA Pushed to Add Boston Bomber to Terror Watch List"
  3. "Federal Agents Search Mississippi Site in Ricin Investigation"
  4. "Boston Suspects Are Seen as Self-Taught and Fueled by Web"
  5. "Iran Denies Link to What Canada Calls Thwarted Train Terror Plot"

Cyber Security
  1. "Judge Denies FBI Request to Hack Computer in Probe"
  2. "Zero-Day Vulnerabilities on the Rise, Trend Micro Report Warns"
  3. "Mandiant: No Drop in Chinese Hacking Despite Talk"
  4. "What Nation Does Most Cyberspying?"
  5. "AP Twitter Feed Hacked; No Attack at White House"

   

 
 
 

 


Marathon Tragedy Should Bring Security Back to Where it Should Be, Security Official Says
Security Director News (04/22/13) Canfield, Amy

While security is on the mind of nearly everyone following the Boston Marathon bombing, such vigilance is prone to waning, according to George Rosebrock, the security manager for the McCormick Place convention center in Chicago. Rosebrock said there was a similar concern for security following the Sept. 11 attacks that faded in the period of relative calm that came after them. He said security is always on his mind, especially when it comes to protecting McCormick, a 2.6 million square-foot convention center that sees some 3 million visitors annually. He said he oversees an unarmed security force that patrols the location constantly and knows the ins-and-outs of the massive complex. He also said the facility has some 600 surveillance cameras keeping a lookout for suspicious activity. According to Rosebrock, a place like McCormick--with its high number of visitors, landmark status, and potential for economic damage should it be destroyed--can be a tantalizing target for terrorists. The key to keeping the convention center secure is to be proactive, he explained, saying that "the only way we can do that is with intelligence."


Why Jet Owners Don't Want to Be Tracked
Wall Street Journal (04/19/13) Maremont, Mark; McGinty, Tom

A number of private airplane owners submitted threat information to the Federal Aviation Administration (FAA) in 2011 that has recently been made public. The information was contained in 500 letters written to the FAA in response to a proposed plan that would have allowed the public to access real-time data on the flight paths of private aircraft. Those that wrote letters would have been allowed to keep their information blocked if the proposal had gone forward. Among those who responded were defense contractors such as Lockheed Martin, which said that it was concerned that releasing the data would make its executives the target of terrorists looking for revenge on the company that produces much of the military's drone weaponry. Gas companies, meanwhile, worried about being targeted by environmental extremists. Other major companies that wrote in with concerns included Emerson Electric, Merck, Humana, Aflac, Walt Disney, and News Corp., all worried about security threats posed by a range of groups, from animal-rights activists to anarchists to individual stalkers. A number of security personnel for individual executives, including Bill Gates and Steve Jobs, raised similar objections. With the plan shelved due to objections from plane owners and the general public, more than 5,100 registered aircraft remain allowed to keep their flight data private.


Security Firms Stand to Profit in Wake of Boston Marathon Bombings
Huffington Post (04/16/13) Smith, Gerry

Security companies that provide bomb-sniffing dog units, building guards, explosive detection, and security advice could all see increased business from the fear caused by the recent bombing attack on the Boston Marathon. Paul Stapleton, who runs the New York-based security company Stapleton Group, said his business increased 100 percent since the bombings, causing his staff to have no downtime. He predicts there will be an increase in corporate security, especially security for outdoor events hosted by businesses, in the aftermath of the attacks. Robert Silbering, a special adviser to the chairman at the security firm T&M Protection Resources, said the Boston attacks could lead to a similar glut in demand for security services as the terrorist attacks on September 11, 2001, did. Global Information Inc., which provides market research on the global security industry, said the private security industry was already projected to increase 5 percent annually to an estimated $63.8 billion in 2016. The attacks in Boston could spur even faster growth, according to Silbering.


Elevated Risk
Public Utilities Fortnightly (04/13) Bochman, Andy

Risk management and security measures are not new concepts for utilities, but industry observers say more needs to be done. IBM is taking a fresh look at the organizational structure and accountability within utilities, and considering how lessons learned in other industries can help utilities address the risks inherent in modernizing their business operations with advanced communication technologies. IBM recommends that utility boards of directors should consider appointing and empowering an executive-level security chief with authority to develop, promulgate, and enforce security policy enterprise-wide. In a cross-industry survey of security leaders last year , IBM found the banking and financial services industries more likely to have their security operations managed by an executive level "influencer" or "protector," while other industries—like the electric sector—often had lower-level personnel in charge of security, and demonstrated behaviors that could be better characterized as "reactive." Changes in the utility industry — such as greater interconnection of customers, markets, control centers, and adjoining utilities — have heightened the need for proactivity. Utility directors need to acknowledge that all utilities are different and that there are different ways to meet these challenges. IBM recommends the appointment and empowerment of an executive-level security chief. This individual should not report to the CIO and should not be aligned with any one business unit. Depending on the organization, the security chief's best leader might be the chief operating officer, or if the position exists, perhaps the chief risk officer. No move would do more to re-set the internal cultural tone and signal to stakeholders of all kinds that the company has revised its approach to addressing the new security threat, and is organizing to meet it head on. The significance of a move like this would be quickly recognized and understood by all stakeholders. Discussions with utilities confirm that a new approach to security governance would bring numerous benefits in risk management and risk reduction, for comparatively modest investments in time and money.


Protecting Company Coffers
Security Management (04/13) Pedneault, Stephen

By establishing basic procedures that are applicable to all employees who have access to company funds, companies can prevent or identify insider fraud schemes before they can cause serious damage. Prevention starts prior to the hiring of an employee, with a background check to see if candidates have a history of stealing from previous employers. Tracking the behavior of existing employees for indications of potential theft, such as the employee living beyond his or her means, is the next step. Companies should consider executing background updates if alarming anomalies appear in employee behavior. Internal controls and duty segregation must be deployed and maintained. A person with access to corporate accounts should be checked by other people tasked with reviewing those accounts. Companies can realize practical controls with existing resources by reengineering the financial processes. This requires the involvement of people who normally are not part of the process. Different aspects of the company's finances should be overseen by different people, and auditors can be valuable in objectively and independently reviewing the system of internal controls and accounting procedures. Appropriate insurance needs to be acquired and maintained in order to complete the antifraud triangle. Coverage will offer a way to recoup embezzled funds, but the victim frequently must incur costs in the form of professional fees to probe the loss and submit the claim. It thus behooves the company to inquire whether the policy also covers the cost of criminal investigation.




Times Square Was a Target, Officials Say
Wall Street Journal (04/26/13) El-Ghobashy, Tamer; Fox, Alison

Investigators probing the Boston Marathon bombings have determined that the suspects were planning to attack New York City. The sole surviving suspect in the attack, Dzhokhar Tsarnaev, told investigators that he and his brother Tamerlan planned to drive to New York City and detonate as many as six additional explosive devices in Times Square. Those devices reportedly included five pipe bombs and a pressure-cooker bomb similar to the ones the Tsarnaevs are accused of using in Boston. Investigators have also determined that the carjacking the Tsarnaevs allegedly carried out before their shootout with police on April 19 was part of their attempt to travel to New York City. But the driver of that car was able to escape and call police after the Tsarnaevs ordered him to get gas for the vehicle. Other officials with knowledge of the investigation say that the plan was not close to being carried out, and that it was likely "just chatter" that the suspects engaged in after being panicked by the release of their photos. These officials have said that the Tsarnaevs did not perform any research on a possible attack on New York City, and did not seem to be in a hurry to get there.


CIA Pushed to Add Boston Bomber to Terror Watch List
Washington Post (04/25/13) Miller, Greg

New information about the CIA's involvement in the investigation into Tamerlan Tsarnaev, one of the Boston Marathon bombing suspects who was killed by police, is raising concerns about problems with the terrorist screening systems that were put in place after the Sept. 11 attacks. U.S. officials said Wednesday that the CIA had asked that Tsarnaev be added to the Terrorist Identities Datamart Environment (TIDE), which provides information to the FBI's main terrorist screening database as well as other terrorist watchlists. The CIA's request reportedly came after the FBI decided in July 2011 to close its inquiry into Tsarnaev's activity. That inquiry, which concluded that Tsarnaev was not a threat, was prompted by warnings from Russian authorities that Tsarnaev was growing increasing radical and that he was planning to travel overseas. The FBI's decision to end its probe of Tsarnaev's activity means that his name might have been removed from a U.S. Customs database just days before he returned to the U.S. from Russia in 2012, despite the fact that he may have still been on the TIDE list at the time. However, the FBI may not have not known that Tsarnaev was still on the TIDE list. As a result, the FBI was not alerted when Tsarnaev returned from Russia, meaning the bureau may have missed a chance to question him in the run up to the Boston Marathon bombings. The episode has also raised questions about whether information sharing procedures that were modified after Sept. 11 need to be altered again, though U.S. officials say that it is not clear that doing so would have prevented the attack on the Boston Marathon.


