Security Media Publishing Ltd

SecurityNewsDesk Issue 14

Issue link:

Contents of this Issue


Page 0 of 27 Issue 14 THE NEWSPAPER FOR THE SECURITY INDUSTRY Issue sponsor It wasn't long ago when the ISIS threat was dominating our televisions and newspapers, with clips and stories showing the latest atrocity against locals and hostages. Al Qaeda still features largely in the vocabulary of most, and when Fusilier Lee Rigby was brutally murdered by Michael Adebolajo and Michael Adebowale on the streets of southeast London last year, most thought that their motivation had come from some Al Qaeda related group. In everyone's mind ISIS still remained a Syrian and Iraqi issue, and as intelligence analysts struggled to work out how their rapid expansion had happened and policy makers wrestled with options to support the Iraqi government and work out what to do with Syria, ISIS continued its main global operation. Media: the global weapon ISIS are using to huge effect. It is getting their unique brand noticed in an extremely effective way. eir particular brand of horror is helping in the recruitment of foreign fighters and for foreign supporters to join their ranks in Syria. It is so successful that it is even persuading some families to move to Syria. It is so successful that other extremist Jihadi organisations, that had previously been aligned to Al Qaeda or run independently, have sworn their allegiance, or Bayat, to ISIS' leader and self-appointed caliph, Abu Bakr al- Baghdadi. It has been so successful that it has generated huge strategic affect, through a relatively small number of low level attacks. ey have provoked supporters from across the extremist spectrum such as Said and Chérif Kouachi, brothers aged 34 and 32, and Hamid Mourad, 18 who carried out raids on the satirical magazine Charlie Hebdo and a Parisian supermarket in January that le 17 people dead. Confusion in analysts minds reined as to whether these were ISIS or Al Qaeda inspired. It has been so successful that it has impacted on the GDP of the Tunisian government, virtually destroying a massive source of income and employment; tourism. e Sousse attack in Tunisia was the second on tourists in 2015. In March, 21 civilians and one policewoman were killed when gunmen opened fire at Tunisia's Bardo Museum. e tourism industry in Tunisia contributes more than 7 percent of the GDP, and about 15 percent of the workforce are directly or indirectly linked to this sector. e loss of income from this vital area is likely to push the country further into recession, fuelling the one thing that has hurt them – radicalisation of disaffected individuals. e attacks in Tunisia were confirmed as ISIS attacks. However, when talking about ISIS, we have to clarify whether we are talking of the main ISIS groupings in Syria and Iraq, or ISIS in Africa, ISIS in Egypt, ISIS in Libya, or ISIS in Afghanistan. Tunisia was an example of an inspired attack coordinated by ISIS in Libya that was small and tactical in its execution but has had a strategic effect far beyond the action itself. It is clear that the Turkish authorities have foiled similar attacks that were in the planning and it is near impossible to predict where the next one may be. In the same way a new brand takes over an old one on our high streets, the ISIS brand is taking over the provisioning and delivery of terror across many regions of the globe and one thing they are doing unopposed is telling the world about it. is in itself is generating further support from other radical groups, many of them becoming disillusioned at a lack of direction from their current brand affiliations such as Al Qaeda. Analysing the rise and spread of ISIS suggests that they are here to stay for the time being. Bombing them in Iraq and Syria has had no effect on their spread. ey are the Fallopia Japonica, (or Japanese knotweed) of extremist terror, spreading in the same way Hitler spread Nazism, and unless they are treated as such then their reach and damage will likely grow. One-thing governments around the world must define, and then live up to, is a definition of what they are willing to live with as an acceptable level of terror. e UK Information Commissioner's Office (ICO) says it's investigating a recent breach at UK and Ireland phone retailer Carphone Warehouse. It is believed that this breach may have exposed as many as 2.4 million customers' names, addresses, birthdates and bank information, along with up to 90,000 customers' encrypted credit card data. e Guardian reported that approximately 480,000 of those affected are TalkTalk Mobile customers, and 1.9 million are direct customers of Carphone Warehouse. A spokesperson for the ICO said, "We have been made aware of this incident at the Carphone Warehouse and are making enquiries. Any time personal data is lost there can be a risk of identity the. ere are measures you can take to guard against identity the, for instance being vigilant around items on your credit card statements or checking your credit ratings." However, what has not been said and, if you examine hundreds of other data breaches, is how it was done. An assumption is that the network had been penetrated by some form of injected malware. Egress Soware Technologies, a leading provider of encryption services, has released figures from a Freedom of Information (FOI) request to the Information Commissioner's Office (ICO) that demonstrate a concerning 183% rise in reported Data Protection Act (DPA) breach investigations within the financial services industry in the last two years. is increase saw an alarming 585 incidents reported to the ICO during 2014 alone – more than three times the amount of incidents reported by the legal sector for the same period, which reported 187. In total, 791 incidents have been investigated since the start of 2013. Phil Barnett, EMEA VP and GM of Good Technology, said, "Many companies are still flying blind when it comes to security, because 60 percent think it doesn't affect them." Informatica, a leading independent soware provider of all things data, revealed that only a quarter of UK businesses believe their organisation could detect a data breach at any time, and just 33 percent say their organisation is 'very good to excellent' at detecting and containing breaches. Meanwhile, nearly half (49 percent) of respondents admit to having experienced a breach in the past 12 months. So how do the data thieves get access to the system to cause so much havoc? In reality, there are many different vulnerabilities and it is becoming increasingly more complex to stay ahead of those who seek to exploit them. Once a data breach has happened, companies, quite understandably, are very reluctant to say how someone got into their system. erefore, trying to pull together a comprehensive list of lessons learned in order to educate others, and look to counter the problem, is near impossible. In 2013, Reuters reported that Craig Heffner, a US security expert, said he had identified ways to remotely attack high-end surveillance cameras used by industrial plants, prisons, banks and the military - something that potentially would allow hackers to spy on facilities or gain access to sensitive computer networks. On claiming that he had discovered the previously unreported bugs in digital video surveillance equipment, he stated, "It's a significant threat. Somebody could potentially access a camera and view it. Or they could also use it as a pivot point, an initial foothold, to get into the network and start attacking internal systems." Reported in, Justin Cacak, Senior Security Engineer at Gotham Digital Science, and his team were able to view footage as part of penetration tests they conducted for clients to uncover security vulnerabilities in their networks. e team found that more than 1,000 closed-circuit TV cameras, that were exposed to the internet, were susceptible to remote compromise. Earlier this year researchers from Rapid7 found similar vulnerabilities in video- conferencing systems. e researchers found they were able to remotely infiltrate conference rooms in some of the top firms in the US, including the boardroom of Goldman Sachs. At the London InfoSecurity Europe conference and expo held in June, David Lodge and his team from Pen Test Partners demonstrated a live hack of a commercially available IP CCTV camera. "I came across a popular "security" camera; it boasts outdoor design, wireless connectivity, infra-red mode, cloud access, and mobile app control. All of this functionality came at a semi- decent price," he said. As the SecurityNewsDesk team watched, Lodge and his team demonstrated how they had identified and then exploited some dodgy ports and a default administrator password on a web interface. "Too easy" was the cry, so they went on to crack the camera's firmware, web firmware and then had a go at the cloud features. All they used were a few tools that had been downloaded from the web and a bit of research (as well as a bit of knowledge in how to crack systems). What the demonstration showed is how easy it was to break into a network from outside through an IP device. e worrying message that comes out of this is that any IP system is a potential route into a network - and network breaches are resulting in massive data loses. e question is, how secure are your IP devices? The march of ISIS SecurityNewsDesk finds out more about the efforts of the private security sector and the police to keep events across the nation's capital running smoothly over the summer months. • Read more – page 22 - 23 Public security With all the hype surrounding iris, facial recognition, and other biometric techniques, is there life le for hand and finger-based solutions in the biometrics world? • Read more – page 16 - 17 Handy biometrics With advanced aircra designs to business plans firmly in the hackers' sights, intellectual property that can represent years of effort and millions of pounds worth of investment can be stolen in the blink of an eye. • Read more – page 20 - 21 Cyber security Getting personal On the beat with bodyworn cameras Pages 8 - 9 Carphone Warehouse hack, was it via an IP security device? Have you started the move to IP security systems? If so you may want to read this article.

Articles in this issue

Links on this page

view archives of Security Media Publishing Ltd - SecurityNewsDesk Issue 14