Chatback Security - A Blog About Protective Security

We Have Moved.....Please check out chatbacksecurity.com

2012-04-24T07:06:00.001+01:00

Please hold the line........the caller knows you are waiting and we are trying to connect you........

Free Virus Removal Tool for download from Sophos

2012-04-11T22:16:00.000+01:00

You know that feeling when you're pretty sure your Windows machine *might* be infected, but your anti-virus finds nothing?

Or worse, your anti-virus does detect malware, but the instructions to disinfect and rid your system of the malware are so complicated that you want to pull out your hair.

Well, Sophos has just released its Virus Removal Tool. Designed to be child's play to use, it detects and, more importantly, disinfects all those nasty viruses, spyware, rootkits and even fake anti-virus with its flagship industrial-strength anti-virus.

Best of all it is free, and for Naked Security readers, there are no details to enter before you can download and use it.

Actually, really best of all, there is no need to remove existing anti-virus that is already installed.

For the past year or so, the Virus Removal Tool has been used by some of Sophos's biggest customers to disinfect complicated malware that sneaked onto a poorly protected computer, but this is the first time Sophos has released this tool to the public at large.

Sophos has also provided a free support forum called Sophos FreeTalkwhere you can ask any questions about this and other free Sophos products.

The majority of our readers are pretty security conscious, and we know from experience that many of you are probably the IT guy or gal called upon to help family and friends sort out their computers when things go awry. Sophos hopes that this tool will make your lives a little bit easier.

Lastly, Sophos would love to hear your thoughts on its Virus Removal Tool. It sees this as a tool worth investing in, but the company wants to make sure it gets your thoughts first so it can prioritise any improvements accordingly.

Originally posted by Naked Security

The Shard - Dare devils breach security to ascend Europes tallest building

2012-04-10T11:02:00.001+01:00

Centre for the Protection of National Infrastructure (CPNI) Goes Viral!

2012-04-04T19:21:00.000+01:00

Wow the CPNI is now very much public! I think this is a very brave move but I'm positive it will be a successful one. CPNI are already the public face of MI5 and a new series of YouTube videos have taking things a step further.

What a fantastic idea, opening up their vast source of knowledge to the masses. Hopefully they will add some other resources for PhySec, PerSec and InfoSec to the channel. My head is spinning with ideas but being able to integrate their PerSec guidance into training modules (e-learning specifically) via a short video would be really useful!

There are currently 3 videos listed on the CPNI channel, they are

Security Implications of Internet Protocol version 6 (IPv6), Secure move to IP-based Networks (SCADA) and 20 Critical Security Controls for Cyber Defence

ow).

One of the CPNI Channel Video's

About the Centre for the Protection of National Infrastructure (CPNI): they provide integrated security advice (combining information security, personnel security and physical security) to organisations which make up the national infrastructure. Their advice helps to reduce the vulnerability of the national infrastructure (primarily the critical national infrastructure) to terrorism and other threats to national security.

Protective Security: Tackling The Issue of Metal Theft

2012-04-02T20:11:00.000+01:00

A new Crimestoppers campaign has been launched to tackle metal theft. Opportunistic criminals are targeting the community by stealing metal from houses, businesses and public premises. You can help by reporting any crime you see.

Dangerous crime

This crime can also be extremely dangerous to you, your family and your community. Criminals will target children’s playgrounds, church and school roofs, telephone cabling and so on, with no regard for the potential consequences.

Among the things being stolen are:

manhole covers
cables used for 999 calls
live electricity wiring

You can provide any information to Crimestoppers, no matter how small, 24 hours a day either by:

phone: 0800 555 111
internet: Crimestoppers website

You have guaranteed anonymity and it won’t even show on your phone bill.

Crimestoppers is an independent, international charity providing a vital service to the public, enabling them to pass information in relation to crime anonymously in order to make the UK a safer place for all of us.

You can get more information, including a leaflet, at the following link:

‘Crush metal theft in your community’ (PDF 1.15 MB) – Department of Justice website

Figures show that in 2011 there were 669 recorded incidents of metal theft throughout Northern Ireland compared to 219 in 2007.

More useful links

Chatback has previously reported on metal thefts

Fraud Women's Network - 'From Fagin to Phishing'

2012-04-01T09:20:00.000+01:00

Last Thursday I attended the 6th Annual Event and 5 year Celebration of the Fraud Women’s Network (FWN). The event was called “From Fagin to Phishing” 200 Years of Organised Crime with presentations from Colin Woodcock MBE – SOCA and David Chernick - MD at TREACL Ltd, and Chair of PREFIT. Both presentations were very good and took us on a professional and personal journey of how organised crime changed through the ages? Or had it? How have organisations tackled and mitigated these changes? Have they? How has it evolved and shaped the way we tackle crime and look at fraudsters today?

But the real reason in coming together was to celebrate the FWN's 5th year anniversary, present the Stella Walsh Award and have a truly wonderful network evening where the women definitely outnumbered the men and I was one of the lucky few to be invited.

Now, some of the older, crustier and less tolerant men out there may just see this organisation as a bunch of raving feminists coming together to right all the wrongs in the world created by men. They couldn't be more wrong. The FWN's strap line isn't we hate men, far from it. Chair, Toni Sless was recorded saying the complete opposite, but it is important to recognise there are notable differences and challenges that women face everyday. I spoke to a number of women who attended the event to ask what they get out of it and what are some of the challenges they actually face and it was all too clear that there is a distinct lack of women in senior positions within the fraud prevention and detection arena.

So what's this Fraud Women's Network actually all about then. Well any woman who works in the anti-fraud arena will know that it can sometimes be a rather male environment and lack true support and mentoring. The Fraud Women’s Network has therefore been set up to bring together women involved in all aspects of fraud prevention, detection, investigation and prosecution, to network and to share best practice, information and experience in order to help tackle the threat from fraud and organised crime head on. They aim to provide women in the anti-fraud business with:

Networking opportunities. Our regular networking events provide an invaluable way of establishing and cementing contacts across the whole anti-fraud arena, sharing information and ideas (they also enjoy the social aspect and are good at it)

Access to a wide-ranging education programme about the latest trends and developments in fraud and organised crime, and the newest tools to help prevent, detect and investigate fraud;

Mentoring opportunities. Many of the members of the Fraud Women's Network are senior within their organisations and have a great deal of knowledge, experience and advice that they can impart, as well as encouraging junior women to progress in their careers;

Access to the members and activities of the regional Fraud Forums, all part of the National Federation of Fraud Forums.

