Wednesday, January 23, 2008

Daily Report

• USA Today reported that this month, handheld black lights and magnifying glasses will be distributed to airport screeners at the nation’s 800 airport checkpoints. These will be used to spot possible forgeries or tampering. (See items 12)

• According to Homeland Security Today, security for Super Bowl XLII is being described as “unprecedented,” and will include both covert and overt measures. The federal government’s terrorism threat assessment of the upcoming game makes clear that, while the Intelligence Community “has not identified a credible terrorist threat to Super Bowl XLII and its related events,” one of the three “key findings” of the nine-page threat assessment is that “the threats of greatest concern” during events like this “include individuals impersonating law enforcement and other security personnel and insiders to facilitate attacks.” (See item 27)

Information Technology

25. January 21, Computerworld – (International) The Internet is down -- now what? According to the recent Business Roundtable report, “Growing Business Dependence on the Internet — New Risks Require CEO Action,” there is a 10 to 20 percent chance of a “breakdown of the critical information infrastructure” in the next 10 years, brought on by “malicious code, coding error, natural disasters, [or] attacks by terrorists and other adversaries.” An Internet meltdown would result in reduced productivity and profits, falling stock prices, erosion of consumer spending and potentially a liquidity crisis, the report says. The organization based its conclusions on earlier risk analyses done by the World Economic Forum in Geneva. The director of public policy at The Business Roundtable, an association of CEOs from large U.S. companies, says business executives often fail to realize how dependent they have become on the public network — for e-mail, collaboration, e-commerce, public- facing and internal Web sites, and information retrieval by employees. He also notes that disaster recovery and business continuity plans often fail to take into account the threat an Internet disruption poses to a company and its suppliers. Moreover, business executives often mistakenly believe that government will take the lead in restoring network services in the face of an Internet failure, he says. “What we wanted to do in this report is say to CEOs, ‘You may not realize that whole segments of your business are almost completely dependent on the Internet, and it’s not enough to have a few IT specialists to help you respond to problems as they come up.’”

Communications Sector

26. January 22, – (National) Malicious MMS worm hits Nokia handsets. Security vendor Fortinet has uncovered a malicious SymbianOS Worm that is actively spreading on mobile phone networks. Fortinet’s threat response team warned on Monday that the worm, identified as SymbOS/Beselo.A!worm, is able to run on several Symbian S60 enabled devices. These include the Nokia 6600, 6630, 6680, 7610, N70, and N72 handsets. The malware is disguised as a multimedia file (MMS) with an evocative name: either Beauty.jpg, Sex.mp3, or Love.rm. Fortinet warned this is deceiving users into unknowingly installing the malicious software onto their phones. Unlike Microsoft Windows, SymbianOS types files based on their contents and not their extensions, so it is worth noting that recipients of infected MMS would still be presented with an installation dialogue upon “clicking” on the attachment. “Therefore, users could easily be deceived by the extension and unknowingly install the malicious piece of software,” warned Fortinet. After installation, the worm harvests all the phone numbers located in the phone’s contact lists and targets them with a viral MMS carrying a SISpacked (Symbian Installation Source) version of the worm. In addition to harvesting these numbers, the malware also sends itself to generated numbers as well. Interestingly, all these numbers are located in China so far and belong to the same mobile phone operator. Some of these numbers have been verified to belong to actual customers, rather than being premium service numbers. The manager of Fortinet’s Threat Response Team, EMEA, and the man who conducted the research and discovered this malicious activity, told Techworld that this is not just another ‘theoretical’ mobile worm that nobody will ever encounter. “It is actual spreading in the wild,” he said, “although numbers are still pretty low.”

No comments: