Hot sheet 20121121pdf pdf

  • 198 views
Uploaded on

 

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
198
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
1
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. UNCLASSIFIED If You See Something, Say Something. Report Suspicious Activity to the Fort Bliss Military Police at 568-2115 or 911 for Emergencies 21 November 2012The purpose of this product is to increase situational awareness and does not represent a finished intelligence product. It is intended for law enforcement officers, security personnel, antiterrorism officers and intelligence personnel. Furtherdissemination should be limited to a minimum, consistent with the purpose of supporting effective law enforcement and security of installation personnel, property, information and facilities. It should be disseminated within your organization asallowed by the distribution notice below. Although some of the incidents may not be occurring locally; tactics, techniques and procedures (TTPs) are normally imitated by criminals and could eventually emerge in our area. Security planning shouldconsider emerging TTPs. Articles may be condensed to save space; for full story follow the source link. The proponent for this product is DPTMS, Plans and Operations Division, Fort Bliss, TX. The point of contact is Mr. F. Villalobos at 915 744-6881. CURRENT FPCON: ALPHA CURRENT INFOCON: LEVEL 3 Current FPCON includes measures from BRAVO 7, 10, 12 DHS National Terrorism Advisory System: No Active Alerts at this Time INDEX(Criminal)(PIR 2) "No Refusal" DWI Policy Officially Enforced Throughout EP County.(Criminal)(PIR 2) New State Dept. Warning Exempts Most Mexico Tourist Spots(OPSEC) Facebook Enabling HTTPS By Default For North American Users.(Cyber)(PIR 7) Will Twitter War Become The New Norm?(Cyber)(PIR 7) Four Ways To Turn Insiders Into Assets(Cyber)(PIR 7) Cyber Criminals Target Skype, Facebook And Windows Users.(Cyber)(PIR 2) Cyber War Rages Behind The Scenes In Conflict Between Israel And Hamas. REGIONAL(Criminal)(PIR 2) "No Refusal" DWI Policy Officially Enforced Throughout EP County.20121121. Source: http://www.kvia.com/news/-No-Refusal-DWI-policy-officially-enforced-throughout-EP-County/-/391068/17496892/-/rhmeg3/-/index.html(U) Suspected drunk drivers will now have to give an involuntary blood sample if they refuse aBreathalyzer test. El Paso County and city law enforcement announced Tuesday they will be adopting a"No Refusal" policy toward Drinking While Under the Influence offenses. Suspected drunk drivers will nowhave to give an involuntary blood sample if they refuse a Breathalyzer test.(Criminal)(PIR 2) New State Dept. Warning Exempts Most Mexico Tourist Spots20121121. Source: Department of State(U) The U.S. State Department has updated its February 2012 travel warning to Mexico, making fewessential changes but in an extremely detailed rundown getting even more specific about what to worryabout where. The good news for tourists is that, as in the past warning, most popular areas (includingCancun, the Riviera Maya, Mexico City, Los Cabos, Riviera Nayarit, Puerto Vallerta, San Miguel deAllende, Guanajuato, Merida, Chicen Itza, Huatulco and Oaxaca) are exempted. Caution is urged atcertain places or times outside the tourist zones of Acapulco and Mazatlan, as well as in Cuernavaca.You can read the text of the travel warning on the State Department website. It says it is designed to"consolidate and update information about the security situation." And it places additional restrictions onwhere government employees can go. The state-by-state summary opens with a calming statement that"millions of U.S. citizens safely visit Mexico each year for study, tourism, and business, including morethan 150,000 who cross the border every day. The Mexican government makes a considerable effort toprotect U.S. citizens and other visitors to major tourist destinations, and there is no evidence thatTransnational Criminal Organizations (TCOs) have targeted U.S. visitors and residents based on theirnationality. Resort areas and tourist destinations in Mexico generally do not see the levels of drug-relatedviolence and crime reported in the border region and in areas along major trafficking routes." UNCLASSIFIED NOTICEHA NLDING: For any document bearing the U/ / FOUO handling instruction, certain safeguards must be taken. This means it cannot be discarded in the open trash, made available to the general public, or posted on a public accessible website. It can, however, be sharedwith individuals with a need-to-know while still under the control of the individual possessing the document or product. For example, U/ / FO UO material relating to security precautions may be shared with family members at home. The material should then be returned tothe government office and be properly secured or destroyed. DISTRIBUTION: Wherever possible, U/ / FOUO information should not be passed over unencrypted communications lines (e.g., open phones, non-secure fax, personal e-mails). If no secure communications areavailable for transmission, U/ / FOUO material may be sent via unprotected means, with supervisory approval after risk has been assessed. When not in use, U/ / FO UO materials will be stored in a locked desk or office. Unauthorized distribution of Law EnforcementSensitive (LES) information could seriously jeopardize the conduct of on-going investigations and/ or the safety of law enforcement personnel. This document contains information that may be exempt f rom public release under the Freedom of Information A ct (5 USC552). NO THING IN THIS DO CUM ENT SHA LL BE DISTRIBUTED TO THE M EDIA OR GENERA L PUBLIC. Foreign nationals attached or assigned to Fort Bliss are considered members of the general public.
  • 2. UNCLASSIFIED(OPSEC) Facebook Enabling HTTPS By Default For North American Users.20121119. Source: http://threatpost.com/en_us/blogs/facebook-enabling-https-default-north-american-users-111912(U) Facebook the week of November 19 will begin turning on secure browsing by default for its millions ofusers in North America. The change will make HTTPS the default connection option for all Facebooksessions for those users, a shift that gives them a good baseline level of security and will help preventsome common attacks. Facebook users have had the option of turning on HTTPS since early 2011 whenthe company reacted to attention surrounding the Firesheep attacks. However, the technology was notenabled by default and users had to manually make the change in order to get the better protection ofHTTPS. Now, users will have to manually turn HTTPS off if they do not want it, a distinction that is amajor change, especially for Facebook’s massive user base, which has become a major target forattackers. GENERAL AWARENESS(Cyber)(PIR 7) Will Twitter War Become The New Norm?20121120. Source: http://www.cnn.com/2012/11/15/tech/social-media/twitter-war-gaza-israel/index.html(U) War is not just about bombs and rockets. Its about words. Thats been true for centuries, of course.But the public got a rude awakening this week about just how much those words can matter in the digitalage when the Israel Defense Force live tweeted its strike that killed a Hamas leader. The militarys livespin about the strike, and Hamas response on a separate Twitter feed, have been called anunprecedented use of social media. BuzzFeed wrote that it "may well be the most meaningful change inour consumption of war in over 20 years." Its raising questions about the ethics and implications of live-tweeting a violent conflict. And its calling into question the democratic, everyone-has-a-voice nature ofTwitter, which is known more for giving a voice to protesters and civilians than military spokespeople. Inthis case, it seems to be giving a megaphone to the military. "Armies and militaries and governmentshave done this kind of thing with radio broadcasts and whatever tools they have at their disposal," saidMathew Ingram, a senior writer for the tech site GigaOm. "What changes it is the reach and the speed" ofthe messages in the social media age. "Twitter and Facebook havent reinvented communications, butthey sure have changed it in some pretty important ways." Amid fears the violence could escalate, Israelhas reported three people killed and Hamas says 20 Palestinians are dead. At least 274 rockets havebeen fired from Gaza into Israel, according to the Israeli military. More than 140 strikes have hit Gaza,sources with Hamas say. Both sides say they were retaliating against the others actions. Tweets from theofficial @IDFSpokesperson account, which had about 100,000 followers on Thursday, announced anattack on Gaza and reported on its aftermath. "The IDF has begun a widespread campaign on terror sites& operatives in the #Gaza Strip," the feed wrote on Wednesday, "chief among them #Hamas & IslamicJihad targets."(Cyber)(PIR 7) Four Ways To Turn Insiders Into Assets20121119. Source: http://www.darkreading.com/insider-threat/167801100/security/security-management/240142363/four-ways-to-turn-insiders-into-assets.html(U) Jayson Street has few problems walking into businesses and getting access to sensitive companydata. A vice president of information security for a bank by day, Street moonlights as a penetration testerat Stratagem 1 Solutions, a job at which he has yet to fail. At the CyberCrime Symposium in Portsmouth,N.H., earlier this month, Street illustrated all the ways that attackers can gain physical and networkaccess to corporate computers, from tailgating to get physical access to custom USB drives to infectworkers systems, to phishing employees to gain network credentials. He stresses that his success is notdue to his skill in social-engineering workers, but the employees lack of preparedness to handle thestrategies used by the bad guys. "This is stuff that anybody can do with any kind of skill level," Streetsaid. Companies need to stop solely focusing on preventing attacks and invest effort in detecting whenattackers have breached their systems. A good way to do that is to train employees to better recognizethreats and respond to potential security issues in the proper way, turning workers from liabilities intoassets. "A determined attacker is going to get into your network. Who is going to report it, how are theygoing to respond -- those are the questions that you need to ask," Street said. "Its time to think of your UNCLASSIFIED NOTICEHA NLDING: For any document bearing the U/ / FOUO handling instruction, certain safeguards must be taken. This means it cannot be discarded in the open trash, made available to the general public, or posted on a public accessible website. It can, however, be sharedwith individuals with a need-to-know while still under the control of the individual possessing the document or product. For example, U/ / FO UO material relating to security precautions may be shared with family members at home. The material should then be returned tothe government office and be properly secured or destroyed. DISTRIBUTION: Wherever possible, U/ / FOUO information should not be passed over unencrypted communications lines (e.g., open phones, non-secure fax, personal e-mails). If no secure communications areavailable for transmission, U/ / FOUO material may be sent via unprotected means, with supervisory approval after risk has been assessed. When not in use, U/ / FO UO materials will be stored in a locked desk or office. Unauthorized distribution of Law EnforcementSensitive (LES) information could seriously jeopardize the conduct of on-going investigations and/ or the safety of law enforcement personnel. This document contains information that may be exempt f rom public release under the Freedom of Information A ct (5 USC552). NO THING IN THIS DO CUM ENT SHA LL BE DISTRIBUTED TO THE M EDIA OR GENERA L PUBLIC. Foreign nationals attached or assigned to Fort Bliss are considered members of the general public.
  • 3. UNCLASSIFIEDemployees as the biggest human intrusion-detection system." Companies looking to take advantage ofthat human IDS should start focusing on training their employees. Here are four steps to get you started.1. Focus on changing user behavior. When it comes to training users, about 70 to 80 percent ofcompanies are driven by compliance requirements and just want to get the box checked for training theiremployees, says Aaron Cohen, a managing partner at MAD Security, a security training firm. Yet ratherthan buy a one-size-fits-all series of training videos, companies should focus on changing behaviors,Cohen says. "The status quo doesnt work," he says. "People look at buying hundreds of firewalls, but notspending the appropriate amount of money training their employees or making sure their employeesknow how to protect their assets."2. Test and retest. Videos may work for some employees, but testing their reaction to an actual test cangive a company an idea of what might happen while giving the worker valuable experience in what toexpect in the future. Security training company PhishMe, for example, allows companies to send theiremployees phishing e-mails. Anyone who clicks on the e-mail link will be brought to a special site toeducate them. "Immersing a user in that experience can help immensely," says Scott Greaux, vicepresident of product management for PhishMe. "Thirty seconds is enough time for someone to learn froma single event like that." Both PhishMe and MAD Security have similar data on the improvement seenafter regular education and training. At initial testing, about half of all employees will fall for a phishingattack targeted at the company. After a few training sessions, the number typically falls below 10 percent."Organizations that commit to the success of a security awareness program can see hard data on itssuccess and a return on their investment," MAD Securitys Cohen says.3. Teach the individual. Periodic testing and video training are not the only ways to solve the trainingproblem, Cohen says. The training should be tailored to the company and the individuals who work there.For one client, for example, MAD Security decided to create a viral video of a cat being electrocuted by aUSB memory stick, ending with the tagline, "USB devices can be dangerous." "In an organization, thepeople in a military uniform learn very differently than those in accounting," says Cohen says. "So youcant get everyone a one-size-fits-all type of training."4. Even a failure can be a success. If an attacker fools an employee into clicking on a malicious link,submitting his credentials to a phishing site, or holding a door to allow him in the building, a properlytrained employee can still act on his suspicions and correctly respond to the threat. An employee whoreports any misgivings about an event can help a company respond in minutes or hours, before anydamage has happened. "You are reducing what your attack potential is, and users that are susceptible tosocial engineering will still know what to do to report a potential attacker," Greaux says. "Weve seencompanies where its a three-month cycle to detect an attack through technology, where a properlytrained employee who voices [his] suspicions can lead to detection in about 10 minutes." Fostering anenvironment where employees can make mistakes and still use their training to help protect the companyis critically important, he says.(Cyber)(PIR 7) Cyber Criminals Target Skype, Facebook And Windows Users.20121121. Source: http://www.computerweekly.com/news/2240171783/Cyber-criminals-target-Skype-Facebook-and-Windows-users(U) Cyber criminals targeted users of Skype, Facebook and Windows using multiple Blackhole exploits inOctober, according to the latest threat report from security firm GFI Software. Researchers uncovered alarge number of Blackhole exploits disguised as Windows licences, Facebook account verification emails,Skype voicemail notifications and spam messages. Christopher Boyd, senior threat researcher at GFISoftware, said the Blackhole exploit kit is one of the biggest dangers that internet users face. “It is thechameleon of internet threats. It simplifies the process of creating cybercrime campaigns and is easilyadapted to take advantage of the buzz surrounding major news events and popular brands,” he said.However, Boyd said these attacks are relatively easy to avoid by incorporating basic internet safetypractices into daily browsing. “Users should verify the source and destination of any link before clickingand they should never run executable files unless they are positive that the source is legitimate,” he said.Blackhole exploits require victims to open links to compromised websites hosting a file that must bedownloaded and executed to complete the attack. This file contains a JavaScript which scans forunpatched software and other vulnerabilities before deploying the appropriate exploits and infecting a UNCLASSIFIED NOTICEHA NLDING: For any document bearing the U/ / FOUO handling instruction, certain safeguards must be taken. This means it cannot be discarded in the open trash, made available to the general public, or posted on a public accessible website. It can, however, be sharedwith individuals with a need-to-know while still under the control of the individual possessing the document or product. For example, U/ / FO UO material relating to security precautions may be shared with family members at home. The material should then be returned tothe government office and be properly secured or destroyed. DISTRIBUTION: Wherever possible, U/ / FOUO information should not be passed over unencrypted communications lines (e.g., open phones, non-secure fax, personal e-mails). If no secure communications areavailable for transmission, U/ / FOUO material may be sent via unprotected means, with supervisory approval after risk has been assessed. When not in use, U/ / FO UO materials will be stored in a locked desk or office. Unauthorized distribution of Law EnforcementSensitive (LES) information could seriously jeopardize the conduct of on-going investigations and/ or the safety of law enforcement personnel. This document contains information that may be exempt f rom public release under the Freedom of Information A ct (5 USC552). NO THING IN THIS DO CUM ENT SHA LL BE DISTRIBUTED TO THE M EDIA OR GENERA L PUBLIC. Foreign nationals attached or assigned to Fort Bliss are considered members of the general public.
  • 4. UNCLASSIFIEDmachine. The compromised links can be customised to target customers of specific companies, membersof various social networking sites, or general internet users seeking information on popular news storiesand events. Researchers found that just days before the release of Microsoft’s Windows 8, some usersencountered spam emails offering a free “Microsoft Windows License”. Users who clicked the maliciouslink and downloaded the accompanying file were hit with a Blackhole exploit and infected with a CridexTrojan. Another spam email campaign targeted Facebook users with a message claiming that theiraccount was locked and needed to be re-verified. The links led to Blackhole exploits and a Zeus Trojandisguised as an Adobe Flash Player download. Skype users were also targeted by multiple campaigns.Some received spam emails containing phony voicemail notifications. Users who clicked on the Blackholelinks were infected with a Zeus Trojan. Other users were confronted with spam messages from theirSkype contacts containing generic questions about their profile picture and a link to a Trojan whichinfected their systems, deleted itself and began making DNS requests to various malicious URLs. Whilemany of these sites were quickly taken down, the spam campaign began hijacking victims’ PCs for clickfraud and directing them to ransomware messages, demanding payment of fines for illegal file-sharing.(Cyber)(PIR 2) Cyber War Rages Behind The Scenes In Conflict Between Israel And Hamas.20121121. Source: http://www.examiner.com/article/cyber-war-rages-behind-the-scenes-conflict-between-israel-and-hamas(U) According to RT news report "a cyber war" is raging behind the scene in the war between Hamas andIsrael. The Israeli government has been hit by cyber-warfare attacks since Operation Pillar of Defensebegan four days ago. "On Saturday, hacktivist group Anonymous launched a massive attack on over 700Israeli websites. The country’s finance minister has acknowledged the recent wave of attacks, saying thegovernment is now waging a war on a “second front.” "Over the past four days, Israel has “deflected 44million cyber-attacks on government websites,” Israeli Finance Minister Yuval Steinitz told AP. Steinitzsaid the government has come up with a backup for “essential websites,” should they be taken down byhackers. "This is an unprecedented attack, and our success has been greater than we anticipated," hesaid. He did not say who was responsible for the hacking attempts. He also declined to disclose whichcountries the attacks were coming from", the article said. "His comments come just one day afterhacktivist group Anonymous launched a massive attack on almost 700 Israeli websites, calling thecampaign #OpIsrael. The group took down the Israeli president’s official website and the blog of thecountrys Defense Force, www.idfblog.com. The collective posted the news on Twitter using theirinfamous #TANGO DOWN hashtag. The blog is, in fact still down”. “The IDF (Israeli Defense Force)assault on Gaza – the biggest in more than three years – has been accompanied by an equallyaggressive social media offensive with sites like twitter used to publicize and justify the attack on Gaza.The Israeli Defense Force has used Facebook, YouTube, Twitter, Instagram and other popular platformsto make the case for its campaign in Gaza as well as to issue a warning to Hamas. After taking outHamas military leader Ahmed Jabari with a precision guided bomb, the IDF tweeted a chilling warning toHamas: “We recommend that no Hamas operatives, whether low level or senior leaders, show their facesabove ground in the days ahead”, source: Twitter. OPSEC- It’s All About YOUR Information. Know It. Protect It! UNCLASSIFIED NOTICEHA NLDING: For any document bearing the U/ / FOUO handling instruction, certain safeguards must be taken. This means it cannot be discarded in the open trash, made available to the general public, or posted on a public accessible website. It can, however, be sharedwith individuals with a need-to-know while still under the control of the individual possessing the document or product. For example, U/ / FO UO material relating to security precautions may be shared with family members at home. The material should then be returned tothe government office and be properly secured or destroyed. DISTRIBUTION: Wherever possible, U/ / FOUO information should not be passed over unencrypted communications lines (e.g., open phones, non-secure fax, personal e-mails). If no secure communications areavailable for transmission, U/ / FOUO material may be sent via unprotected means, with supervisory approval after risk has been assessed. When not in use, U/ / FO UO materials will be stored in a locked desk or office. Unauthorized distribution of Law EnforcementSensitive (LES) information could seriously jeopardize the conduct of on-going investigations and/ or the safety of law enforcement personnel. This document contains information that may be exempt f rom public release under the Freedom of Information A ct (5 USC552). NO THING IN THIS DO CUM ENT SHA LL BE DISTRIBUTED TO THE M EDIA OR GENERA L PUBLIC. Foreign nationals attached or assigned to Fort Bliss are considered members of the general public.