Friday, May 31, 2013

Security Management Weekly - May 31, 2013

header

  Learn more! ->   sm professional  

May 31, 2013
 
 
Corporate Security
  1. "Disneyland Employee Held in Toontown Dry Ice Explosion" California
  2. "One Man Arrested, Another Sought in Theft of Explosives From Lincoln County Quarry" Missouri
  3. "Iowa Man's Wal-Mart Scheme 'Elaborate'" Pennsylvania
  4. "Two Men Charged With Operating Home Depot Fraud Ring"
  5. "PC Lockdowns Eyed as IP Theft Tool" Intellectual Property

Homeland Security
  1. "Walking a Fine Line to Prevent Terror"
  2. "More Ricin Mail Sent to Obama"
  3. "Prosecutors: Teen's Plan to Attack School Included Napalm, Background Music" Oregon
  4. "U.K. Suspect Had Ties to Somali Islamists" Stabbing Death of British Soldier
  5. "Officials See Risk in Statue Security Plan" Statue of Liberty

Cyber Security
  1. "Hackers Exploit Ruby on Rails Vulnerability to Compromise Servers, Create Botnet"
  2. "Exposure of DHS Employees' Personal Data Shows Widespread Risk"
  3. "Chinese Hackers Reportedly Accessed U.S. Weapons Designs"
  4. "Stacked Security Tools Detect Less Malware Than Predicted: Study"
  5. "Despite Breaches, Cyber Crime Fight on Right Track, PandaLabs Says"

   

 
 
 

 


Disneyland Employee Held in Toontown Dry Ice Explosion
Los Angeles Times (05/29/13) Blankstein, Andrew

Police in California have arrested Disneyland employee Christian Barnes in connection with a minor explosion that occurred on May 28 in the park's Toontown area. Barnes, who works as an outdoor vendor in the area, allegedly placed a water bottle filled with dry ice in a trashcan. The pressure eventually built up in the bottle and caused it to explode. No one was injured in the subsequent blast and no damage has been reported but it did cause a major disruption, resulting in the Toontown section of the park being closed for two hours. Officials Barnes may have gotten the dry ice to make the bomb from the park. He is being held on $1 million bail on suspicion of possessing a destructive device. Police thought the incident may have been connected with several other dry ice explosions in recent months around the city before settling on Barnes as the suspect. He is said to be cooperating with investigators.


One Man Arrested, Another Sought in Theft of Explosives From Lincoln County Quarry
St. Louis Post-Dispatch (05/29/13) Schlinkmann, Mark

The Lincoln County (Mo.) Sheriff's Department arrested Dylan P. Huber on May 28 after he confessed to stealing more than 100 pounds of explosives from the Fred Weber quarry two weeks prior. Police are still searching for Joshua T. Wilcockson, who is also believed to have been involved in the theft, and whose vacant home was allegedly used to hide the stolen explosives. Police say the suspects had ridden to the quarry on a stolen ATV and where drinking beer when they decided to take some large scraps of metal scattered about the site, left to bring back Huber's truck, and then decided to break into a secured trailer, where they found the explosives. Huber is being held at the Lincoln County Jail on $100,000 bond, and the department has asked anyone with information on Wilcockson's location to call or contact them via their Web site. The pair has been charged with felony theft, tampering with a motor vehicle, and trespassing. The investigation is ongoing.


Iowa Man's Wal-Mart Scheme 'Elaborate'
TribLIVE.com (05/29/13) Pickels, Mary

Jeffrey W. Womochil of Iowa was arrested on May 24 and charged with retail theft, forgery, and providing false identification to police after allegedly stealing $817 worth of Rachael Ray kitchen items from the White Township, Pa., Wal-Mart and then attempting to return them to another Wal-Mart. Police say that Womochil altered the receipts from a purchase of small items to show the stolen goods and attempted to return the stolen items to the Blairsville, Pa., Wal-Mart for cash. An affidavit of probable cause states that a loss prevention employee at the White Township store observed Womochil taking the merchandise without paying, followed him, watched him load them into a van and head toward the roadway leading toward the Blairsville store. The Blairsville store was then informed of the theft. When Blairsville employees refused to accept the merchandise, Womochil left, and police then stopped the van and recovered the items. The investigation is continuing as police found copies of receipts from other Wal-Mart stores. Womochil tried to tell police that he was Jeffrey Lee Robbins of Nebraska, but fingerprints provided police with his true identity.


Two Men Charged With Operating Home Depot Fraud Ring
Security Director News (05/29/13)

Two men who allegedly ran a retail fraud operation that fleeced more than 100 Home Depot stores in 13 states out of more than $300,000 now face federal charges. The men allegedly carried out the scheme by switching the UPC codes of more expensive items with those from cheaper items, going through the self-checkout lines available in the stores, and then making returns without their receipts. For such returns Home Depot requires customers to provide positive identification, but the two men apparently used over 150 different forms of identification to make these returns during their operation. Richard Mellor, the vice president of loss prevention for the National Retail Federation, said the altering of UPC codes and the growing use of self-checkout lines has resulted in more return fraud. He added that certain technologies used by retailers may "make it convenient for the customer and efficient for the retailer [but] it comes with a cost. The cost is you have to be more attentive. You have to spend money to put controls in place."


PC Lockdowns Eyed as IP Theft Tool
InformationWeek (05/28/13) Schwartz, Mathew J.

The recent report by the Commission on the Theft of American Intellectual Property recommends that businesses be allowed to "identify and to recover or render inoperable intellectual property stolen through cyber means." This could involve writing software to allow only authorized users to open files containing valuable information. The Privacy Forum's Lauren Weinstein says this approach is similar to a ransomware attacks now targeting PC users, in which malware can lock a PC and display a "threat of prosecution" warning appearing to be from the Federal Bureau of Investigation or local law enforcement agencies. The FBI says numerous consumers have complained about paying $200 or more in response to what they believed to be a genuine fine. Deploying malware in the service of protecting intellectual property could also face challenges from the information security industry.




Walking a Fine Line to Prevent Terror
Wall Street Journal (05/31/13) Bryan-Low, Cassell

The recent brutal knife attack of a British soldier in London by two suspects who had been on the radar of U.K. anti-terrorism agencies has called into question how extremists who have a known tendency for violence but have not committed a violent act should be treated by law enforcement. Both suspected attackers in this case had been known to British intelligence prior to their slaying of British soldier Lee Rigby, having come up during probes of Islamic extremists, said sources close to the case. The British Intelligence and Security Committee has questioned whether the attack could have been prevented had greater scrutiny been placed upon the alleged perpetrators prior to the incident. Michael Adebolajo, one suspect in the attack, had been known to British authorities since 2010, when he was arrested in November of that year by counterterrorism police in Kenya for allegedly planning to head to Somalia to join al-Shabaab militants. Upon his return to the United Kingdom, police questioned Adebolajo, but no further action was taken. "Did MI5 fall down on the job? My inclination is to have a lot of sympathy with [the agency]," said David Anderson, a lawyer and the United Kingdom's independent reviewer of terrorism legislation. "It is extraordinarily difficult to know who is about to turn violent."


More Ricin Mail Sent to Obama
Wall Street Journal (05/31/13) Barrett, Devlin; El-Ghobashy, Tamer

The FBI is currently looking into two suspected ricin-laced letters sent to President Obama and another letter sent to New York City Mayor Michael Bloomberg. One of the letters addressed to Obama was discovered May 29, following an internal alert sent out among law enforcement officials warning them to keep an eye out for dangerous letters like the one previously sent to Bloomberg, according to law enforcement. Both of the letters sent to Obama, and the letter sent to Bloomberg, were postmarked from Shreveport, La. The letter sent to Obama was marked as suspicious simply from the look of its packaging, according to federal officials. Meanwhile, federal agents reported three other suspected ricin-laced letters sent from Spokane, Wash., one which was postmarked to the president, another to Fairchild Air Force Base near Spokane, and the third to the CIA, according to the FBI. Of those, the letter sent the president tested positive for ricin, the one addressed to the military base is still undergoing testing, and the one addressed to the CIA has not been located. The FBI said no illnesses have been reported from any of these incidents.