Federal Agents Search Mississippi Site in Ricin Investigation
Washington Post (04/25/13) Kindy, Kimberly; Tate, Julie

FBI agents are investigating a shut-down martial arts studio in Mississippi to determine if the owner of the studio, James E. Dutschke, might have sent letters laced with ricin to the White House, a U.S. senator, and a county judge. A hazardous materials truck was reportedly parked outside the studio on Wednesday, as was a portable laboratory that was inside a truck. Law enforcement officials would not say whether they believe Dutschke was responsible for sending the letters, though Dutschke is known to have a connection to the Lee County (Miss.) Justice Court Judge Sadie Holland, who received one of the letters. Dutschke ran for a U.S. House seat against Holland's son in 2007, and was criticized by the judge at a campaign stop that year. The focus on Dutschke comes after the previous suspect in the case, Paul K. Curtis, had all charges dropped against him. Curtis told investigators that he believed Dutschke was framing him, and law enforcement officials have confirmed that they believe that Curtis was framed. Dutschke's attorney has admitted that the two men know each other but said they had not been in contact for the past three years. For his part, Dutschke denies Curtis' accusations and says he bears him no ill will, although he did threaten to sue Curtis previously for claiming to be a member of Mensa, a group for people with high IQs.


Boston Suspects Are Seen as Self-Taught and Fueled by Web
New York Times (04/24/13) Cooper, Michael; Schmidt, Michael S.; Schmitt, Eric

Questioning of the lone surviving suspect in the Boston Marathon attack has yielded new information into the motivation of the alleged perpetrators as well as how they learned to build their bombs. During an interview with investigators at a hospital on Sunday, Dzhokhar Tsarnaev admitted that he played a role in the bombings and that he and his brother Tamerlan were motivated by extremist Islamic beliefs. Authorities believe that the radicalization of the suspects most likely took place over the Internet, though they are still searching for who may have indoctrinated them with extremist beliefs or provided them with support. Tsarnaev also told officials that he and his brother were not working with any terrorist groups when they began planning their attack several months ago. However, Tsarnaev did say that he and his brother learned how to make the explosive devices used in the attack by reading an article in the online version of "Inspire," a magazine published by al-Qaida in the Arabian Peninsula. Authorities are now working to corroborate Tsarnaev's statements. If they are true, the case could spark additional concerns about disaffected young men who train themselves to carry out terrorist attacks.


Iran Denies Link to What Canada Calls Thwarted Train Terror Plot
CBSNews.com (04/23/13)

Iran has denied any links to an alleged terrorist plot uncovered by Canadian and American counterterrorism officials. Canadian authorities, working jointly with the FBI and the U.S. Department of Homeland Security, said they recently uncovered a terrorist plot where two men residing in Canada illegally, Chiheb Esseghaier and Raed Jaser, allegedly planned to derail a passenger train. Canadian police arrested the two men and charged them conspiring to carry out an attack and murder people in association with a terrorist group. Canadian authorities said the two men had "direction and guidance" from al-Qaida members in Iran, but they did not go so far as to say the alleged attack was sponsored by the Middle Eastern country. The authorities explained the two men "watched trains and railways" and were still in the preliminary stages of the alleged terror plot. Ramin Mehmanparast, Iran's Foreign Ministry spokesman, denied the claims and said there was "no firm evidence" of Iranian involvement in the plot and groups like al-Qaida had "no compatibility with Iran in both political and ideological fields." Alireza Miryousefi, a spokesman for the Iranian mission to the United Nations, echoed Mehmanparast. "Iran's position against this group is very clear and well known," he said. "[Al Qaeda] has no possibility to do any activity inside Iran or conduct any operation abroad from Iran's territory."




Judge Denies FBI Request to Hack Computer in Probe
Wall Street Journal (04/25/13) Valentino-Devries, Jennifer

Federal Magistrate Judge Stephen Smith in Houston recently denied a request by the FBI for a warrant that he said would allow the agency to remotely "hack a computer suspected of criminal use." A document in the case explained the FBI technique as one where the agency would infiltrate a computer by "surreptitiously installing software," a method commonly used by hackers to commandeer computers and steal sensitive information. The FBI was seeking the warrant to access e-mail contents, documents, chat-messaging logs, and photographs for 30 days taken with the computer's built-in camera. Smith wrote in his ruling the FBI needs to do more to ensure the information gathered is not infringing upon the rights of innocent people. For instance, some of the conversations logged or pictures taken could be of a private nature and completely unrelated to the case. Christopher Soghoian, the principal technologist for the American Civil Liberties Union, said it was also possible an innocent person could be using a computer unknowingly taken over by hackers. Smith cited a lack of specifics on the FBI's end, including not telling him the location of the computer in the warrant and how the bureau would execute the warrant. Soghoian said warrants such as this should follow the rules of wiretap warrants, which require the FBI to prove it is minimizing the amount of data collected on innocents, and that it reports all such warrants to Congress annually.


