|
In this issue
- Trains Can Be Easy Terror Targets
- Bank records not private in national security probes
- Bakersfield man accused of being Yemeni secret agent
- TSA Ready to Issue Smart Cards to Port Workers
- How to leak a secret and not get caught
- Spy Coin Found On U.S. Contractors With Security Clearance
- Postini: Spam, botnet levels soar
- U.K. spy agency to send terror alert e-mails
- U.S. to give $445 million to protect transit from terrorism
- DOD seeks commercial encryption software
- Report: Boom expected in hiring security-cleared workers
- PDF security risk greater than originally thought
- Nuclear Weapons Program Chief Dismissed
Probe: Trains Can Be Easy Terror Targets (AP 1/16/07)
Train lines that carry hazardous shipments have little or no police presence and shoddy security that makes them easy targets for terrorists, according to a newspaper investigation.
During a several-month, nationwide investigation, a reporter with the Pittsburgh Tribune-Review was able to penetrate 48 hazardous chemical plants and the freight lines that service them. The reporter, who left his business cards on the cars, was never questioned when he climbed trains, photographed derailing levers and peeked into signaling boxes that control rail traffic, the newspaper reported. More
Bank records not private in national security probes (LA Times, 1/15/07)
Because a person's bank records are not deemed to be private in national-security investigations, U.S. government agencies -- including the Pentagon -- can request these records without a warrant, an expert in privacy law said. The Defense Department and CIA are barred from conducting criminal investigations within the United States, but they have claimed the authority to gather intelligence to protect their operations.
Saturday, officials of both agencies confirmed that they had investigated suspicious individuals in the United States by asking for and obtaining bank records and credit information. Bank privacy laws make an exception for government agencies that request records as part of an investigation related to ``intelligence or counterintelligence or international terrorism,'' and the Pentagon says it can gather intelligence to protect its military bases from spies and saboteurs. More
Bakersfield man accused of being Yemeni secret agent (AP, 1/14/07)
A Bakersfield man acted as a Yemeni spy when he shipped what he believed were secret U.S. military secrets and equipment to Yemen, an indictment filed by the United States Attorney's Office states. Amen Ahmed Ali, Bakersfield businessman, purchased what he believed were secret documents and military equipment and shipped them to Yemen from 2005 to 2006, according to the indictment filed Thursday.
Assistant U.S. Attorney Carl Faller said Ali was charged previously with buying and transporting military secrets and documents to Yemen, but that the new charges state he was doing so on behalf of the Yemeni government. More
TSA Ready to Issue Smart Cards to Port Workers (Computerworld, 1/12/07)
The Transportation Security Administration said that it plans to start issuing new smart-card credentials to more than 750,000 port workers starting in March, despite concerns that more testing is needed. The U.S. Transportation Security Administration is moving ahead with plans to start issuing new smart card identity credentials to more than 750,000 port workers starting in March, despite some concerns about its readiness to do so.
The U.S. Department of Homeland Security , which oversees the TSA, earlier this month published the final rules for the Transportation Worker Identification Credential (TWIC) program, which was put in place after the terrorist attacks of Sept. 11, 2001. The program aims to boost security at about 4,000 transportation facilities in the country. More
How to leak a secret and not get caught (New Scientist, 1/12/07)
Leaking a sensitive government document can mean risking a jail sentence - but not for much longer if an online service called WikiLeaks goes ahead. WikiLeaks is designed to allow anyone to post documents on the web without fear of being traced.
The creators of the site are thought to include political activists and open-source software engineers, though they are keeping their identities secret. Their goal is to ensure that whistle-blowers and journalists are not thrown into jail for emailing sensitive documents. That was the fate of Chinese journalist Shi Tao, who was sentenced to a 10-year term in 2005 after publicising an email from Chinese officials about the anniversary of the Tiananmen Square massacre. More
Spy Coin Found On U.S. Contractors With Security Clearance (AHN, 1/11/07)
U.S. Defense Department officials have warned its American contractors that they have found Canadian coins containing radio frequency transmitters on U.S. contractors with high security clearances. The miniature transmitting devices were found on contractors who traveled through Canada. The Defense Department described this as a new espionage threat.
The coins were found on contractors at least three times between October 2005 and January 2006. According to intelligence and technology experts, that type of transmitter could be used to track whoever was carrying the coins, the AP reported. More
Postini: Spam, botnet levels soar (SC Mag., 1/10/07)
Spam messages jumped to a record 94 percent of all email sent last month, according to research from Postini. More than 25 billion spam messages were blocked last month, an increase of 144 percent from December 2005. This rise in spam is linked to a virus released by hackers in late December, called the "Happy New Year" worm, which infected high numbers of computers with botnets and then pumped out spam, experts at the email management firm said.
The worm, also known as Nuwar and Mixor, was hidden in electronic postcards posing as greetings from friends and family. This widespread attack drove the daily number of email-borne viruses up 20-fold over the New Year's weekend. More
U.K. spy agency to send terror alert e-mails (Rueters, 1/9/07)
Britain's domestic spy agency MI5 has launched a new e-mail alert service to warn the public about changes in the security threat level. Internet users will be able to register on the MI5 Web site to receive automatic electronic updates in their e-mail in-boxes. The e-mail alerts are the latest in a series of moves by MI5 and its partner, the international spy agency MI6, to open up to the public after decades of guarding extreme secrecy.
In recent years both MI5 and MI6 have begun to emerge from the shadows, launching Web sites offering security advice and information about careers in the spy services, and even running recruitment advertisements in newspapers. The spokeswoman said the e-mail alert service would inform people of threat level ratings which the government has been making public since last August. More
U.S. to give $445 million to protect transit from terrorism (AP, 1/9/07)
Nearly half a billion dollars will be given to U.S. cities and regions to help reduce the risk of terror attacks on ports, transit systems and chemical plants, Homeland Security Secretary Michael Chertoff said. Recipients will have to submit detailed plans on how they will use the funds to protect critical sites, Chertoff added.
He touched on previous grant programs that were so broad they allowed cities to use allocations to pay for just about anything, including leather jackets. Nearly half the grant money, $201 million, would be used to secure ports and rail systems, including Amtrak. The Port of New York and New Jersey would get the biggest share, $27.2 million. More
DOD seeks commercial encryption software (FCW.com, 1/8/07)
The Defense Department is looking to protect all data at rest (DAR) on mobile computers and storage devices using commercial encryption software. DOD will soon award one or more enterprisewide software agreements under the DOD Enterprise Software Initiative (DOD-ESI) and the General Services Administration’s Federal SmartBUY program.
The department is calling on industry to submit software solutions to encrypt all DAR storage devices, including hard drives of laptop and desktop computers, tablet PCs, smart phones, personal digital assistants, and removable storage devices, according to a pre-solicitation notice. More
Report: Boom expected in hiring security-cleared workers (FCW, 1/8/07
The hiring of workers with security clearances is expected to surge the first quarter of 2007 as a result of the many multimillion-dollar Department of Defense contracts that were awarded in December, according to the first edition of the ClearanceJobs Report for 2007. According to ClearanceJobs.com, an online recruiting service, those estimates could change because although some employers post jobs online that are contingent upon a contract award, many job seekers don’t like applying for positions that don’t yet exist.
ClearanceJobs said the job postings in December showed a strong increase in the number of positions requiring higher-level clearances. When compared to the preceding month, there were 10 percent more jobs posted requiring a Top Secret or higher clearance the final month of 2006. More
PDF security risk greater than originally thought (C/Net News.com, 1/5/07)
A recently discovered security weakness in the widely used Acrobat Reader software could put Net users at more risk than previously thought, experts warned. Initially, security professionals thought that the problem was restricted and exposed only Web-related data or could support phishing scams. Now it has been discovered that miscreants could exploit the problem to access all information on a victim's hard disk drive, said Web security specialists at WhiteHat Security and SPI Dynamics.
Key to increased access is where hostile links point. When the issue was first discovered, experts warned of links with malicious JavaScript to PDF files hosted on Web sites. While risky, this actually limits the attacker's access to a PC. It has now been discovered that those limits can be removed by directing a malicious link to a PDF file on a victim's PC. More
Nuclear Weapons Program Chief Dismissed (CBS/AP, 1/4/07)
Energy Secretary Samuel Bodman announced the dismissal of the head of the U.S. nuclear weapons program because of security breakdowns at weapons facilities including the Los Alamos laboratory in the western state of New Mexico. Linton Brooks is to submit his resignation as chief of the National Nuclear Security Administration this month, the department said.
Bodman said the NNSA under Brooks, a former ambassador and arms control negotiator, had failed to adequately correct security problems, so "I have decided it is time for new leadership at the NNSA." Brooks was reprimanded last June for failing to report to Bodman that computers at an NNSA facility in Albuquerque, New Mexico, had been breached resulting in the theft of files containing Social Security numbers and other personal data from 1,500 workers. More
Keep Getting This Newsletter
To ensure delivery to your inbox (not bulk or junk folders), please add NSI@nsi.org to your address book.
TO SUBSCRIBE: If you were sent this by a colleague and wish to subscribe to NSI's complementary Security NewsWatch e-newsletter, visit http://nsi.org/newswatch.html.
TO UNSUBSCRIBE: This news service comes to you from the news team at the National Security Institute. If you do not wish to receive it in the future, please reply to this e-mail with the subject line “Un-subscribe.”
National Security Institute
116 Main Street, Suite 200
Medway, MA 02053
Tel: 508-533-9099
Fax: 508-533-3761
Internet: http://nsi.org
|
