Search This Blog

Friday, December 26, 2008

Security Management Weekly - December 26, 2008

header

  Learn more! ->   sm professional  

December 26, 2008
 
 
CORPORATE SECURITY  
  1. " Chinese Warships Embark on Antipiracy Mission" Off the Coast of Somalia
  2. " Insurance Trade Says FTC Order Threatens Consumer Security"
  3. " As Economy Dips, Arrests for Shoplifting Soar"
  4. " Indian Firms Review Security but Hesitate at Costs"
  5. " Terror-Shattered Hotels Reopen As Mumbai Returns to Business"

HOMELAND SECURITY  
  6. " Iraq Militants in Police Battle" Ramadi
  7. " Homeland Security Forecasts 5-Year Terror Threats"
  8. " Iraq Celebrates Christmas as Official Holiday for First Time"
  9. " Jury: 5 Plotted to Kill Soldiers at Fort Dix" Camden, N.J.
  10. " European Countries May Take Detainees" Some Guantanamo Prisoners May be Resettled in Europe as Part of Good Will Gesture to Obama

CYBER SECURITY  
  11. " Cyberwargames Test Readiness for Info Attacks"
  12. " Congress in the Cyber-Crosshairs" Despite Attacks, Congress May Not Tackle Cyber Security Issues
  13. " Foreign Hackers Are Overwhelming U.S. Government Computers, Says Analyst" Heritage Foundation Senior Research Fellow John Tkacik
  14. " Top 10 Threats to Computer Systems Include Professors and Students"
  15. " Survey: Collaboration Applications Inadequately Secured" Rohati Survey Finds Applications Used to Facilitate Communication and Activity Among Employees Lack Security Features


   





 

"Chinese Warships Embark on Antipiracy Mission"
Wall Street Journal (12/26/08)

On Dec. 26, Chinese warships, outfitted with special forces, guided missiles, and helicopters, left for anti-piracy duty off the coast of Somalia. The three vessels--a pair of destroyers and a supply ship--could heighten concerns over expanding Chinese military power. In addition, the mission will challenge China's ability to work with other naval forces monitoring the Gulf of Aden, one of the world's most-traveled sea lanes. Warships from the United States, NATO, India, and Russia are patrolling the pirate-infested Somali waters as well. China stated it was joining the anti-piracy mission on Dec. 23 after the United Nations Security Council sanctioned countries to carry out land and air assaults on pirate bases. Pirates have earned around $30 million from hijacking ships for ransom in 2008, stealing over 40 vessels off of Somalia's 1,880-mile coastline. Sending ships to the Gulf of Aden symbolizes an important step in the growth of China's navy, according to a report the Austin, Texas-based intelligence firm Stratfor. The company states that the mission will be complex, providing crucial on-the-job instruction in refueling, resupply, and repairs far from China, in addition to searching for pirates.
(go to web site)

"Insurance Trade Says FTC Order Threatens Consumer Security"
SC Magazine (12/24/08) ; Kaplan, Dan

According to the American Insurance Association (AIA), the U.S. Federal Trade Commission's (FTC) order requiring nine insurance companies to provide data on how consumer credit information is used to set premiums could violate consumer privacy and raise security concerns. Among the information requested by the FTC under the Fair and Accurate Credit Transactions Act of 2003 is Social Security numbers, mortgage data, and other information, some of which AIA says insurers do not collect. "We are disappointed the FTC chose this route, despite the industry's good-faith efforts to work cooperatively to find a sensible, secure and cost-effective alternative to provide the data the FTC says it needs to conducts its study. The use of a 'compulsory process' does not allay our serious concerns about the handling and protection of massive amounts of consumer data," says AIA Vice President and Assistant General Counsel David Snyder.
(go to web site)

"As Economy Dips, Arrests for Shoplifting Soar"
New York Times (12/23/08) P. A1 ; Urbina, Ian; Hamill, Sean D.

Police departments report that the number of shoplifting arrests is between 10 percent and 20 percent higher this year due to the struggling economy. The actual number of shoplifting incidence is likely higher since most stores handle the matter internally by banning the thief from the store. Although most of the increase is from first-time offenders, organized crime rings are playing a larger role in shoplifting and fraud. The economy has forced many retailers and police departments to reduce staffing levels, making stores more vulnerable to shoplifting. Many stores are also reluctant to instruct employees to question suspicious customers because they don't want to do anything that could result in lost business. Seasonal workers hired for the holiday rush are also less experienced at catching shoplifters and more likely to commit theft themselves. The nonprofit National Association for Shoplifting Prevention estimates that over $35 million in merchandise is stole every day in the United States, with most of the items resold on the Internet. Some Web sites even sell fake receipts that shoplifters can use to obtain a cash refund for stolen goods. In order to combat the rise in retail crime, law enforcement agencies and retailers are working together to try new tactics. One Georgia-based chain of convenience stores has linked its video surveillance system to the local police station, where officers keep a lookout for shoplifters. Shoplifters arrested in Louisiana must now pay a mandatory $1,000 bail or stay in jail until their trial.
(go to web site)

"Indian Firms Review Security but Hesitate at Costs"
Reuters (12/23/08) ; Chandran, Rina

Although Indian hotels and other businesses became acutely aware of the need for increased security and terror insurance in the wake of the terrorist attacks on Mumbai last month, the tough economy and the need to save money could prevent companies from improving their security, experts say. According to Raghu Raman, the chief executive of the security firm Mahindra Special Services, tight budgets are forcing most Indian companies to simply purchase inexpensive metal detectors. In addition, many Indian businesses do not have a proper security plan in place because they just want to be seen as doing more to improve security so that they can reassure their employees, Raman said. Meanwhile, some companies could stop adding terror insurance to their standard fire policies in an effort to save money, said Radhakrishna Chamarty, the director of India Insure Risk Management & Insurance Broking Services. Chamarty noted that while businesses of all sizes see the need for terror insurance, they believe that insurance is an expense that can be cut during difficult economic times.
(go to web site)

"Terror-Shattered Hotels Reopen As Mumbai Returns to Business"
Wall Street Journal (12/22/08) P. A1 ; Anand, Geeta; Bellman, Eric

On Dec. 21, Mumbai, India's Taj Mahal Palace & Tower and Trident-Oberoi hotels reopened for the first time since the terrorist attacks that killed 171 individuals last month. Increased security was put in place for the reopening of the hotels. For instance, a baggage scanner was installed right outside the entrance of the Trident, and a policeman stood watch in the driveway, ensconced in a series of sandbags with his gun directed at the entrance. Guests and their hand luggage were searched. Meanwhile, outside the Taj, security officers stopped patrons and searched bags at a couple of checkpoints prior to accessing the lobby entrance, where all baggage was put through a baggage scanner. Guests entered via a metal detector. The hotels restarted business following three weeks of hurried repairs and reconstruction. At the Taj, which reopened its newer tower wing but left closed the older "heritage" wing that received the bulk of the terrorist attacks, employees replaced marble destroyed by grenades, removed bullets from the walls, replaced broken glass, repainted large sections of the lobby and restaurants, and fixed the main kitchen. The Trident, the 550-room tower that is located in the Trident Oberoi complex, reopened after busted lobby windows and sections of the wooden pillars and marble flooring in the lobby were fixed. It will take around six months and cost about $10 million to reopen the Oberoi and its restaurants.
(go to web site)

"Iraq Militants in Police Battle"
BBC News (12/26/08)

Six Iraqi policemen and seven detained militants with alleged links to al-Qaida were killed Friday when the prisoners tried to escape from a police station in Ramadi, a city about 60 miles west of Baghdad in Anbar province. According to police, one of the prisoners overpowered an officer as he was being escorted from his cell to use the bathroom. The prisoner then grabbed the officer's weapon and shot him. After shooting the officer, the prisoner opened up the other cells to release his fellow prisoners, who then used weapons from the police station's armory to open fire on the other police officers. Three of the prisoners were able to escape during the gun fight. Police are conducting searches throughout Ramadi in an effort to find the escaped prisoners.
(go to web site)

"Homeland Security Forecasts 5-Year Terror Threats"
Associated Press (12/25/08) ; Sullivan, Eileen

The Department of Homeland Security has released its Homeland Security Threat Assessment report, which looks at the threats the United States will face between now and 2013. According to the report, which was distributed to law enforcement, intelligence officials, and the private sector, terrorist attacks that are committed with weapons of mass destruction are the most dangerous types of attacks that could be launched against the United States. However, the report noted that such attacks are also the most unlikely because terrorist groups such as al-Qaida cannot easily obtain the materials needed to make these weapons. Nevertheless, terrorists could try to conduct an attack using biological weapons sometime over the next five years, according to the report. The report also noted that cyber attacks will be another growing terror threat over the next five years. Although al-Qaida currently lacks the ability to conduct cyber attacks, they do have the capability of hiring sophisticated hackers to carry them out, the report said. The report added that al-Qaida could direct or inspire cyber attacks that target the U.S. economy sometime during the next three to five years.
(go to web site)

"Iraq Celebrates Christmas as Official Holiday for First Time"
Wall Street Journal (12/25/08)

Christians in Iraq quietly celebrated Christmas, with the government referring to the day as an official holiday for the first time. Security concerns, however, marred the day for many celebrants, especially in the north, where thousands of Christians have fled to in an effort to avoid religious attacks in this mostly Muslin country. While security as a whole in Iraq has improved significantly in 2008, a deadly car bombing in Baghdad on the morning of Dec. 25 was a vivid reminder that substantial problems continue. The bombing outside a restaurant killed four individuals and wounded 25 others in the Shiite section of Shula. In addition, an oil official stated terrorists blew up a pipeline in the city of Kirkuk on Dec. 24. Iraq's Christians, thought to comprise just a few hundred thousand of the nation's 26 million people, have frequently been the focus of attacks by Islamic extremists in Iraq. Tens of thousands have left, while many of those who remained were isolated in neighborhoods shielded by barricades and checkpoints. A bombing campaign in 2004 targeted churches in Baghdad, and anti-Christian violence also occurred in September 2007 after Pope Benedict XVI made statements interpreted to be against Islam.
(go to web site)

"Jury: 5 Plotted to Kill Soldiers at Fort Dix"
Associated Press (12/23/08)

A federal jury in Camden, N.J., convicted five Muslim immigrants on Monday for planning to kill soldiers at an Army base at Fort Dix, N.J. In addition to planning to attack Fort Dix, the men--who were not connected to any foreign terrorist organizations--also conducted surveillance at Fort Monmouth, N.J.; Dover Air Force Base in Delaware; and several other military installations. During the trial, prosecutors alleged that the men had talked about attacking some of those locations. However, lawyers for the men argued that their clients were not seriously planning any attacks and that they were manipulated and goaded by two paid FBI informants. The men, who have lived in the U.S. for some time, could face life in prison for their conviction on the charge of conspiracy to kill U.S. soldiers when they are sentenced in April. A sixth man who was involved in the plot has already pleaded guilty to gun offenses.
(go to web site)

"European Countries May Take Detainees"
Washington Post (12/23/08) P. A1 ; Finn, Peter

Senior European officials and U.S. diplomats are reporting that European nations are discussing whether to accept some of the 60 detainees at Guantanamo Bay that have been cleared for release by U.S. authorities. At least six European countries are considering resettling the detainees, who are at "the less dangerous end of the spectrum," according to a recent study by the Brookings Institution. Only two of those countries, Germany and Portugal, have publicly acknowledged that they are considering resettling the detainees. The willingness of European officials to consider taking the detainees marks a significant change in the attitude of European governments, who refused the Bush administration's requests to accept some of the alleged extremists. According to a German official, European governments are considering accepting some of the detainees now because there is a general desire in Europe "to please [President-elect Barack] Obama." The matter still needs to be discussed by all 27 members of the European Union, who need to generally agree on accepting the detainees before they can be resettled. However, the German official said that the requirement should not block a resettlement deal.
(go to web site)

"Cyberwargames Test Readiness for Info Attacks"
Ars Technica (12/22/08) ; Sanchez, Julian

On Dec. 17-18, 230 top leaders from the government and the private sector attended the Cyber Strategic Inquiry. This gathering included a simulation of an attack on America's information infrastructure, run by consulting firm Booz Allen Hamilton in collaboration with Business Executives for National Security. Participants were split into four teams, representing groups that would have to respond quickly in the event of a real attack. Groups that may be affected include Homeland Security, the Defense Department, financial services, telecom, IT, energy, and transportation. According to Booz Allen Senior VP Mark Gerencser, there is currently no set response or "game plan" in case of a cyber attack, and no centralized authority. This reflects recent findings by the Government Accountability Office that said the United States lacked readiness for a cyber attack. At the end of the simulation, Homeland Security Secretary Michael Chertoff called for public-private cooperation in case of a real attack, as well as more openness from normally secretive government agencies.
(go to web site)

"Congress in the Cyber-Crosshairs"
National Journal (12/20/08) Vol. 40, No. 51, P. 18 ; Harris, Shane

Two years ago, seven U.S. House panels and eight members' offices were compromised by malware that could pilfer files and messages, and both the targeted House members and the attackers' Internet addresses suggest that the intrusions originated in China. In a speech before the House, Rep. Frank Wolf (R-Va.), whose office was targeted by the hack, argued that the fear of admitting vulnerability might be one of the reasons underlying U.S. intelligence and national security's reluctance to publicize the breaches sooner. "I strongly believe that the appropriate officials, including those from the Department of Homeland Security and the FBI, should brief all members of Congress in a closed session regarding threats from China and other countries against the security of House technology, including our computers, BlackBerry devices, and phones," he said. There appears to be a strong degree of disinterest from members of Congress about discussing cybervulnerabilities because they have little understanding of such issues. Former director of the DHS' National Cyber Security Division Amit Yoran says members of Congress have to juggle many competing issues, and cybersecurity has had a historically low priority. There is evidence that the expertise of the House and Senate's IT and security departments is very strong, but Yoran says the decision to follow security procedures is left to members and their staffers, who may elect not to follow procedures because they consider it an imposition. The Center for Strategic and International Studies concluded in a recent study prepared for President-elect Barack Obama that Congress is unsuited for managing executive-branch cybersecurity due to the inconsistency and fragmentation of its oversight. The study group recommended that Obama take charge of cybersecurity and establish a new office for cyberspace in the Executive Office of the President that would collaborate closely with the National Security Council, "managing the many aspects of securing our national networks while protecting privacy and civil liberties."
(go to web site)

"Foreign Hackers Are Overwhelming U.S. Government Computers, Says Analyst"
Security Management (12/08) ; Wagley, John

Experts estimate that foreign hackers have illegally accessed over half of the U.S. government and military computers that they are interested in. Heritage Foundation senior research fellow John Tkacik called cyber attacks supported by the Chinese government the "single biggest military and intelligence threat the U.S. faces." There were 43,880 incident of malicious activity against Department of Defense and defense company computers in 2007, a 31 percent increase from 2006. Although statistics have not yet been released for 2008, there have been a number of high-profile attacks, including successful breaches of both major presidential campaigns, the World Bank, and the White House. Although many politicians have hesitated to publicly blame China, data suggests that Chinese intelligence plays a large role in many cyber attacks. Experts also believe that Russia has been involved in major cyber attacks in Estonia and Georgia over the pas two years. Several vital Georgian Web sites were struck at the same time Russian troops attacked, marking the first time that cyber attacks were used during a military first strike.
(go to web site)

"Top 10 Threats to Computer Systems Include Professors and Students"
Chronicle of Higher Education (12/19/08) Vol. 55, No. 17, P. A9 ; Young, Jeffrey R.

The biggest cybersecurity threat colleges and universities face is malware and botnets, writes Jeffrey R. Young, who compiled a list of the 10 biggest threats to campus computer security based on several recent computing surveys and interviews with more than 12 college IT leaders. A recent estimate by the Georgia Tech Information Security Center found that 15 percent of computers that are connected to the Internet in countries around the world are part of botnets, which are often used by cybercriminals to send out spam. In 2007, 10 percent of computers were part of botnets. Botnets and other types of malware are problematic because they get upgraded faster than makers of antivirus software can distribute new antivirus signatures to identify and block the malicious programs, says the Internet2's Joseph E. St. Sauver. Another major problem for colleges and universities is the theft of computers with sensitive data, a crime that has increased in frequency every year for the past five years, a survey by the Campus Computing Project found. The problem could likely become worse in the future as laptops become smaller and flash drives are used to store more information. Experts are urging professors and administrators to encrypt their sensitive data so criminals will not be able to access the information from a stolen laptop.
(go to web site)

"Survey: Collaboration Applications Inadequately Secured"
SC Magazine (12/18/08) ; Moscaritolo, Angela

Many of the collaboration applications businesses use to facilitate communication and activity among workers, including Web-based intranet portals, Microsoft SharePoint, and common Internet file systems (CIFS) lack sophisticated security features, concludes Rohati in its recent survey of 117 CISOs, CIOs, and IT leaders. More than 50 percent of the security leaders surveyed said their businesses rely on collaboration applications. Of those, 71 percent said they are not proactively securing information that passes through these platforms. Rohati's Shane Buckley says almost every organization is likely to have at least one application that does not meet regulatory compliance requirements. "The question is if your risk profile is increasing as you go forward," he notes. "As the collaborative devices are being rolled out, the risk profile is increasing." About 40 percent of those surveyed said the risk of malicious users accessing sensitive data was the chief concern pertaining to collaboration applications. Twenty-nine percent were worried that application vulnerabilities would lead to a data breach, and 14 percent said they were most concerned about the internal abuse of data found on collaboration applications.
(go to web site)

Abstracts Copyright © 2008 Information, Inc. Bethesda, MD


  ASIS also offers a daily and a non-sponsored, special-content Professional Edition of
Security Newsbriefs. Please click to see a sample or to contact us for more information.

Unsubscribe | Change E-mail | Advertising Opportunities | Security Management Online | ASIS Online

No comments: