ISIS claims Tunisian beach resort massacre

2015-06-27 09:00
(File: AP)(File: AP)

Tunis – The Islamic State group on Saturday claimed responsibility for a massacre in a Tunisian seaside resort that killed nearly 40 people in the worst attack in the country’s recent history.

The jihadists said the gunman, who they identified as Abu Yahya al-Qayrawani, was a “solider of the caliphate” who had targeted enemies of ISIS and “dens… of vice” in Port el Kantaoui.

Most of those killed were “subjects of states that make up the crusader alliance fighting the state of the caliphate”, the group said in a statement released on Twitter.

The attack targeted “dens [of…] fornication, vice and apostasy in the city of Sousse” and was carried out “despite [security] measures strengthened around these dens on Kantaoui beach”, it added. Continue reading

Terror attacks around the world underline influence of Islamic State

Reuters
Islamists struck in three different attacks, but there is no evidence they were coordinated.

The attacks came one after the other in the space of a few hours.   In France, a decapitated body covered in Arabic writing was found after an attacker rammed his car into a gas container, triggering an explosion. In Kuwait, a suicide bomber blew himself up in a packed Shi’ite mosque during Friday prayers, killing more than two dozen. And in Tunisia, at least 37 people died when a gunman opened fire at a popular tourist hotel.

There is no evidence the three attacks were deliberately coordinated. But coming so close together on the same day on three different continents, they underscored the far-reaching and fast-growing influence of Islamist group Islamic State, western politicians said. Continue reading

China joins the mass data breach party: lessons to learn from the OPM

China joins the mass data breach party: lessons to learn from the OPM

The massive data breach of federal employee information at the OPM could mark a significant moment in the evolution of the threat landscape

Related topics
Data
Data breach
Security

Related articles

Why nation-state cyber warfare should be keeping you up at night

Google to warn GMail users of state-sponsored attacks

Google to warn GMail users of state-sponsored attacks

Governments and businesses must act now on the Internet of Things, warns Accenture

Share article

 49  0  0  10 googleplus0

Short of time?

Print this pageEmail article

‘The Edward Snowden leaks pale in comparison to the wilful errors that made this breach possible’

If the intelligence coming through is correct, and a nation state is behind the cyber attack at the US Office of Personnel Management (OPM), then IT leaders have yet another problem to worry about.

State-sponsored hackers are not just after select pieces of geopolitically advantageous intel – they’re prepared to lift millions of records at a time from organisations to get what they’re looking for.

But what are they looking for? And how do we stop them?

Even in an industry where ‘major inflection points’ seem to come along every few months, the OPM attack is a big deal. Originally thought to have compromised the personal details of only around four million US government employees, that number may now have risen to as many as 14 million.

>See also: Why nation-state cyber warfare should be keeping you up at night

More importantly, the breach is now said to have compromised highly sensitive data on staff applying for security clearance roles in military or intelligence positions. This data could include whether an individual has a criminal record, any history of alcohol or drug abuse, filed for bankruptcy and so on, according to reports.

This is information that a foreign state would find hugely valuable. It could be used for blackmail, coercion and even for possible recruitment of spies. And let’s not forget that the wealth of personal information contained in these employee records can also be used to make follow-up spear phishing attacks even more sophisticated and hard to spot.

A chequered past

This isn’t the first time something like this has happened. In fact, an intrusion into the OPM was traced to China last year but the department seems not to have heeded an Office of the Inspector General report soon after criticising “significant” deficiencies in its security. A watchdog has now said the OPM underinvested in security for a decade. This should be a warning to organisations everywhere – you get the security you pay for.

There are also signs that the recent Anthem breach of 80 million health records, the Premera Blue Cross incident exposing 11 million customers, and an attack on Carefirst Blue Cross (1.1 million) were linked to each other and China.

We’ll probably never find out if it was a government-sanctioned mission. But so far some reports seem to suggest that this data isn’t finding its way onto the darknet, which would be a typical move if it were nabbed by cybercriminal gangs.

So what can we learn from this? IT leaders should already be on high alert about the major data theft threat posed by cybercrime gangs – and the huge resulting clean-up and legal costs, regulatory fines, and damage to brand and shareholder value.

Knowing this threat has expanded to nation-state operatives should serve as a timely reminder to get security strategies in order, especially for government contractors.

On the plus side, best practice security to mitigate the effects of an attack shouldn’t change, whether the attacker is a criminal gang or an army hacking unit.

Aim to secure systems at every step of the cyber “kill chain”, starting with human resources. Invest in education and awareness training, so more staff can spot those all-important spear-phishing emails, and react quickly to an incident.

Then look at intelligence gathering to see if you’ve become a target. After that, it’s all about good security housekeeping, including keeping up-to-date with patches to ensure software vulnerabilities can’t be exploited. Guidelines like those produced by NIST and GCHQ are there for a reason, so follow them.

It’s also important to classify and label data and apply policies accordingly – segregating if necessary according to sensitivity.

>See also: Governments and businesses must act now on the Internet of Things, warns Accenture

Some highly sensitive data may need to be kept in air-gapped data stores. Delete anything that’s no longer useful or relevant. You’ll also need to authenticate access to this data strictly, along the principle of least privilege, and put a full audit trail behind it. It can also be useful to run breach ‘war games’ from time to time to check incident response plans are working.

No business is safe from a determined attacker, but what the OPM consistently failed to do was make suitable efforts to manage the risk of a serious breach. It’s a cautionary tale we would all do well to learn from. One thing’s for certain: the Edward Snowden leaks pale in comparison to the wilful errors that made this breach possible.

Sourced from Bharat Mistry, Trend Micro

– See more at: http://www.information-age.com/technology/security/123459678/china-joins-mass-data-breach-party-lessons-learn-opm#sthash.rz3O942H.dpuf

The massive data breach of federal employee information at the OPM could mark a significant moment in the evolution of the threat landscape

‘The Edward Snowden leaks pale in comparison to the wilful errors that made this breach possible’

If the intelligence coming through is correct, and a nation state is behind the cyber attack at the US Office of Personnel Management (OPM), then IT leaders have yet another problem to worry about.

State-sponsored hackers are not just after select pieces of geopolitically advantageous intel – they’re prepared to lift millions of records at a time from organisations to get what they’re looking for.

But what are they looking for? And how do we stop them?

Even in an industry where ‘major inflection points’ seem to come along every few months, the OPM attack is a big deal. Originally thought to have compromised the personal details of only around four million US government employees, that number may now have risen to as many as 14 million. Continue reading

Iranian Intellectual And Dissident: The Iranian Regime Is As Bad As ISIS, Yet Western Leaders Ignore Its Crimes

June 18, 2015 Special Dispatch No.6075
On October 30, 2014, Iranian intellectual Mohammad Maleki, a former president of Tehrn University and a critic of the Iranian regime, published an open letter to the people of Iran in the online daily Roozonline.com. In the letter, he wondered why U.S. and European leaders are shocked by ISIS’ beheadings yet ignore the brutal crimes that the Iranian regime has been committing ever since its establishment against its own people and the people of the region. Maleki argued that the Iranian regime, under its founder Ayatollah Ruhollah Khomeini and his successor Ali Khamenei  – who are the Iranian equivalents of ISIS leader Abu Bakr Al-Baghdadi – is the same as ISIS because it too executes people systematically and brutally violates the human rights of many prisoners. Maleki pointed to the mass killing of Iranian prisoners, especially of militants from the oppositionist Mojahedeen-e Khalq organization who were sentenced during the 1980s in disregard for their rights and subjected to physical and psychological torture. He claimed that the West even helped the Iranian regime by giving it a free hand in Iraq after Saddam Hussein’s ouster and letting it act against Iranian oppositionists there, in collaboration with then-Iraqi president Nouri Al-Maliki, who is an Iranian lackey.

The 81-year-old Maleki, who lives in Iran, is a member of the anti-regime National-Religious Coalition of Iran and a columnist for the reformist daily Rooz. He served as Tehran University’s first president following the Islamic Revolution and spent five years in prison for opposing the purge of the universities conducted by Khomeini as part of his cultural revolution. Continue reading

Will our future Internet be paradise or dystopia?

What we learned from an Atlantic Council event discussing digital trends and possible scenarios for the world’s online future.

What does the perfect Internet look like?

The paradisiacal vision of its future – a scenario Atlantic Council senior fellow Jason Healey calls “Cyber Shangri La” – is one in which the dreams of Silicon Valley come true: New technologies are born and implemented quickly; secure online access is a human right.

There’s also what Mr. Healey, a Passcode columnist, dubs “Clockwork Orange Internet.” In this dystopian future, criminals and nation-states knock down attempts to secure networks and devices; people are afraid of shopping online or communicating freely with friends.

Passcode was the exclusive media partner for an event hosted by the Atlantic Council’s Cyber Statecraft Initiative on Wednesday focusing on alternate realities for the future of the Digital Age. Here are three things we learned from some of the country’s leading thinkers. Continue reading

Mall of America under threat from al-Shabaab

The Somali terrorist group al-Shabaab released a video this weekend claiming to target several malls and shopping centers in the US and Great Britain. The most prominent target mentioned by the terrorists was the Mall of America in Minneapolis.

Minneapolis has a large Somali population and it is reported by DHS that al-Shabaab has been actively recruiting residents. DHS Secretary Jeh Johnson told CNN’s “State of the Union” on Sunday that shoppers should be vigilant when visiting the mall.

CNN:

“If anyone is planning to go to the Mall of America today, they’ve got to be particularly careful,” Johnson said.

“There will be enhanced security there, but public vigilance, public awareness and public caution in situations like this is particularly important, and it’s the environment we’re in, frankly,” he said.

His comments come as the Mall of America implements new security measures — some of which the mall said in a statement would be noticeable to shoppers. Continue reading

Turkey and the West Part Ways on ‘Charlie Hebdo’

Turkey and the West Part Ways on ‘Charlie Hebdo’

Turkish reactions to the massacre in Paris once again reveal a growing gap with the West. While leaders and commentators in western countries immediately condemned the terrorists and presented a broadly unified stance denouncing the shocking attack on Charlie Hebdo as an act of violence against freedom of the press, Turkish leaders came up with a starkly different diagnosis: They interpreted last week’s events as yet another assault on Islam itself.

Freedom of the press, it would seem, is not high on the Turkish agenda at the moment. When the secular leftist newspaper Cumhuriyet decided to run a special issue of Charlie Hebdo today to show its solidarity, police raided the newspaper’s printing plant. Cumhuriyet said the police allowed distribution to proceed after verifying that Charlie Hebdo‘s controversial cover featuring the Prophet Muhammad wasn’t being published. Politicians were quick to follow up. “Those who publish some images in reference to our sublime prophet and thus disregard Muslims’ sacred [feelings] are involved in open provocation and agitation,” Deputy Prime Minister Yalcin Akdogan said. Not only the ruling party but the judiciary, too, is offended by the Turkish media’s message of solidarity. A court in Diyarbakir has ordered the Turkish telecommunications authority to ban access to web pages showing Charlie Hebdo‘s front cover with the image of the Prophet Mohammed. Continue reading