INSTINCT at HOSDB 2011

This week myself and Paul attended the Home Office Sceintific Development Branch (HOSDB) exhibition in Farnborough, Hampshire. HOSDB in conjunction with UK Trade & Investment Defence & Security Organisations is the UK's platform for showcasing to the world the some fo the new security applications, technologies and solutions that are available to international law enforcement, agencies and public security professionals.

Now, not only was it probably the best day's weather we have had for a long while, but the exhibition itself was actually quite good. Clearly there is very good reason and interest for the UK to market its wears and demonstrate some of its cutting edge technology and the usual companies and faces were there. But it was more the TD2 airport exhibition on the other side of the airbase that caught my eye.

In recognition of the role that technological innovation has to play in CONTEST, the Office for Security and Counter Terrorism (OSCT) with the support of The Ministry of Defence, HOSDB, the Centre for the Protection of National Infrastructure (CPNI) and the Association for Chief Police Officers (ACPO) established INSTINCT (Innovative Science and Technology in Counter Terrorism) INSTINCT is a cross-government programme involving more than a dozen departments and agencies and focuses primarily on improving our understanding of how technology can be best deployed to counter the threat of terrorism. Following a couple of foiled or failed attacks in the aviation environment INSTINCT commissioned its second Technology Demonstrator Project (TD2) and Thales UK was selected to deliver it.

The exhibition itself was laid out just like an airport terminal and by using your boarding card (show material, not actual) you progressed throughout the terminal being confronted by the security technology and of course any sales and marketing staff until your reached your airside area. Upon reaching airside (again, not actual) we were treated to a 10-15 minute presentation and Q&A session that visually demonstrated the process we had just undertaken, describing the joint up thinking and approach given to applying an intergrated security system that could enable early detection and identification of individuals posing a risks to airports and to protect passengers against those possible risks safely and with minimal or no intrusion.

For me this exhibition felt different than any other I've recently been to, as the providers of these applications were not necessarily selling their product directly, it felt more like selling the concept, which for me is a lot easier to 'buy in' to than the hard sale and of course in my opinion action always sounds louder than words. To those of you who didn't get the chance to visit and want to know more about a strand of the CONTEST strategy that doesn't seem to get much of a mention please take the time to visit the Home Office links provided.

Scam - HMRC Tax Refund Phishing Email

A friend of mine recently received the phishing email below. The hypelinks at the bottom all go back to the main www.hmrc.gov.uk website, however the link that says 'Click Here' actually goes to http://al-dammas.com/tmp/awstats/hmrc/hmrc/refundportal.htm this website has now been suspended but be cautious if you receive an email advising you that you are due a refund!

Further examples of HMRC phishing emails can be found here

Terror Plot BA Employee Gets 30 Years

Rajib Karim, 31, from Newcastle (originally from Bangladesh) a former British Airways software engineer has been jailed for 30 years for plotting to blow up a plane.

I think this is an excellent example of the insider threat (albeit a very serious one). This is someone who joined an organisation with one thing on his mind - to obtain 'critical and urgent information' and to then pass it onto a 3rd party to assist in the planning of an act of terrorism.

Rajib Karim gets 30 years
at her majesty's pleasure 

Karim, who worked at the airline's IT centre in Newcastle (having joined BA in September 2007 as a graduate IT trainee), was committed to martyrdom and even tried unsuccessfully to apply to train as an air steward during the BA cabin crew strike - which presumably would have allowed him to get 'airside' bearing in mind the trial heard Awlaki had emailed Karim asking: 'is it possible to get a package or person with a package on board a flight heading to the US?'

Karim passed on key information about airport security and suggested a crippling attack on BA's computer system. But the terrorist leader he reported to - Yemeni preacher Anwar al-Awlaki (a key figure in al-Qaeda in the Arabian Peninsula and is thought to have orchestrated the unsuccessful October plot to send mail bombs on planes from Yemen to the U.S., hidden in the toner cartridges of computer printers) - had plans for him to supply information to blow up a plane.

The Bangladeshi national, who studied electronic engineering at a university in Manchester between 1998 and 2002 has been described as 'mild-mannered, well-educated and respectful'. He has a British wife and child. The court heard Karim hid his hatred for the West from colleagues by joining a gym, playing football and never airing extreme views. BA colleagues had no knowledge of what he was planning or whom he was involved with, he kept his true intentions a secret. Karim 'kept a low-profile' at British Airways, while at home he was making violent propaganda videos for a terrorist group in Bangladesh, police said.

Throughout the trial, the court heard Karim was under the influence of his brother Tehzeeb who had spearheaded the attempts to contact Awlaki. Police spent nine months breaking the encryption on 300 coded messages found on Karim’s computer. Officers described the task as the 'most sophisticated' of its kind the team had ever undertaken.

He was found guilty last month of four counts of preparing acts of terrorism and sentenced today 25/3/11), he also faces deportation after his sentence is completed. Sentencing him at Woolwich Crown Court, Mr Justice Calvert-Smith said he was a committed jihadist who planned offences 'about as grave as could be imagined'. He said Karim was a 'willing follower' who could have brought serious harm and death to civilians had his planning with others come to anything.

Karim was clearly a disciple of an extremist Islamist (Awlaki) but he was in a very dangerous position having access to the type of information which could have assisted in the plotting of a serious terror attack. In this example he was stopped but what measures do you have in place to detect and prevent these people who are clearly out there!

- Posted using BlogPress from my iPad

Guest Blogger: Cyberwar Meeting in European Parliament with NATO's Jamie Shea

This post was written by Reza Rafati - CEO Cyberwarzone.com and he has given us his permission to post it on Chatback Security. Reza recently responded to our request for guest bloggers and what a prefect way to kick things off as Cyber Security is a specialism that we do not profess to know much about!

Cyber Security is now recognized as a high risk priority by governments across the globe. This is supported by the fact that the UK Government’s Strategic Defence Spending Review which diverted key funds away from traditional areas of spending to the protection of the UK’s critical national infrastructure from the cyber threat.

There is no winner in Cyber warfare

The importance of this shift to a greater focus on Cyber Security was given highlighted by the discovery of STUXNET, the first example of a ‘cyber weapon’ designed to attack an aspect of a nation’s critical national infrastructure.

The Meeting

The Cyber Security meeting was a great success. At the start of the meeting there were some technical issues with the microphones, but who cares? We want to discuss Cyber warfare! And so we did.

Strategies

The discussion started with the NATO strategies issue, it was about which options does a country have when it is under attack by a force?

This was a very delicate issue because what is Cyber warfare is? Well we speak of Cyber warfare at the moment that a country has declared war to the country. So when a country or a force attacks another country without a declaration of warfare it is not Cyber warfare.

The act of attacking without a declaration of war is classified as Cybercrime. This makes it hard to retaliate because there is no war declared. The next issue that comes along is the fact that even if we do reply with an attack, we could take down an hospital and then we are speaking of collateral damage. Because the aggressor used the hospital network to attack, we retaliate against the hospital.

We will need a global understanding & perspective about the Cyber war attacks.

Cybercrime is like a paradox. There is no hierarchical system

Nightmare of all problems

After an attack (Stuxnet) there are certain points that need to be checked and controlled. You will have to look after :

 - How did they penetrate the systems

 - You will have to clean the systems

 - The disruption it caused

 - Exploits ?

 - The mental stress it causes.

Regulate

The cyberspace needs to be regulated, but how do you want to regulate the internet while it can't be regulated by a single regulator. Because when we look to the internet we see it as no man’s land (law of the sea), but in fact it is somebody's property, it could be from the government, companies or from civilians.

Transparency

So the world has to agree for transparency. If we need help or information regarding Cyber security the countries should provide them.

But at the moment there is no transparency, think of the Estonia and Russian conflict.

A Finnish expert, told the Helsingin Sanomat newspaper that it would be difficult to prove the Russian state's responsibility, and that the Kremlin could inflict much more serious cyber-damage if it chose to. source

Open issues

 - The internet traffic regarding Cybercrime has increased rapidly.

 - How can a behaviour code be created to use the internet legitimate.

 - If there is an attack going on, and you want to retaliate how will you get the attribution of proof?
 - How can we make retaliation possible?

 - Who is responsible ?

 - What can we do against sponsored cyber attacks?

 - How can we prevent extremists from recruiting people from the internet?

 - At a certain point defence will catch up with offensive behaviour

 - Creating a global cyber war response team

If I would shutdown a honey pot because there is a "cyber war" going on, it could affect over 500 servers. And that is the reason why you can't retaliate, because you don't know were the bodies will show up.

Author: Reza Rafati

Twitter name: @cyberwarzonecom

Website: http://www.cyberwarzone.com/

Insider Threat Most Costly for Organisations

This article was originally posted by 'The New New Internet - The Cyber Frontier' and can be found here. There is also a powerpoint presentation summary of the survey results.

A new cybersecurity survey found that cyber attacks perpetrated by so-called “insiders” — those with inside knowledge or authorised access — are viewed as the most costly and damaging to an organization. 

The 2011 CyberSecurity Watch Survey conducted by CSO magazine and sponsored by Deloitte found that 33 percent viewed inside attacks as more costly, an increase of 8 percent over last year. The survey reports that while more attacks are caused by outsiders (58 percent), the insider threat is becoming increasingly sophisticated.

The use of rootkits and other hacker tools by insiders jumped from 9 percent last year to 22 percent this year.

Aside from the monetary losses, the insider threat could tar an organization’s reputation, disclose confidential or proprietary information or disrupt critical systems — all of which can be “difficult to quantify and recoup,” the survey finds.

And, even with insider threats likely only to grow, the public is often left in the dark. That’s because about 70 percent of insider attacks are handled by the organizations with no official legal action taken.

“Technical defenses against external attacks and leakage of well-formatted data like social security numbers and credit card numbers have become much more effective in recent years,” said Dawn Cappelli, technical manager of the Insider Threat Center at CERT, the federal agency tasked with monitoring cyber threats. “It is a much more challenging problem to defend against insiders stealing classified information or trade secrets to which they have authorised access or against technically sophisticated users who want to disrupt operations.”

The report also found that, overall, cyber attacks are on the rise. Twenty-eight percent of respondents said have seen an increase in the number of events, according to the study.

But, while attacks are increasing, they are not as financially damaging as in previous years, likely because of strategic and proactive steps that organisations are taking.

2012 Tickets Ballot Opens - Fraud Warning

The 2012 ticket ballot opens today, 15th March 2011. The below information relates to the fraud prevention advice that has been agreed for anyone thinking of purchasing Olympic tickets.

The advice is very simple, do not use unauthorised websites. It is very important to get this message out to everyone wishing to purchase tickets. As a lot of our blog visitors are from overseas we thought we’d post this information as it is widely agreed in fraud prevention circles that by attempting to take away the market place from the scammers it reduces to opportunity for exploitation and fraud.

The Metropolitan Police's Operation Podium urges you to follow this advice to protect you, your personal details, family and friends from being exploited by criminals.

If you’re buying a ticket for the Games:

• The 2012 ticket ballot opens today (15th March 2011). You have until 26 April to apply for tickets through LOCOG as it is not first come first served
• Only apply for a ticket online at www.tickets.london2012.com. This is London 2012’s official site. You can get a paper application from any Lloyds TSB branch, or from any public library in Northern Ireland
• If you get a ticket for an event you can’t attend, you can return your ticket to get a refund through the London 2012 official ticket exchange. Your ticket will then be officially resold
• Don’t buy a ticket from an unauthorised website or tout. You risk being scammed, and not getting the ticket you wanted and paid for
• There are only three official providers for Games Breaks and Hospitality Packages in the UK - these are:

• Thomas Cook - http://www.thomascooklondon2012.com
• Prestige Travel - http://www.prestigeticketing.london2012.com/
• Jet Set Travel - http://www.jetsetsports.com/
• Other websites or companies will not be authorised to sell you a ticket
  as part of a package.

Always check the terms and conditions to see exactly what you are being sold; If you find tickets for sale before the 15th March 2011 or available from any unauthorised source at anytime, don’t buy them. They are not genuine. Report it to http://www.actionfraud.org.uk/ or London 2012 via brandprotection@london2012.com or your local police force.

Good Luck and safe buying.

19,000 scam emails in four days

More than 19,000 scam emails have poured into the National Fraud Intelligence Bureau (NFIB) since Action Fraud set up a dedicated email address for people targeted online by fraudsters.

For years, criminals have been sending letters telling recipients they have won the lottery, are in line for a massive inheritance or have won a competition, and that to claim the prize they only need pay an administration fee.

Today the objective remains the same, but electronic mail is now the favoured vehicle to distribute the tens of thousands of scam emails that seek to persuade people to pay an advanced fee for a sum of money they will never see.

Read about how you can forward on your scam emails to Action Fraud.

News - The Threat Within

This is an excellent example of the threat an insider can pose to an organisation (and in this case potentially the public). Rajib KARIM deliberately sought a job in the UK that he could exploit for terrorist purposes.

KARIM was convicted on four counts of engaging in conduct in preparation of acts of terrorism, contrary to section 5 of the Terrorism Act, following a trial at Woolwich Crown Court.

For more information on the case visit The Met Police website.

 Security, security assurance, counter terrorism, personnel security,  Security, security assurance, counter terrorism, personnel security,  Security, security assurance, counter terrorism, personnel security,  Security, security assurance, counter terrorism, personnel security,  Security, security assurance, counter terrorism, personnel security,