For all enquiries about the Network: info@fraudwomensnetwork.com or Click here: for the Fraud Women's Network website

The winners of the Stella Walsh Award 2012 were:

Pat Turner, Manager, Virgin Media – Long Term Commitment to Preventing Fraud.

Jenny Playford DC, City of London Police – Outstanding Fraud Investigation

Congratulations to both, very well deserved and fascinating accounts of the work they completed.

Personally, I can see real and genuine value in this network and completely support its board, membership and objectives. Do share the above website with any women who may not be in the Network, I know they'd be welcome. I was delighted to be invited by the Chair and even more surprised and honoured to receive a mention within her introductory speech. A Big well done, congratulations and Happy Birthday to the Fraud Women's Network, keep up the good work and keep in touch.

Yet Another Scam Email!

2012-03-27T21:36:00.000+01:00

It must be that time of year again! My spam folder seems to be full of these scamsters!

Email sent via hassanmohamedlaw@yahoo.com

Security: A Visit To The Olympic Park

2012-03-23T19:42:00.001+00:00

The Olympic and Paralympic Games is going to be a fantastic event for the UK and with only 126 days to go the final preparations are taking place!

I was lucky enough to have a tour of the Olympic Park today and I have to say things are looking great. Security really is top notch (and so it should be for nearly £1bn), well done to the security team on-site they are doing a great job!

Keeping Terrorism in Perspective via Stratfor

2012-03-22T20:47:00.000+00:00

Original Source Stratfor

By Scott Stewart

As we conclude our series on the fundamentals of terrorism, it is only fitting that we do so with a discussion of the importance of keeping terrorism in perspective.

By design, terrorist attacks are intended to have a psychological impact far outweighing the physical damage the attack causes. As their name suggests, they are meant to cause terror that amplifies the actual attack. A target population responding to a terrorist attack with panic and hysteria allows the perpetrators to obtain a maximum return on their physical effort. Certainly, al Qaeda reaped such a maximum return from the Sept. 11 attacks, which totally altered the foreign policy and domestic security policies of the world's only superpower and resulted in the invasion of Afghanistan and military operations across the globe. Al Qaeda also maximized its return from the March 11, 2004, Madrid train bombings, which occurred three days before the 2004 Spanish general elections that ousted the ruling party from power.

One way to mitigate the psychological impact of terrorism is to remove the mystique and hype associated with it. The first step in this demystification is recognizing that terrorism is a tactic used by a variety of actors and that it will not go away, something we discussed at length in our first analysis in this series. Terrorism and, more broadly, violence are and will remain part of the human condition. The Chinese, for example, did not build the Great Wall to attract tourists, but to keep out marauding hordes. Fortunately, today's terrorists are far less dangerous to society than the Mongols were to Ming China.

Another way to mitigate the impact of terrorism is recognizing that those who conduct terrorist attacks are not some kind of Hollywood superninja commandos who can conjure attacks out of thin air. Terrorist attacks follow a discernable, predictable planning process that can be detected if it is looked for. Indeed, by practicing relaxed, sustainable situational awareness, people can help protect themselves from terrorist attacks. When people practice situational awareness collectively, they also can help protect their communities from such attacks.

A third important component in the demystification process is recognizing and resisting the terror magnifiers terrorist planners use in their efforts to maximize the impact of their attacks. Terrorist attacks will cause tragedy and suffering, but the targeted population can separate terror from terrorism, and minimize the impact of such attacks if they maintain the proper perspective.

Propaganda of the Deed

As we begin our examination of perspective and terror magnifiers, let's first examine the objective of terrorist planners.

Nineteenth-century anarchists promoted what they called the "propaganda of the deed," or using violence as a symbolic action to make a larger point, such as inspiring the masses to undertake revolutionary action. In the late 1960s and early 1970s, modern terrorist organizations began to conduct operations designed to serve as terrorist theater, an undertaking greatly aided by the advent and spread of broadcast media. Some examples of early attacks specifically intended as made-for-television events include the September 1972 kidnapping and murder of Israeli athletes at the Munich Olympics and the December 1975 raid on OPEC headquarters in Vienna. Aircraft hijackings quickly followed suit, and were transformed from relatively brief endeavors to long, drawn-out and dramatic media events often spanning multiple continents. The image of TWA Flight 847 captain John Testrake in the window of his cockpit with a Hezbollah gunman behind him became an iconic image of the 1980s, embodying this trend.

Today, the proliferation of 24-hour television news networks and Internet news sites magnifies such media exposure. This increased exposure not only allows people to be informed minute-by-minute about unfolding events, it also permits them to become secondary, vicarious victims of the unfolding violence. The increased exposure ensures that the audience impacted by the propaganda of the deed becomes far larger than just those in the immediate vicinity of a terrorist attack. On Sept. 11, 2001, millions of people in the United States and around the world watched live as the second aircraft struck the south tower of the World Trade Center, people leapt to their deaths to escape the raging fires and the towers collapsed. Watching this sequence of events in real time profoundly impacted many people. Its effect was far greater than if people have merely read about the attacks in newspapers.

In the wake of 9/11, a wave of terror swept the globe as people worldwide became certain that more such spectacular attacks were inevitable. The November 2008 Mumbai attacks had a similar, albeit smaller, impact. People across India were fearful of being attacked by teams of Lashkar-e-Taiba gunmen, and concern spread around the world about Mumbai-style terrorism.

Terror Magnifiers

Such theatrical attacks exert a strange hold over the human imagination. The sense of terror they create can dwarf the reaction to natural disasters many times greater in magnitude. For example, more than 227,000 people died in the 2004 Indian Ocean tsunami compared to fewer than 3,000 people on 9/11. Yet the 9/11 attacks spawned a global sense of terror and a geopolitical reaction that had a profound and unparalleled impact upon world events over the past decade.

As noted, the media magnifies this anxiety and terror. Television news, whether broadcast on the airwaves or over the Internet, allows people to experience a terrorist event remotely and vicariously, and the print media reinforces this. While part of this magnification results merely from the nature of television as a medium and the 24-hour news cycle, bad reporting and misunderstanding can build hype and terror.

For example, a Mexican drug cartel on March 19 detonated a small explosive device in a vehicle in Ciudad Victoria. In the wake of this minor attack, the Mexican and U.S. media breathlessly reported that cartels had begun using "car bombs." Journalists on both sides of the border failed to appreciate the significant tactical and operational differences between a small bomb placed in a car and the far larger and more deadly vehicle-borne explosive device, a true car bomb. The Colombian Medellin cartel employed car bombs in Bogota; it is quite significant that the cartels in Mexico have not yet done so despite possessing the necessary capabilities.

The traditional news media are not alone in the role of terror magnifier. The Internet has become an increasingly effective conduit for panic and alarm. From hysterical (and false) claims in 2005 that al Qaeda had pre-positioned nuclear weapons in the United States and was preparing to attack nine U.S. cities and kill 4 million Americans in operation "American Hiroshima" to 2010 claims that Mexican drug cartels were smuggling nuclear weapons into the United States for Osama bin Laden, a great deal of fearmongering can spread rapidly over the Internet.

Website operators who earn advertising revenue based on the number of unique site visitors have an obvious financial incentive to publish outlandish and startling terrorism stories. The Internet also has produced a wide array of other startling claims, including oft-recycled e-mail chains such as the one stating that an Israeli counter-terrorism expert has predicted al Qaeda will attack six, seven or eight U.S. cities simultaneously "within the next 90 days." This e-mail first circulated in 2005, and periodically has reappeared since then. Although it is an old, false prediction, it still creates fear every time it circulates.

Live tweets from attack sites, cell phone calls from people trapped by terrorist attacks to news outlets and the proliferation of cellphone videos on outlets like YouTube also have helped increase the vicarious-victim aspect of terror attacks. In some locations, state media will attempt to suppress media coverage, but these alternate media sources still get the news out to the wider world.

Sometimes even governments act as terror magnifiers. Certainly, in the early 2000s the media and the American public became fearful every time the U.S. Department of Homeland Security (DHS) raised its color-coded threat level. Politicians' statements also can scare people. Such was the case in 2007 when DHS secretary Michael Chertoff said his gut screamed that a major terrorist attack was imminent and in 2010 when the head of French internal intelligence noted that the threat of terrorism in France was never higher.

These warnings produce widespread public concern. A number of reasons exist for providing such warnings, from trying to pre-empt a terrorist attack when there is incomplete intelligence to a genuine concern for the safety of citizens in the face of a known threat to less altruistic motives such as political gain or bureaucratic maneuvering (when an agency wants to protect itself from blame in case there is an attack, for example). As seen by the public reaction to the many warnings in the wake of 9/11, including recommendations that citizens purchase plastic sheeting and duct tape to protect themselves from chemical and biological attack, such warnings can produce immediate panic, although, over time, as threats and warnings prove to be unfounded, this panic can turn into alert fatigue. This fatigue resulted in the DHS scrapping their color-coded alert system in 2011.

Those seeking to terrorize can and do use these magnifiers to produce terror without having to go to the trouble of conducting attacks. The empty threats bin Laden and his inner circle issued about preparing an attack larger than 9/11 -- threats propagated by the Internet, picked up by the media and then reacted to by governments -- are prime historical examples of this.

Stepping Back from the Spectacle

Groups such as al Qaeda clearly recognize the difference between terrorist attacks and terror. This is seen not only in the use of empty threats to sow terror but also in the way terrorist groups claim success for failed attacks. For example, al Qaeda in the Arabian Peninsula (AQAP) declared the failed Christmas Day 2009 "underwear" bombing a success due to the effect it had on air travel. In a special edition of Inspire magazine published in November 2010 following the failed attack against cargo aircraft using IEDs hidden in printer cartridges, AQAP trumpeted the operation as a success, citing the fear, disruption and expense that resulted. AQAP claimed the cargo bomb plot and the Christmas Day plot were part of what it called "Operation Hemorrhage," an effort to cause economic damage and fear, not necessarily to kill large numbers of people.

As noted above, practitioners of terrorism lose a great deal of their ability to create terror if the people they are trying to terrorize place terrorism in perspective. Terrorist attacks are going to continue to happen because there are a wide variety of militant groups and individuals willing to use violence to influence either their own or another country's government.

Terrorist attacks are relatively easy to conduct, especially if the assailant is not concerned about escaping after the attack. As AQAP has noted in its Inspire magazine, a determined person can conduct attacks using a variety of simple weapons, such as a knife, axe or gun. And while the authorities in the United States and elsewhere have proved quite successful in foiling attacks over the past few years, any number of vulnerable targets exists in the open societies of the West. Western governments simply do not have the resources to protect everything; not even authoritarian police states can protect everything. This means that some terrorist attacks invariably will succeed. How the media, governments and populations respond to those successful strikes will shape the way the attackers gauge their success. Obviously, the response to 9/11 meant the attackers probably were far more successful than they could have hoped. The London bombings on July 7, 2005, after which the British public went to work as usual the next day, were seen as less successful.

The world is a dangerous place. Everyone is going to die, and some people are certain to die in a manner that is brutal or painful. Recognizing that terrorist attacks, like car crashes and cancer and natural disasters, are part of the human condition permits people to take prudent, measured actions to prepare for such contingencies and avoid becoming victims (vicarious or otherwise). It is the resilience of the population and their perseverance that determine how much a terrorist attack is allowed to terrorize. By separating terror from terrorism, citizens can deny the practitioners of terror the ability to magnify their reach and power.

Read more of Stratfor's excellent series on the fundamentals of terrorism below:

Click here for The Myth of the End of Terrorism.

Click here for Detection Points in the Terrorist Attack Cycle.

Click here for Detecting Terrorist Surveillance.

Click here for A Practical Guide to Situational Awareness.

Click here for Jihadism in 2012: A Persistent, Low-Level Threat.

Read more: Keeping Terrorism in Perspective | Stratfor

Information Security Breaches 2012 - Questionnarie

2012-03-20T12:20:00.001+00:00

Research is currently being undertaken to identify information security breaches for 2012. Below is a link to a questionnaire, this is being conducted by infosecurity - Europe, in association with the department for Business, Innovation and Skills (BIS) and PricewaterhouseCoopers LLP.

Questionnaire Link - Click here

Last year I went to the infosecurity EUROPE conference and exhibition and I have to say the presentation and format of the exhibition is very good and was probably the best large scale exhibition I visited. It's on the same time as Counter Terror Expo 2012 and although very different is well worth going along if you like security technologies of a differing sort.

Olympics 2012 Security: Welcome To Lockdown London

2012-03-13T21:23:00.000+00:00

This is a long article but well worth a read....

London 2012 will see the UK's biggest mobilisation of military and security forces since the second world war and the effects will linger long after the athletes have left.

By Stephen Graham
guardian.co.uk, Monday 12 March 2012 20.26 GMT

As a metaphor for the London Olympics, it could hardly be more stark. The much-derided "Wenlock" Olympic mascot is now available in London Olympic stores dressed as a Metropolitan police officer. For £10.25 you, too, can own the ultimate symbol of the Games: a member of by far the biggest and most expensive security operation in recent British history packaged as tourist commodity. Eerily, his single panoptic-style eye, peering out from beneath the police helmet, is reminiscent of the all-seeing eye of God so commonly depicted at the top of Enlightenment paintings. In these, God's eye maintained a custodial and omniscient surveillance on His unruly subjects far below on terra firma.

The imminent Olympics will take place in a city still recovering from riots that the Guardian-LSE Reading the Riots project showed were partly fuelled by resentment at their lavish cost. Last week, the UK spending watchdog warned that the overall costs of the Games were set to be at least £11bn – £2 bn over even recently inflated budgets. When major infrastructure projects such as Crossrail, speeded up for the Games, are factored in, the figure may be as high as £24bn, according to Sky News. The estimated cost put forward only seven years ago when the Games were won was £2.37 bn.

With the required numbers of security staff more than doubling in the last year, estimates of the Games' immediate security costs have doubled from £282m to £553m. Even these figures are likely to end up as dramatic underestimates: the final security budget of the 2004 Athens Olympics were around £1bn.

All this in a city convulsed by massive welfare, housing benefit and legal aid cuts, spiralling unemployment and rising social protests. It is darkly ironic, indeed, that large swaths of London and the UK are being thrown into ever deeper insecurity while being asked to pay for a massive security operation, of unprecedented scale, largely to protect wealthy and powerful people and corporations.

Critics of the Olympics have not been slow to point out the dark ironies surrounding the police Wenlock figure. "Water cannon and steel cordon sold separately," mocks Dan Hancox on the influential Games Monitor website. "Baton rounds may be unsuitable for small children."

In addition to the concentration of sporting talent and global media, the London Olympics will host the biggest mobilisation of military and security forces seen in the UK since the second world war. More troops – around 13,500 – will be deployed than are currently at war in Afghanistan. The growing security force is being estimated at anything between 24,000 and 49,000 in total. Such is the secrecy that no one seems to know for sure.

During the Games an aircraft carrier will dock on the Thames. Surface-to-air missile systems will scan the skies. Unmanned drones, thankfully without lethal missiles, will loiter above the gleaming stadiums and opening and closing ceremonies. RAF Typhoon Eurofighters will fly from RAF Northolt. A thousand armed US diplomatic and FBI agents and 55 dog teams will patrol an Olympic zone partitioned off from the wider city by an 11-mile, £80m, 5,000-volt electric fence.

Beyond these security spectaculars, more stealthy changes are underway. New, punitive and potentially invasive laws such as the London Olympic Games Act 2006 are in force. These legitimise the use of force, potentially by private security companies, to proscribe Occupy-style protests. They also allow Olympic security personnel to deal forcibly with the display of any commercial material that is deemed to challenge the complete management of London as a "clean city" to be branded for the global TV audience wholly by prime corporate sponsors (including McDonald's, Visa and Dow Chemical).

London is also being wired up with a new range of scanners, biometric ID cards, number-plate and facial-recognition CCTV systems, disease tracking systems, new police control centres and checkpoints. These will intensify the sense of lockdown in a city which is already a byword across the world for remarkably intensive surveillance.

Many such systems, deliberately installed to exploit unparalleled security budgets and relatively little scrutiny or protest, have been designed to linger long after the athletes and VIPs have left. Already, the Dorset police are proudly boasting that their new number-plate recognition cameras, built for sailing events, are allowing them to catch criminals more effectively.

In Athens, the $300m "super-panopticon" CCTV and information system built for the Games following intense US pressure remained after the event, along with the disused sports facilities. In fact, the system has been used by Greek police trying in vain to control the mass uprisings responding to the crash and savage austerity measures in the country.

It is important to remember that all this is ostensibly designed to secure the spectacle of 17,000 athletes competing for 17 days. Even if London's overall security budget remains similar to that of Athens, that works out at the startling figure of £59,000 of public money to secure each competitor or £3,500 per competitor per day. In 2004, the cost in now-bankrupt Athens was £90,000 per competitor (for a smaller number of athletes than are likely to attend London). This was a major contributor, as part of the overall £10bn costs, to Greece's subsequent debt crisis.

In the context of post-austerity Britain, these figures are eye-watering. Even more remarkably, given that Olympics budgets have drawn down from many other public and lottery funds, and are no doubt adding hugely to UK national debt, the Daily Telegraph recently argued that the security operation for the Olympics were "key to aiding the recovery of UK plc".

How can we make sense of this situation? Four connected points need emphasis here. The first is that, amid a global economic crash, so-called "homeland security" industries – a loose confederation of defence, IT and biotechnology industries – are in bonanza mode. As this post 9/11 paradigm is being diffused around the world, the industry – worth $142bn in 2009 – is expected to be worth a staggering $2.7tn globally between 2010 and 2020. Growth rates are between 5% and 12% a year.

The UK, long an exemplar "surveillance society", is especially attractive to these industries, especially when hosting the Olympics. Recent security industry magazines have been full of articles excitedly extolling the Olympics as a "key driver of the industry" or as "keeping the market buoyant".

Nation states, and the EU, are struggling to ensure that their corporations get a piece of the action in markets long dominated by US and Israeli firms. Ramping up surveillance is thus now as much a part of economic policy as a response to purported threats.

The security boom is unaffected, or perhaps even fuelled, by the global crash, as wealthy and powerful elites across the world seek ever-more fortified lifestyles. Essentially, it is about defence and security corporations building huge new income streams by systematically exploiting three linked trends: the lucrative possibilities created by post 9/11 fears; widening privatisation and out-sourcing in the context of deep austerity programmes; and the desire of big city and national governments to brand themselves as secure destinations for major global events.

Booming security markets are so lucrative that accusations of corruption are often made. Siemens, a major security contractor at Athens, allegedly paid huge bribes to get the job from its internal slush fund.

Crucially, though, as Naomi Klein points out in her book The Shock Doctrine, the security boom also involves attempts to diffuse the technologies honed in counterinsurgency and colonial war in places such as Gaza, Kabul and Baghdad – drones, helicopters, data mining, biometrics, security zones, so-called "non-lethal weapons" (devices used to disperse crowds) – to the domestic "global" cities of Asia and the west.

Particular glee that Israeli-style security arrangements are now being widely implemented is evident among the CEOs of large Israeli security and defence contractors, which are doing especially well in the security boom. Leo Gleser is president of ISDS, a company that proudly proclaims that it was established by ex-Mossad agents and which was involved in £200m worth of security contracts for the Athens Games. He talks of "growing tsunamis of violence, criminal acts, and global insecurity triggered by the 9/11 events" which made the "the western world finally understand that measures had to be taken".

Olympics are especially important opportunities to cement the security boom still further. They are the ultimate global security shop windows through which states and corporations can advertise their latest high-tech wares to burgeoning global markets while making massive profits.

"The Olympics is a tremendous opportunity to showcase what the private sector can do in the security space," a Whitehall official was quoted recently as saying in a Financial Times defence supplement. "Not only do you have a UK security kitemark on the product but you've got an Olympic kitemark to boot."

The main security contractor for the London Olympics – G4S, more familiar under its old Group 4 moniker – is the world's largest security company. Beyond its £130m Olympic security contracts, it operates the world's largest private security force – 630,000 people – taking up a myriad of outsourced contracts. It secures prisons, asylum detention centres, oil and gas installations, VIPs, embassies, airports (including those in Doncaster and Baghdad) and infrastructure, and operates in 125 countries.

According to its website, G4S specialises in particular in what it terms "executive style life-support in hazardous environments". (Presumably this refers to Baghdad and not east London.) After buying up the ArmorGroup security company in 2008, it also now runs a large number of operations in Iraq. This month it was announced that G4S will also be the first private security corporation to run UK police stations with over half of Lincolnshire's police force actually moving over to the company.

The second point is that the homeland and Olympic security boom is being fuelled by the widening adoption of the idea of "asymmetric" war as the key security idea among nation states, militaries and corporations. Here, rather than war with other states, the main challenge for states is deemed to be mobilising more or less permanently against vague non-state or civilian threats that lurk within their own cities and the infrastructures that connect them.

In practice, such a shift has massive and troubling implications. As we have seen with the so-called war on terror, it works to dramatically blur longstanding legal, political and ethical lines demarcating war and war-like acts from peace and criminal acts. It also fuses policing, military operations and the intelligence services much more closely as all three seek to build bigger and bigger surveillance operations to try to predict threats, especially those within the vulnerable labyrinths of big cities.

Such an approach translates easily into a deep suspicion of cosmopolitan cities, multi-ethnic populations and the rights of migrant citizens, a process accelerated by the 7/7 atrocities in London the day after the Olympics were announced in 2005.

In May 2011 the Metropolitan Police announced that they were redeploying 290 cameras that had been installed as counter-terror systems in two predominantly Muslim areas of Birmingham to London for the Games. Recently, the Home Office warned Waltham Forest Council – home of part of the Olympic Park – that it is home to a large group of radicalised second- and third-generation Asian Britons who potentially pose a terrorist threat to the Games.

More visibly, this shift means that the familiar security architecture of airports and international borders – checkpoints, scanners, ID cars, cordons, security zones – start to materialise in the hearts of cities. What this amounts to, in practice, is an effort to roll out the well-established architecture and surveillance of the airport to parts of the wider, open city. The "rings of steel" around the City and Docklands in London were early examples of this.

The third explanation for the Olympic security boom is to be found by looking in more detail at how risks are considered in planning the events since the 9/11 attacks. Olympics security operations have grown beyond all recognition since 2000 because they have been shaped by new types of risk assessment.

The symbolic importance and prestige of the Games for cities, nations and corporations has meant that historical ideas of proportionality have basically been abandoned. Instead, as Canadian sociologists Phil Boyle and Kevin Haggerty have shown, security planning has tried to create the impossible illusion of total security by countering all threats, no matter how outlandish, unlikely or nightmarish.

Crucially, all such threats are now deemed equally valid. A model developed by the Rand corporation to help with planning for the London Games outlines in detail 27 possible threat scenarios and the means to counter them. Meeting them helps also to demonstrate the awesome power, and elite status, of the host city or state in the wider world.

This helps account for the ever-more baroque security and surveillance operations surrounding Olympic events. It also helps explain how, under enormous pressure from the US – whose security corporations benefited hugely in the process – the security budget for Sydney ($180m, or $16,000 an athlete) was multiplied eight times for Athens only four years later ($1.5bn and $142,000, respectively). The Beijing operations, in an authoritarian country, not surprisingly eclipsed both Athens and London and came in at a staggering $6.5bn.

The final point is how the security operations of Olympics have major long-term legacies for their host cities and nations. The security preoccupations of Olympics present unprecedented opportunities to push through highly elitist, authoritarian and speculative urban planning efforts that otherwise would be much more heavily contested – especially in democracies. These often work to "purify" or "cleanse" diverse and messy realities of city life and portray existing places as "waste" or "derelict" spaces to be transformed by mysterious "trickle-down effects". The scale and nature of evictions and the clearance of streets of those deemed not to befit such events can seem like systematic ethnic or social cleansing. To make way for the Beijing Games, 1.5 million were evicted; clearances of local businesses and residents in London, though more stealthy, have been marked.

Such efforts often amount in effect to expensive, privatised, elitist and gentrifying projects such as the Westfield shopping centre in Stratford (the first UK shopping centre, incidentally, to have explosives scanners at all entrances).

During the Games themselves, so-called "Olympic Divides" are especially stark. In London, a citywide system of dedicated VIP "Games lanes" are being installed. Using normally public road space, these will allow 4,000 luxury, chauffeur-driven BMWs to shuttle 40,000 Olympic officials, national bureaucrats, politicians and corporate sponsors speedily between their five-star hotels, super-yachts and cordoned-off VIP lounges within the arenas. It has recently been shown that wealthy tourists will be able to enter the VIP lanes by purchasing £20,000 package trips.

Ordinary Londoners, meanwhile – who are paying heavily for the Games through council tax hikes – will experience much worse congestion. Even their ambulances will be proscribed from the lanes if they are not running blue lights.

More broadly, a huge increase in land values tends to benefit only the wealthy property speculators and financiers that are best placed to ride the wave. Already, the Qatar royal family have bought the 1,400 homes of the Olympic village in a deal worth £557m.

Looking at these various points together shows one thing: contemporary Olympics are society on steroids. They exaggerate wider trends. Far removed from their notional or founding ideals, these events dramatically embody changes in the wider world: fast-increasing inequality, growing corporate power, the rise of the homeland security complex, and the shift toward much more authoritarian styles of governance utterly obsessed by the global gaze and prestige of media spectacles.

• Stephen Graham is professor of cities and society at Newcastle University. His latest book, Cities Under Siege, is published by Verso, priced £14.99. To order a copy for £14.99 with free UK p&p, go to guardian.co.uk/bookshop

Police Oracle Latest Cartoon

2012-03-13T09:56:00.001+00:00

Olympic Security: Be Aware and Prepare

2012-03-09T19:55:00.000+00:00

The 2012 Olympic and Paralympic Games will have an impact on security across the whole of the UK. The Games themselves are being held at locations across Britain and at the same time there will be the usual UK Summer events: festivals, Wimbledon, the FI British Grand Prix, etc.

If you work in the private security industry you need to be mindful of what is happening in your area before and during Games time - will you need to provide additional security? Will your business be affected? You need to plan for this now.

Similarly, if you are a security buyer then you need to be aware that there will be an unprecedented call on private security across the UK this summer. You need to make sure that your security provider(s) will be able to supply the cover you need.

SIA Fact Sheet

The full fact can be downloaded here

The SIA has dedicated a section of their website to the 2012 Games. Here you will find some useful information including:

Further details for visitors on safety and security for the games can be found at the London 2012 website

Physical Security - A Visit to Hadrian's Wall

2012-03-06T17:25:00.000+00:00

Richard and I were in area, it would be rude not to visit Hadrian's Wall. Physical Security doesn't get much better then this, 73 miles long, survived for over 2,000 years and only took 6 years to complete!

Counter Terrorism: Potential Indicators of Terrorist Activities or It's Probably Nothing, But....

2012-03-04T14:58:00.004+00:00

'It's probably nothing' but your call could save lives - that's the message of a Metropolitan Police Service (MPS) counter-terrorism publicity campaign which seems to get reincarnated each year. It's supported by radio, poster and 1.4m leaflet drop to households in London.

Overall its actually a good campaign and asks the public to question the norm - just in case it's something much more.

This however compares to the recently publicised FBI campaign which includes these actions as deemed 'suspicious':

Using multiple mobile sim cards
Pays with cash
Communicates using VOIP
Uses encryption
Trying to shield your computer screen from others

Sound familiar? Some of these are basic security measures which I and people I know do, but are we terrorists - I think not! The full details of the 25 FBI campaigns can be viewed here.

So its MPS 1 - FBI 0

In the UK call the confidential

Anti-Terrorist Hotline

At a glance, the story so far at TECH:TOUCHSTONE Information Security Summit

2012-02-28T15:44:00.001+00:00

Today I attended day one of the Information Security Executive Summit delivered by Tech:Touchstone at the Richmond Hill Hotel. This is a summit where practitioners and end users meet in a speed presentation dating environment. An environment I think works quite well if you are considering purchases in the InfoSec application arena.

The day started with the usual introductions and housekeeping by the event Director Russ Morrow @russmorrow then straight into an Opening Keynote on Data Leakage by the Global Head of Information Security at UBS, who may have been lost in translation a little by basically he was saying that although good any Data Leakage tool on their own are useless. It's more about policy, processes, procedures, people, culture, very refreshing. Then we moved onto the PCeU and DI responsible for Industry Liaison who shared with us the background of enforcement input combatting cybercrime.

When attending an event similar to this you have to undertake a number of networking and 1-2-1 sessions with sponsors, which is certainly a fair trade for attending and participating. There is always a constant supply of coffee and it's never the hard sell, so I think most people are happy to trade.

After a break it was the turn of the Information Commissioners Office (ICO) and their principle policy advisor, who and you probably won't be surprised certainly got the attention of those attending supported by a lively discussion.

You can always measure a summit or conference by the facilities, presenters and food provided and so far Tech: Touchstone haven't disappointed. Mini Fish and Chips on offer, I might be easily pleased but that gets my vote straight away.

Coming up in the afternoon session are speakers from The BIG Lottery Fund talking mobile working and closing with the Head of Information Security from Oxfam. More to follow, but so far very impressed on day one, day two can go either way but that's down to me as I'm presenting in the afternoon on security risk, assurance and what type of things affect me from a very noon technological int of view.

Of course before any of that is drinks, more networking And a gala dinner as organised and prepared by the renowned chef Brian Turner who retweeted one of my earlier tweets saying I was looking forward to dinner tonight and that was about 10am in the morning.

More to follow but for now if you want to follow proceedings at the summit search and follow #techtouch on twitter.

Catch up soon. Richard

Posted using BlogPress from my iPad

Signcraft are Gloucestershire's oldest
and most respected sign makers

Press Release - Tech:Touchstone: Information Security Executive Summit 2012

2012-02-20T20:12:00.000+00:00

I am attending and presenting at the following Information Security Summit. The organisers contacted me today and asked if I could share today's Press Release. Please see below the composed release for the Information Security Summit that I will no doubt talk more about before, during and after.

Tech:Touchstone announces its 3rd Annual Information Security Executive Summit from the 28th - 29th February at the Richmond Hill Hotel. The 3rd Annual Information Security Executive Summit will cover the critical issues and considerations that Information Technology and Information Security leaders need to be mindful of when planning their IT strategy for 2012 and beyond.

Speakers at the event include: Tony Hird, Chief Technologist at British Airways Plc, Christophe Gabioud, Global Head of IS at UBS Investment Bank, and Michael Paisley, Head of IS, DP & Business Resilience at Santander UK Group. Each speaker will bring their unique take on how their business implements Information Security Strategy and Technology on a daily basis, as well as the major trends to look out for in 2012.

The summit brings together the most decision ready Senior IT Executives, the foremost Analysts and Vendors in the Information Security Technology Community to network, discuss and learn about the latest developments in Information Security. It has proved crucial for many businesses to assess their current technological standing and build new relationships and alliances in markets which rely more and more heavily on technology for day to day business process.

“We are excited to host such a high level group of thought leaders in the Information Security space representing some the UK’s largest organisations” said Simeon Turner Managing Director of Tech:Touchstone, “The new threats created by increased workforce mobility and the move to cloud infrastructures is forcing constant reassessment of key strategies. We look forward to facilitating an engaging debate!”

The Information Security Executive Summit 2012 will look to build upon previous year’s success of bringing the best in business together to formulate and build new partnerships. Sponsors of the event include: Symantec, TrendMicro, Imperva, Caretower, Netwrix, FoxT and Loghythm

About Tech:TouchStone

Tech:Touchstone creates business-to-business events, with its latest event being the Information Security Executive Summit on the 28th-29th February, for the IT sector where face-to-face communication is paramount to fully understand complex issues, solutions and value propositions.

The company's portfolio of events focuses on areas of strategic industry debate and growth market sectors, with the aim of creating a collaborative learning environment for time-poor IT executives and to facilitate high value, quality interactions between all participants.

If you’re interested in attending this event or any other please contact the Tech:Touchstone team on 0208 166 4390 and follow them on Twitter @TechTouchstone

Job Opportunity: Head of Security - Olympic Park Legacy Company

2012-02-01T21:10:00.000+00:00

Head of Security

Comprehensive Benefits Package + Local Government Pension Scheme

Salary: £68,058 per annum

2 Year Fixed Term Contract

Role based in East London

Harnessing the energy and investment from the London 2012 Olympic and Paralympics Games, the Olympic Park Legacy Company will oversee the transformation of the Olympic Park into a thriving new community over the next three decades.

In order to achieve our vision, we are now looking to recruit an exceptional and dynamic Head of Security within our Park Operations and Venues directorate.

The Head of Security will be responsible for the development and implementation of robust security strategies, programmes and arrangements across the Queen Elizabeth Olympic Park, including interaction with venues and events. This is a key role in creating and maintaining a new destination for London, with a quality park, incorporating world-class venues and events at its heart.

You will develop and maintain strong relationships with the Metropolitan Police on a London-wide basis and at a local borough level. You will work closely with key stakeholders and be aware at all times of any security threats or matters that may affect the Park, its infrastructure and venues.

You will have an appropriate security background and understanding, and possess first class communication skills to engage with all security personnel working across the Park with various operators and working within the agreed Company strategy in an appropriate and collaborative manner.

To apply for this position please download an application pack below and email your completed application to:humanresources@legacycompany.co.uk

Aternatively, you can post it to us at our address as detailed on our Contact Us page. Please state ‘FAO: Human Resources’ on the envelope. Please note CVs will not be accepted.

Interviews are anticipated on 23^rd February 2012.

The closing date for this position is 5pm on 15^th February 2012.

More details can be found on the Olympic Park Legacy Companies website

Resources

Job Description

Application form

Equal Opportunities form

Chatback Security's Word Cloud - Physical Security, Personnel Security and Information Security

2012-01-30T22:21:00.001+00:00

Security Threat Report 2012 - Hacktivism, Cybercriminals and Malware

2012-01-30T18:07:00.000+00:00

Foreword by Gerhard Eschelbeck, CTO, Sophos

Over the past year we in the IT security industry have seen a growing awareness of the work we do.

In 2011, a number of highly visible cyberattacks made news headlines around the world, but the underlying problem affects us all. It seems that the cybercriminals are getting bolder in their attacks as the availability of commercial tools makes mass generation of new malicious code campaigns and exploits easier. The net result has been significant growth in volume of malware and infections.

And for 2012, I anticipate growing sophistication in web-borne attacks, even broader use of mobile and smart devices, and rapid adoption of cloud computing bringing new security challenges.

The web will undoubtedly continue to be the most prominent vector of attack. Cybercriminals tend to focus where the weak spots are and use a technique until it becomes far less effective. We saw this with spam email, which is still present but less popular with cybercriminals as people deploy highly effective gateways. The web remains the dominant source of distribution for malware —in particular malware using social engineering, or targeting the browser and associated applications with exploits. Social media platforms and similar web applications have become hugely popular with the bad guys, a trend that is only set to continue.

Click above image to read
full the report

The rapid inflow of consumer-owned smartphones and tablets is causing significant security challenges for many organizations. IT departments are being asked to connect devices to corporate networks and secure data on these devices, which they have very little control over. Due to the high degree of mobility, security requirements are plentiful, including enforcement of use policies, corporate data encryption, access to corporate networks, productivity/content filtering, and of course malware protection. The unique nature of modern form factors (in terms of processing power, memory, battery life) requires rethinking of security and defense mechanisms.

Cloud computing is one of the most significant revolutions in delivering software applications to users, and can significantly improve the effectiveness and manageability of security solutions—web security, data protection, or even endpoint and mobile security managed via the cloud are great examples. The service model takes the burden of managing applications away from the user, but introduces new issues of security and privacy for data at rest and in transit.

Protecting data in a world where systems are changing rapidly and information flows freely introduces a whole new set of people, process and technology challenges, reinforced by enhanced scrutiny by compliance and regulatory bodies. As we all radically reform the way we communicate and share data, we can expect cybercriminals to hook themselves into these systems to tout their nasty malicious code.

With this edition of the Sophos Security Threat Report, we want to share our latest research on hacktivism, online threats, mobile malware, cloud computing, and social network security. And we offer a look ahead to the coming year.

Best wishes,

Gerhard Eschelbeck

CTO, Sophos

What do you do when your twitter account has been compromised.