Prosecutors: Teen's Plan to Attack School Included Napalm, Background Music
CNN (05/29/13) Marquez, Miguel; Almasy, Steve

Authorities in Oregon say that the 17-year-old boy who was planning to attack his high school seems to have been inspired by a desire to outdo the Columbine High School massacre in 1999. Officials say that Grant Acord, who was arrested May 23, had planned to use napalm bombs and firearms to attack West Albany High School in Albany, Ore., and eventually kill himself before police could. Investigators said Acord had notebooks and other documents that contained handwritten and typed plans, including diagrams, to kill large numbers of people at the school. The plans detailed how Acord would have packed his truck with guns and bombs at home, attended first period class, then gathered his weapons and launched an attack on the school a little after 11 a.m., according to police. The plan said Acord would first check for a school resource officer around the perimeter of the school, and if none was there, then he would back his truck up to an exit he had previously staked out and commence the attack. He detailed the precise actions of his attack in the plan, saying he would: "Get gear out of trunk. Carry duffle in one hand, napalm firebomb in the other, walk towards school with (Airport Stalk music from the Call of Duty video game) blasting out of car. Drop duffel. Light and throw napalm, unzip bag, and begin firing." The plan ended with him committing suicide before police engaged him, according to police. Acord has been charged as an adult with attempted aggravated murder and 18 other charges related to making and possessing a destructive device.


U.K. Suspect Had Ties to Somali Islamists
Wall Street Journal (05/28/13) Abshir, Idil; Bryan-Low, Cassell

Michael Adebolajo, a suspect in the slaying of British soldier Lee Rigby, was apparently associated with people connected to the violent extremist group al-Shabaab and helped recruit for the group, according to people familiar with a 2010 trip to Kenya that he took. During that trip, Adebolajo and several others were detained by Kenyan counterterrorism police shortly after the group arrived on Pate Island, located about 40 miles from Somalia, seeking passage into the country. Kenyan officials deported Adebolajo back to the United Kingdom, where he was turned over to British authorities. According to a cleric in Mombasa, Kenya, Adebolajo worked closely with Aboud Rogo, a preacher and outspoken al-Shabaab supporter who was shot and killed by Kenyan police in 2012. The cleric said Adebolajo was also part of the Muslim Youth Center (MYC) in Somalia, of which Rogo was the ideological leader. According to a U.N. report on the group, MYC used to mobilize resources and recruits for al-Shabaab's activities in Kenya and Somalia. The cleric explained Adebolajo "was attending most of the sermons, and he was amongst the people who used to recruit young Kenyans." He added, "Rogo was coordinating through him."


Officials See Risk in Statue Security Plan
Wall Street Journal (05/28/13) Shallwani, Pervaiz

New York officials have asked the National Park Service (NPS) to review security procedures for the Statue of Liberty and Ellis Island, which are scheduled to reopen to the public on July 4. Under the NPS plan, visitors will be initially screened at Ellis Island, after they have boarded a ferry from New Jersey or Manhattan. Visitors who want to visit the statue as well will undergo a second screening. New York Police Commissioner Ray Kelley and Sen. Charles Schumer (D-N.Y.) have asked NPS to keep in place the previous screening procedure, which required visitors to undergo security checks before boarding the ferry. Both argue that the new plan heightens security risks to the monuments. The NPS, on the other hand, argues that security screening prior to boarding the ferry had always been seen as a temporary measure to be replaced by the new screening facility on Ellis Island. Construction of that facility was accelerated when Ellis Island and Liberty Island were closed for repairs after sustaining damage from Hurricane Sandy in October 2012.




Hackers Exploit Ruby on Rails Vulnerability to Compromise Servers, Create Botnet
IDG News Service (05/29/13) Constantin, Lucian

Hackers are actively taking advantage of a critical flaw in the Ruby on Rails Web application development framework in order to breach Web servers and create a botnet. Although the Ruby on Rails development team issued a security patch for the flaw back in January, some server administrators have not yet updated their Rails installations, allowing attackers to continue to exploit it. The exploit currently being used by attackers adds a custom cron job—a scheduled task on Linux machines—that carries out a series of commands. Those commands download a malicious C source file from a remote server, compile it locally, and execute it. The resulting malware is a bot that attaches to an Internet Relay Chat (IRC) server and joins a predetermined channel, where it awaits commands from the attackers. A precompiled version of the malware also is downloaded in the event the compilation procedure fails on the compromised systems. Users are urged to update the Ruby on Rails installations on their servers to at least versions 3.2.11, 3.1.10, 3.0.19, or 2.3.15, which contain the patch for this vulnerability.


Exposure of DHS Employees' Personal Data Shows Widespread Risk
NextGov.com (05/29/13) Sternstein, Aliya

U.S. Department of Homeland Security (DHS) officials have notified personnel of a data breach that potentially exposed the personal information of department employees who have undergone background investigations. The breach was the result of an unspecified vulnerability in a vendor's software that could have allowed unauthorized access to a database containing the names, social security numbers, and dates of birth of several DHS employees. Other than saying that the data in question had been at risk since July 2009 but that there was no evidence the data had been compromised, DHS has detailed little about the breach, declining to specify the vendor in question or how the vulnerability was discovered. This is an example of vendor coding errors putting personal and other sensitive governmental data at risk. Earlier this year a vulnerability was discovered in the General Services Administration's System for Award Management contracting registry that could have allowed unauthorized users to view the personal and proprietary data of contract awardees. According to a 2011 study by Veracode, government software applications suffer from 40 percent more easily abused or exploited coding mistakes than applications used in the private sector. This is, at least in part, due to a lack of stringent security testing requirements in business agreements with vendors, an issue being addressed by several federal initiatives including a provision of the 2013 National Defense Authorization Act.


Chinese Hackers Reportedly Accessed U.S. Weapons Designs
CNet (05/27/13) Musil, Steven

Chinese hackers reportedly accessed designs for some advanced U.S. weapons systems, according to a confidential report prepared by the Defense Science Board for the Pentagon. The report listed some two dozen compromised systems, including an advanced Patriot missile system known as PAC-3, as well the F/A-18 fighter jet, the V-22 Osprey, and the Black Hawk helicopter. According to experts, the Chinese could use this information to speed-up development of their own military systems, and ultimately weaken the overall U.S. military position. "This is billions of dollars of combat advantage for China," a senior military official said. "They've just saved themselves 25 years of research and development." A public version of the report said the Chinese cyber threat was "serious" and likened it to "the nuclear threat of the Cold War." The report went on to say the U.S. Department of Defense "is not prepared to defend against this threat."


Stacked Security Tools Detect Less Malware Than Predicted: Study
eWeek (05/26/13) Lemos, Robert

Using two security products in tandem can improve attack detection rates, but at lower rates than expected, research finds. In tests over the past 18 months, NSS Labs evaluated 37 intrusion-prevention systems, antivirus programs, and next-generation firewalls and found that none of them thwarted every attack in the company's testing pool. Although 19 out of the 606 combinations of two security products were able to stop all attacks, combining two products tended to not deliver the expected level of improvement, NSS' Stefan Frei says. The test results indicate that security applications, even those from different vendors, tend to miss the same exploits. For example, in tests carried out against next-generation firewalls in 2013, eight attacks circumvented all nine devices tested, while it took at least 12 intrusion-prevention platforms to block all the exploits in the 2012 tests of those devices. The report determined that, regardless of the security products used, it is highly likely that a cybercriminal will be able to successfully breach multiple layers of security of a targeted organization, or successfully attack a large number of different organizations.


Despite Breaches, Cyber Crime Fight on Right Track, PandaLabs Says
TechJournal (05/24/13)

PandaLabs says efforts to curb cybercrime are on the right track despite multiple security incidents taking place during the first quarter of 2013. Its quarterly report found that global cooperation among security agencies is working, and criminals are being prosecuted. “The start of the year has been witness to serious cyberattacks, including the hacking of the Twitter accounts of major organizations such as the BBC or Burger King, and one of the biggest attacks ever, targeting some of the world’s leading technology companies," says PandaLabs' Luis Corrons. "But there have been victories for security forces as well, including the arrest of a group of hackers accused of extortion using the infamous 'Police Virus.'" For example, the Technological Investigation Brigade of Spain’s National Police, along with Europol and Interpol, recently dismantled the cybercrime ring responsible for the Police Virus. Corrons notes that nearly all news regarding malware attacks on mobile platforms involved the Android operating system, which has the largest portion of this market. For example, a type of Android malware within Google Play infected cellphones as well as computers via smartphones and tablets.


Abstracts Copyright © 2013 Information, Inc. Bethesda, MD


  ASIS also offers a daily and a non-sponsored, special-content Professional Edition of
Security Newsbriefs. Please click to see a sample or to contact us for more information.

Unsubscribe | Change E-mail | Advertising Opportunities | Security Management Online | ASIS Online

No comments:

Post a Comment