Search This Blog

Friday, October 28, 2011

Security Management Weekly - October 28, 2011

header

  Learn more! ->   sm professional  

October 28, 2011
 
 
Corporate Security
  1. "Prosecutors: $1 Billion Scam Derailed" Alleged Disability-Pension Scheme at Long Island (N.Y.) Rail Road
  2. "House Bill Would Allow Copyright Holders to Cut Off Pirate Sites"
  3. "$15M Lawsuit in Boston Pizza Delivery Killing"
  4. "French Anti-Piracy Firm Back in Business"
  5. "Hard Times Bring Out the Ethics in Workers"

Homeland Security
Sponsored By:
  1. "Protesters Call for Strike After Veteran Badly Hurt" Occupy Oakland (Calif.)
  2. "RIM Facility Helps India in Surveillance Efforts" Research in Motion
  3. "NYPD Shadows Muslims Who Change Names"
  4. "Congress Looking at Links Between Iran, Latin America"
  5. "U.S. Ambassador to Syria Leaves on Safety Threat"

Cyber Security
  1. "Framework for Building a Vulnerability Management Lifecycle, Program"
  2. "New Mac Trojan Proves There's No Such Thing as a Malware-Proof Platform"
  3. "Malware Loves Windows Task Scheduler"
  4. "'Son of Stuxnet' Virus Targets Specific Organizations, Assets"
  5. "U.S. Fears Science Fiction-Style Sabotage in New Wave of Cyber Attacks"

   

 
 
 

 


Prosecutors: $1 Billion Scam Derailed
Wall Street Journal (10/28/11) Bray, Chad; Grossman, Andrew

Federal prosecutors in New York have broken up an alleged disability-pension scheme that could have potentially defrauded the Long Island Rail Road of as much as $1 billion. The 11 people who have been charged for their alleged involvement in the scheme are the worst of the cases that have been uncovered, though other people could be charged as the investigation into the suspected scheme continues to unfold. Among those charged on Thursday were two orthopedic doctors who together recommended disability benefits for at least 956 employees of the commuter railroad between 1998 and 2008. The doctors are believed to have ordered a number of medical tests that were not needed, which were usually paid for in cash by the employees. One of the doctors allegedly received $2.5 million in direct payments and insurance billings from more than 450 railroad employees from September 2004 and 2009, resulting in over $90 million in disability payments, while the other doctor allegedly received three-quarters of a million dollars in direct payments and insurance billings from more than 130 employees during the same period of time. The second doctor's actions are believed to have resulted in more than $31 million in disability payments. Meanwhile, some of the employees who were charged with being involved in the scheme were allegedly able to retire as young as 50 with pension and disability payments that sometimes equaled the salaries they received while working. Some of these employees were seen playing sports and engaging in activities that their purported injuries would have likely precluded, prosecutors said. The investigation into the alleged scheme followed a 2008 New York Times report that found that nearly every career employee at LIRR was deemed disabled by the federal government's Railroad Retirement Board.


House Bill Would Allow Copyright Holders to Cut Off Pirate Sites
PC Magazine (10/26/11) Hachman, Mark

The U.S. House is considering legislation that would allow copyright holders to cut off funding for Web sites that they believe are infringing on their copyrights. Under the bill, called the Stop Online Piracy Act, individual copyright holders would be able to bypass the court system and ask payment processors or Internet advertising companies to stop doing business with sites that are believed to be engaging in piracy. Such requests could also be made in order to cut off funding for sites that are hosted outside the U.S. Copyright holders will also be allowed to sue the infringing site if payment providers or advertising companies chose not to cut off funding. An owner of a foreign Web site can also be sued if he publicly objects to the copyright holder's complaint. In addition, the bill would give the U.S. attorney general the authority to order Internet service providers and search engines to take steps to prevent consumers from accessing sites that engage in copyright infringement. Rep. Lamar Smith (R-Texas), one of the sponsors of the bill, said that the legislation will prevent the sale of counterfeit goods in the U.S. and will broaden international protections for intellectual property.


$15M Lawsuit in Boston Pizza Delivery Killing
Associated Press (10/26/11)

A $15 million wrongful death and negligence lawsuit has been filed against Domino's Pizza and Deutsche Bank by the family of a Boston pizza delivery man who was lured to an empty home, robbed and stabbed to death. On September 1, 2010, 58-year-old Richel Nova was killed after making a delivery to a vacant home owned by Deutsche Bank. Nova's son and estate administrator, Irving Lara, claims that the pizza company should have posted safety instructions for drivers and should have known that sending a driver to the back of a home puts drivers at a higher risk of assault. The suit also accuses the bank of failing to secure the empty home from criminal use.


French Anti-Piracy Firm Back in Business
BBC News (10/25/11)

The French government has lifted restrictions on the anti-piracy company Trident Media Guard (TMG) that were put in place following a hacking attack against the company in May. Under the restrictions, TMG was required to send details of accused illegal file-sharers via mailed DVDs instead of online. The French data authority says it is satisfied with TMG's new security measures to prevent another data breach and the company can now resume sending digital reports. France's anti-piracy unit HADOPI employs TMG to monitor peer-to-peer networks and submit data on IP addresses associated with illegal downloading. Under new regulations, suspected offenders receive three warnings, after which they are reported to a judge who may bar them from accessing the Internet.


Hard Times Bring Out the Ethics in Workers
CNet (10/24/11) O'Reilly, Dennis

As the Ethics Resource Center prepares to conduct its 2011 National Business Ethics Survey, it reminds companies that its most-recent survey in November 2009 showed that, despite expectations, the weak economy resulted in a reduction in unethical behavior in the workplace. The survey found that 49 percent of respondents said they witnessed unethical behavior in the past year, compared to 56 percent of respondents in the 2007 survey. The most common unethical behaviors witnessed included misuse of company resources, reported by 23 percent of respondents, followed by abusive behavior, lying to employees, e-mail and Internet abuse, conflicts of interest, and discrimination. The survey also found that 63 percent of people witnessing unethical behavior reported it, up from 58 percent in 2007. The ERC survey shows the importance of having a business culture that is invested in ethical behavior. That investment is not limited to looking out for bad behavior, although it is important to keep in mind that unethical behavior is often the result of stress on an otherwise good employee. Maintaining ethical behavior is also about maintaining morale and high standards in difficult times, an act that starts at the top and encompasses all executives, employees, and contractors.




Protesters Call for Strike After Veteran Badly Hurt
Reuters (10/28/11) Henderson, Peter

The organizers of the Occupy Oakland protest say that they plan to hold a strike to shut down the California city next week to express their anger at the treatment demonstrators have received at the hands of police and others. Protesters are particularly upset about the injuries Iraq War veteran Scott Olsen received during recent clashes between demonstrators and Oakland police. Olsen suffered a fractured skull on Tuesday when he was allegedly hit in the head by a tear gas canister that had been launched by police. Occupy Oakland organizers have said that the incident was part of the "brutal and vicious" treatment of demonstrators by law enforcement. Meanwhile, organizers of the Occupy Wall Street protest in New York City say that they may have to soon leave Zuccotti Park given the fact that demonstrators in other cities have been evicted from their encampments.


RIM Facility Helps India in Surveillance Efforts
Wall Street Journal (10/28/11) Sharma, Amol

Research in Motion, the maker of the BlackBerry smartphone, established a facility in Mumbai, India, earlier this year to allow the Indian government to perform some surveillance on BlackBerry services. When Indian investigators want to wiretap someone, they submit the name of the individual to the facility. RIM then responds by sending Indian investigators the decoded messages the individual has sent through services such as the BlackBerry Messenger service. However, RIM will only do this if it is sure that the request for the messages is legally authorized. Despite the opening of the facility, the Indian government remains unhappy with its ability to perform surveillance on BlackBerry services. The Indian government is still unable to intercept and decode corporate BlackBerry e-mail messages, which use a stronger form of encryption than consumer services. In addition, Indian officials would prefer to decode messages sent via BlackBerry's consumer services themselves instead of having the Mumbai facility do it for them. Although it is dissatisfied with the level of surveillance it can conduct on BlackBerry services, the Indian government is no longer threatening to shut down those services as it did last year.


NYPD Shadows Muslims Who Change Names
Wall Street Journal (10/26/11)

Documents obtained by the Associated Press show that the New York Police Department pays close attention to Muslims who adopt American-sounding names, as well as Muslim converts who adopt Arabic-sounding names as a public display of their faith. Although everyone in New York City who changes his name is monitored by the NYPD, those with Arabic-sounding names and those who may be from predominantly Muslim countries are sometimes subjected to background checks. These background checks focus on the individual's travel records, criminal history, business licenses, and immigration documents. Information that was gleaned from these background checks, even if it did not point to anything criminal or related to terrorism, was cataloged so that it could be accessed by police at a later time. Beginning in late 2009, some of the people who were investigated via background checks were also questioned for police. However, people who were approached by the police could not be forced to talk, and many did not want to. Current and former NYPD officials said that the program was developed amid concerns from NYPD intelligence chief David Cohen that terrorists could adopt American-sounding names in order to keep a low profile before carrying out an attack. The program was eventually scaled back as police began interviewing people with Arabic-sound names only if certain information was uncovered in their background checks.


Congress Looking at Links Between Iran, Latin America
KRGV-TV (10/26/11) Chaisson, Kirk

The U.S. House and Senate held a joint hearing on Wednesday to discuss ties between Iranian terrorist activity and Latin America. According to Rep. Michael McCaul (R-Texas), Iran is recruiting Venezuelans who are originally from Arab countries and using them as intelligence and militant operatives. In addition, McCaul noted that Iran is flying planes between Tehran and Caracas, Venezuela, to transport terrorism suspects and shipments of uranium. The passenger lists for these flights are being hidden from Interpol by the Venezuelan government, McCaul said. McCaul also expressed concern that an Iranian man who was living in Corpus Christi, Texas, hired someone who he thought was a member of the Mexican drug cartel Zetas to kill Saudi Arabia's ambassador to the U.S. A national security expert who testified at the hearing said that drug cartels may be working with terrorists in order to make money.


U.S. Ambassador to Syria Leaves on Safety Threat
Wall Street Journal (10/25/11) Malas, Nour; Solomon, Jay

U.S. officials reported Monday that Robert Ford, the nation's ambassador to Syria, left the Syrian capital of Damascus on Saturday amid concerns about his safety. Ford left Damascus after recent suspicious activity around his personal residence. That activity triggered an alarm inside the home. Although Ford was not in the home at the time of the incident, he began to feel unsafe after increased government surveillance began to infringe on his privacy. In addition, U.S. officials say that there have been credible threats against Ford. For instance, there have been a number of recent reports in state-run newspapers in Syria that have aimed to encourage Syrians to commit acts of violence against Ford. There have also been attacks on the U.S. Embassy by supporters of the Syrian regime following Ford's meeting with anti-government protesters in the city of Hama in July. Pro-government demonstrators have stormed the U.S. Embassy, attacked embassy vehicles with concrete and steel bars, and have thrown eggs and tomatoes at Ford's entourage.




Framework for Building a Vulnerability Management Lifecycle, Program
SearchSecurity.com (10/27/11) Kelley, Diana

Although patches can be used to mitigate network security vulnerabilities, patch management alone is not an effective way to manage vulnerabilities because patches may not be available at times or may be impossible to install. Organizations should instead strive to develop robust vulnerability management programs that are part of a larger lifecycle. The first step involved in such a program is to define the organization's risk posture and policies. These policies and postures can help shape the entire lifecycle, as the amount of risk that is acceptable is up to the organization. After defining policies and risk postures, organizations should then develop a list of what is present on the network, such as operating systems and applications. New services and applications should be entered into the inventory list when they are added to the network. A vulnerability scan also should be performed to uncover any potential exploits or risks. The results of this scan should then be used as the basis for efforts to understand what kind of an effect a vulnerability would have on the organization if it was to be exploited, as well how to prioritize the response activities. Next, organizations should apply patches if they are able to, though they should first apply these fixes to golden images and testing servers to ensure that they function correctly. Once a patch has been applied, IT professionals should again check to be sure that they are working as they should.


New Mac Trojan Proves There's No Such Thing as a Malware-Proof Platform
eWeek (10/26/11) Rash, Wayne

Hackers have tweaked old Linux code to create a Trojan called Tsunami that attacks Apple Mac OS X systems, notes Wayne Rash. Mac owners, who have been told for years that they do not have to load their systems with antivirus software, must now face the reality that any operating system can be attacked by malware. In fact, the Macintosh platform is extremely vulnerable, since relatively few Macintosh users purchase and use security software. But the Mac is not the only ready target out there, according to Rash. Considering the success of the iOS platform, the scant amount of attention is a little surprising. Even more noteworthy is the fact that until recently, Apple resisted allowing AV vendors to market anti-malware apps through the App Store. So the time is long overdue for a reality check, Rash writes. "As Windows machines get better and better protection, and as Windows users finally get a clue about avoiding malware, the bad guys will focus on easier targets. That means you," he says, referring to Mac users.


Malware Loves Windows Task Scheduler
InfoWorld (10/25/11) Grimes, Roger A.

Malware writers have been using the Windows Task Scheduler to attack hosts for 10 years or more, but the Stuxnet worm seems to have ushered in a resurgence. Recent Zlob variants have used Task Scheduler frequently in their attacks, while the ubiquitous click-fraud Trojan Bamital used Task Scheduler as well. Stuxnet exploited Task Scheduler for use in a zero-day attack. However, analysts say that malware does not have to be ultra-sophisticated to exploit Task Scheduler. For example, malware frequently creates a task that seeks certain preconditions to launch, downloads new malicious code on a schedule, or uses scheduled tasks as a way to constantly remain in memory. Security experts say there are several steps security administrators can take to thwart a Windows Task Scheduler exploit. First, look for unexpected, buried job files. This will probably involve first decoding binary .job files to determine what is good versus evil. Finally, use a network monitoring tool to search for instances of unexpected hosts that are creating unexpected remote jobs.


'Son of Stuxnet' Virus Targets Specific Organizations, Assets
Wall Street Journal (10/24/11) Rooney, Ben

A new Symantec report says that Duqu, the new malware that is based on the Stuxnet virus, only targets specific organizations that have certain assets. Duqu is not a worm, as it does not spread from computer to computer by itself. Instead, Duqu infects machines in one of two ways: either through a brute-force attack in which hackers exploit a vulnerability in an organization's network, or through a social-engineering attack in which cybercriminals try to get an organization's employees to open an infected attachment or visit a malware-laced Web site. Symantec's Greg Day says the latter method of attack was more likely to be used. After it has infected a computer, Duqu tricks Windows into allowing it to execute by using a stolen digital certificate that has now been revoked. Duqu then begins to communicate with an India-based command-and-control server and downloads additional lines of code that can record information such as keystrokes so that it can be sent to the control server. The stolen data is sent back to the control server in an encrypted form, and is bundled with JPEG images to prevent victims from becoming suspicious about unusual Web traffic. Duqu then deletes itself after 36 days. Although Symantec believes that Duqu is being used against certain organizations, it also said that it is possible that other attacks are being launched against other organizations using variants of the malware that have yet to be discovered.


U.S. Fears Science Fiction-Style Sabotage in New Wave of Cyber Attacks
Associated Press (10/24/11)

The U.S. Cyber Consequences Unit (CCU), a nonprofit group that helps the U.S. government identify vulnerabilities for cyberattacks, has replicated the recent attack that sabotaged centrifuges used in Iran's nuclear program. The attack, which used a Stuxnet worm, was originally believed to require military-grade technology and funding. Iran blamed the United States and Israel for the attack. However, CCU researchers were able to find more than a dozen vulnerabilities in the type of electronic controllers used in the Iranian centrifuges, and it took them just two months and $20,000 in equipment. The vulnerabilities, including weak password protection, allowed researchers to take control of the devices and reprogram them. Siemens AG, which makes the controllers, says it has fixed some of the vulnerabilities and that they largely affect older models of controllers. However, the controllers are designed to last for decades, and the CCU and other security experts warn that, without the necessary updates, the U.S.'s critical infrastructure could be at risk. For example, a Virginia-based research team was able to find vulnerabilities at an unnamed correctional facility that would allow them to open and close doors, shut off alarms, and tamper with video surveillance.


Abstracts Copyright © 2011 Information, Inc. Bethesda, MD


  ASIS also offers a daily and a non-sponsored, special-content Professional Edition of
Security Newsbriefs. Please click to see a sample or to contact us for more information.

Unsubscribe | Change E-mail | Advertising Opportunities | Security Management Online | ASIS Online

No comments: