[SecurityRatty] tag: vandalism

Terrorist Fear Mongering Seems to be Working Less Well, Part II

Wed, 22 Oct 2008 02:44:42 +0000

Last week I wrote about a story that indicated that terrorist fear mongering is working less well. Here's another story, this one from Canada: two pipeline bombings in Northern British Columbia:

Investigators are treating the explosions as acts of vandalism, not terrorism, Shields said.
"Under the Criminal Code, it would be characterized as mischief, which is an intentional vandalism. We don't want to characterize this as terrorism. They were very isolated locations and there would seem there was no intent to hurt people," he said.

It's not all good, though. Here's a story from Philadelphia, where a subway car is criticized because people can see out the front. Because, um, because terrorist will be able to see out the front, and we all know how dangerous terrorists are:

Marcus Ruef, a national vice president with the Brotherhood of Locomotive Engineers and Trainmen, compared a train cab to an airliner cockpit and said a cab should be similarly secure. He invoked post-9/11 security concerns as a reason to provide a full cab that prevents passengers from seeing the rails and signals ahead.
"We don't think the forward view of the right-of-way should be available to whoever wants to watch ... and the conductor and the engineer should be able to talk privately," Ruef said.

Pat Nowakowski, SEPTA chief of operations, said the smaller cabs pose no security risk. "I have never heard that from a security expert," he said.

At least there was pushback against that kind of idiocy.

And from the UK:

Transport Secretary Geoff Hoon has said the government is prepared to go "quite a long way" with civil liberties to "stop terrorists killing people".
He was responding to criticism of plans for a database of mobile and web records, saying it was needed because terrorists used such communications.

By not monitoring this traffic, it would be "giving a licence to terrorists to kill people", he said.

I hope there will be similar pushback against this "choice."

Turning off Fire Hydrants in the Name of Terrorism

Thu, 11 Sep 2008 09:59:42 +0000

This really pegs the stupid meter:

He explains all the district's hydrants, including those in Alexander Ranch, have had their water turned off since just after 9/11 -- something a trade association spokesman tells us is common practice for rural systems.
"These hydrants need to be cut off in a way to prevent vandalism or any kind of terrorist activity, including something in the water lines," Hodges said.

But Hodges says fire departments know, or should have known, the water valves can be turned back on with a tool.

One, fires are much more common than terrorism -- keeping fire hydrants on makes much more sense than turning them off. Two, what sort of terrorism is possible using working fire hydrants? Three, if the water valves can be "turned back on with a tool," how does turning them off prevent fire-hydrant-related terrorism?

More and more, it seems as if public officials in this country have simply gone insane.

How I became a soldier in the Georgia-Russia cyberwar.

Fri, 15 Aug 2008 04:20:15 +0000

As Russian and Georgian troops fight on the ground, there's a parallel war happening in cyberspace. In recent weeks, Georgia's government Web sites have been besieged by denial-of-service attacks and acts of vandalism. Just like in traditional warfare, there's a lot of confusion about what's going on in this technological battle—nobody seems to kno

Think "liability" if you want to stay out of trouble.

Sun, 03 Aug 2008 21:12:00 +0000

I speak a lot about liability, but not everyone gets it.

I have seen medical doctors, dentists, business people of all walks of life and lawyers (it is surprising how many lawyers disregard liability)pay little attention to potential lawsuits. The latest category to leave themselves open, have been auctioneers.

The current foreclosure crisis has meant that many properties are being auctioned off. We have been providing security officers at some of the properties in order to make sure that people do not try to steal or commit vandalism when viewing the houses. There was an incident recently in which a bidder decided to withdraw his offer after his bid became the winning bid. He probaly got cold feet.

While he should not have reneged on his offer to buy the property, it was a civil matter best left to civil remedy. Unfortunately, the auctioneers involved decided to take the law into their own hands and would not let the man leave the property. The man became anxious and informed them that he was having difficulty breathing and needed to go to his car for his asthma medication.

Was this true? Maybe, maybe not - but would it be wise to gamble with a person's health when you already had their personal details and you could easily have obtained his vehicle registration if he decided to leave?
Thankfully, our security officer knew better that to get involved with blocking the man's way. The auctioneers stood in front of his vehicle and yelled at him. Eventually the man drove off.

If you represent a financial institution, a law firm or an auctioneering firm, you need to think twice before you act inappropriately. I have no doubt that had that man had a serious attack and if he died as a result, his next of kin would have sued for umpteen millions. When it comes to situations like this, you need to think rationally and realize what is involved. What was the worse thing that could have happened when the person decided to renege on his offer?

Apparently, he would have signed forms and the like and most probably he could be sued civilly for not fulfilling his obligations after delivering the winning bid. At the end of the day, the note holder would be in a strong position. Even if the person had given false information and could not be subsequently located, all they had to do was to put the property back on the market. What could that have cost, a couple of thousand in extra advertising and the like? That would have been much better than having to pay the next of kin many millions - not to mention the bad publicity.

We talk a lot about liability because it is a very real threat. Think "threat mitigation". Those who do not, may pay a very high price.

CATSA: XRay Machines Are Not For Gum Wrappers

Sun, 08 Jun 2008 08:58:43 +0000

Well, the US may have the TSA in all of its glory. Here in Canada however, we have the Canadian Air Transport Security Authority (CATSA) and they’re pissed at airport screeners in this country.

From The Canadian Press:

“Continued inspections across the country have revealed that garbage and other items … are still being dropped inside the top panel openings of some X-ray machines,” says a bulletin issued earlier this year by the Canadian Air Transport Security Authority.

“Likewise, warning labels and hazard warning signs are being damaged and are sometimes completely removed from the units.”

The rebuke, obtained under the Access to Information Act, is the second time officers have been warned about dropping junk into the X-ray scanners. An earlier bulletin in August 2006 raised the same issue.

“Effective immediately, screening personnel caught performing any above-listed act, or similar act of vandalism to CATSA equipment will be immediately restricted from performing all screening functions.”

Any offending officer could be permanently removed from the job, the document says.

Next time you fly via a Canadian airport see if the screeners can toss out an empty coffee cup or wrapper for ya. Just for giggles.

Article Link

The Top Ten Cybersecurity Threats for 2008

Sat, 05 Jan 2008 14:22:36 +0000

Here is the final list of the top ten cybersecurity threats for 2008:

— On-line masquerading to abuse, attack, blackmail, bully, extort, or molest others.

— Criminal fraud by password and identity theft via phishing, spyware, malware and theft of hardware.

— Criminal use of botnets and botnet-like technologies for economic gain, for example email spam and denial of service attacks.

— Cyberterrorism, bulling, vandalism and other forms of electronic violence and malfeasance.

— Subversion of democratic political processes.

— Criminal manipulation and subversion of financial markets.

— Spying and theft of data by governments, industry, terrorists and other criminals.

— Denial-of-service attacks by criminals and terrorists.

— Sabotage, theft and other attacks by disgruntled employees and insiders.

— Natural disasters, accidents or errors without malicious intent.

Acknowledgements and References

A special word of appreciation for the reviews, comments and suggestions from the Certified Information Systems and Security Professionals (CISSPs) community and the LinkedIn professional network.

In particular, comments and suggestions from Gary Hinson, Bill Marlow, Eugene Schultz, Mike Smith, Lea Viljanen, and Alex Voytov were used to refine and improve the list. Thank you.

This project was motivated by my friend and colleague in Thailand, Dr. Prinya Hom-anek.

An on-line Google spreadsheet of the comments on The Top Ten Cybersecurity Threats for 2008 - Final Draft and my resolution of the comments can be found here.

DHS f*cking up Wikipedia

Sun, 23 Dec 2007 12:28:23 +0000

"This host, n021.dhs.gov, is registered to the United States Department of Homeland Security, and may be shared by multiple users."...."Please stop adding nonsense to Wikipedia. It is considered vandalism."