Zero-Day Vulnerabilities on the Rise, Trend Micro Report Warns
Homeland Security Today (04/13) McCarter, Mickey

Zero-day attacks, the top concern among security professionals, are "growing in sophistication, intensity and severity," according to Trend Micro's new report on cyberattacks spotted in the first quarter of 2013. Zero-day vulnerabilities are continually showing up in applications such as Java from Oracle and Flash Player, Acrobat, and Reader from Adobe Systems, says Trend Micro's Rik Ferguson. The report noted that a major zero-day vulnerability in Java prompted widespread security worries in the first quarter of this year. Ferguson says attackers flocked to the Java flaw because the application is present on a wide array of systems across a sprawling area. The report also said while zero-day vulnerabilities in popular software applications have been rare in the past, the emergence of high-profile flaws in Oracle and Adobe apps left more users that usual susceptible to hackers. "With each quarter, attacks are becoming bolder and more targeted, pointing to concerns far beyond the compromise of personal data," says Trend Micro's Tom Kellermann.


Mandiant: No Drop in Chinese Hacking Despite Talk
Wall Street Journal (04/24/13) Mozur, Paul; Chin, Josh

Some two months after the cyber security company Mandiant released a report chronicling a number of cyber attacks allegedly launched by the Chinese military against U.S. companies, Mandiant CSO Richard Bejtlich announced not much has changed in regards to the number of attacks. Bejtlich said about two dozen of the groups that his company tracks, some of which have close ties with the Chinese government, have been "very busy" despite the increased focus on cybersecurity following Mandiant's report. He said the only major change was a noticeable drop in the number of attacks coming from Unit 61398, a group affiliated with China's People's Liberation Army that Mandiant accused of attempting to hack about 150 victims over a period of seven years. Meanwhile, Verizon Communications and 19 other organizations recently released a report that found that Chinese hacking attempts accounted for 96 percent of "espionage cases" in 2012. "This may mean that other threat groups perform their activities with greater stealth and subterfuge. But it could also mean that China is, in fact, the most active source of national and industrial espionage in the world today," the report concluded.


What Nation Does Most Cyberspying?
Politico (04/23/13) Romm, Tony

China in 2012 was linked to 96 percent of recorded, state-affiliated cyberattacks on company secrets and other intellectual property, according to Verizon’s Data Breach Investigations Report (DBIR) released on Monday. "This may mean that other threat groups perform their activities with greater stealth and subterfuge,” the report says. “But it could also mean that China is, in fact, the most active source of national and industrial espionage in the world today.” Social tactics increased in 2012 as cybercriminals turned to email and other online communication to establish “a foothold in their intended victims’ systems,” according to the DBIR. The report should add weight to cybersecurity arguments as the Senate and President Obama raise questions about the Cyber Intelligence Sharing and Protection Act (CISPA). Verizon's DBIR is the latest in a string of reports pointing to China as a significant source of hacker activity, and Joint Chiefs of Staff chair Gen. Martin Dempsey this week will travel to China to address cybersecurity.


AP Twitter Feed Hacked; No Attack at White House
USA Today (04/23/13) Jackson, David

Hackers on Tuesday breached the Associated Press Twitter account and tweeted "Breaking: Two Explosions in the White House and Barack Obama is injured," causing hysterics on social media until the tweet was announced as fake. The AP took down its Twitter account immediately following the hack attack and announced what had happened. The Syrian Electronic Army, a group of hackers loyal to Syrian President Bashar Assad, claimed responsibility for the hack, tweeting, "Ops! @AP get owned by Syrian Electronic Army! #SEA #Syria #ByeByeObama." The AP's Twitter account has been suspended as the organization works to correct whatever issue led to the breach.


Abstracts Copyright © 2013 Information, Inc. Bethesda, MD


  ASIS also offers a daily and a non-sponsored, special-content Professional Edition of
Security Newsbriefs. Please click to see a sample or to contact us for more information.

Unsubscribe | Change E-mail | Advertising Opportunities | Security Management Online | ASIS Online

No comments:

Post a Comment