2012-01-28T21:12:00.001+00:00

Like most out there I have received lots of DM's from twitter followers recently that would either not usually contact me or that are not following me. Now, I don't believe my account has been compromised and up until yesterday I didn't do anything about others that had contacted me. On Friday though I received a couple of DM's from a family relation telling me I should see what others have been writing about me on twitter, this caused me alarm as I know they would not be bothered what was said about me, but I spoke to them and advised them they should change their password and check to see if their twitter account had been used to authorise other applications as a bit of a starter for 10. But, today I received a mail-shot from and saw the Naked Security twitter feed giving the best information I have seen so far. So I thought i'd share it, thanks to all at Naked Security as always very helpful and relevant information.

Best Regards Richard

@securityspeak

Orginal Source: Naked Security : Many Naked Security readers email our tips email account every day asking for help when their online accounts are compromised.

I thought it might be a good idea to provide a step-by-step guide to recover from some common attacks people fall victim to, beginning with Twitter.

There are two primary methods for your Twitter account to become compromised. Either you authorized a malicious application to connect to your account, or your password was guessed/stolen.

The first thing to do as soon as you notice a problem is to scan your system with an up to date anti-virus product to be sure your machine isn’t infected and doesn’t have a keylogger installed. Next you need to set a new password. As always we recommend selecting a strong password that is unique for each website.

If mixing numbers, letters, punctuation and case is too complicated (because you aren’t using a password manager) then the most important thing to remember is that size *does* matter. Going long is better than something short with a number on the end.

Then you should review the applications you have granted access to your Twitter account. To view the list log in to Twitter, select your account in the upper-right corner and choose settings, then click on the Applications tab.

You’ll notice this account has a rogue application installed, Your Profile Views, that has already been suspended by Twitter.

You could just revoke access to any applications you don’t trust, but I recommend starting over and revoking all of them. You can simply reauthorize any applications you are actually using as you need them.

The last step is to tweet out an apology to your friends and be sure to alert the Twitter team by sending a message to @safety.

To stay aware of the latest scams and warnings, it is a good idea to follow @safety as well as @NakedSecurity, and even @spam if you wish to stay abreast of the latest spammer activity.

Often corporate accounts can fall victim to hackers, most often from insecure choice of passwords and the need for multiple people to be able to tweet from the accounts to maintain 24/7 coverage.

There are some great solutions that can help you ensure the shared account has a good password without needing to share it.

Services like GroupTweet and HootSuite allow you to delegate tweeting to other user accounts and even moderate tweets before they are posted (in the paid versions).

This won’t prevent your employees from choosing a poor password for their own account, but with the moderation feature you can prevent any damage to your brand by accepting a bit of management overhead.

I hope this is helpful to those of you who need to recover your Twitter accounts and for those of us who have to help bail out our friends when they are in trouble.

I will continue to update this article with any additional insights posted in the comments and keep it as a living post.

Mobile Phone Hacking and How To Prevent It

2012-01-24T09:53:00.000+00:00

Mobile phone hacking isn't a new phenomenon it has been taking place for years, it normally occurs via two methods:

Voicemail hacking – somebody remotely listening to your phone’s voicemail messages

Data hacking – somebody viewing or stealing information stored on your phone (or a PC based backup), such as phone numbers, bank account details and emails.

Celebrities have been the main targets for the mobile phone hacks because that apparently sells newspapers but fraudsters will also target us 'normal' people to obtain our sensitive data so as they can commit fraud or to sell the data on.

Voicemail hacking is an invasion of privacy but what information can really be obtained from a left message (?), well really that depends on the person leaving it I suppose....

Hackers can get away with such simple access thanks to a massive flaw, namely that public voicemail systems don't record the numbers from which the service is being accessed, only the time of access. This alone would make simple voicemail hacks harder to execute by leaving a trail of evidence of access.

Some simple preventive measures are:

Voicemail hacking normally takes place via the system that allows you to listen to your messages when you don't have your mobile with you or your away from home. This is normally via a land line number (or your own land line number if its a home based answer phone system) and then you enter a security pin to listen to your messages however most people never change their pin from the default which is normally 1234 or 0000. If you don’t change this pin code then a phone hacker could potentially listen to your voicemails by entering one of the default pins. Assuming your new pin is four digits, that allows up to 10,000 possible combinations for a hacker to guess, not completely secure but a reasonable start.

Click the image to read some of
the recent news stories

Data hacking is a significant risk as most of us now walk around with the same amount of data storage in our mobiles as our PCs are capable of holding at home. To minimise the risk of your mobile data falling into the wrong hands you could try the following:

Be careful where you store sensitive information - for example don't use a non secure 'notes' type app to store your credit card, bank account or pin codes in. Use a secure (password/pin protected) app or better still don't store this type of information anywhere!
Avoid public wi-fi – Avoid checking emails, logging into mobile banking sites and accessing private information when your phone is connected to public wi-fi such as those in coffee shops – as these are often insecure.
Set a phone password – If your phone’s lost or stolen then a password could stop a data hacker in their tracks.
Turn off Bluetooth – When you’re not using Bluetooth always turn it off as hackers could use the wireless connection to gain remote access to your phone.
Turn off auto-complete – Some phones save user names and passwords automatically to help you log-in faster next time, but this could also help a hacker access your personal data. Check your phone’s “Settings” menu to see if it is automatically storing information.
Delete your browsing history – Not seeing a list of which websites you’ve recently visited and the information you’ve accessed might be a little inconvenient, but clearing your mobile phone’s Internet browser history, cookies and cache will make it harder for a hacker to get your data.
Remote locate, lock or wipe - sign up to a 'mobileme - find my iphone' type service that allows you via another authorised device or web page to locate, lock, wipe or send an alert to your lost (or stolen) device. There has been a few good media stories on these services.

The recent stories in the media are not good news for the people who have experienced the hacks but this is only the tip of the iceberg for sure. Accessing people's voicemails has for a longtime been a 'tool' that law enforcement and investigators have utilised to gain intel but thanks to this recent media coverage fraudsters will now jump on the band wagon. You have been warned!

- Posted using BlogPress from my iPhone - which is password protected ;-)

Survey: Crime has risen by 4%, public more satisfied with police and councils

2012-01-23T21:53:00.000+00:00

Original news source: Security News Desk

Crime in the UK rose by 4%, with violent crime up 9%, according to the latest British Crime Survey data.

In the 12 months to September 2011, the period covered by today’s report, crime reported by the survey rose by 4%. This was broken down by:

Vandalism – down 7%
Burglary – up 5%
Vehicle-related theft – up 7%
Bicycle theft – down 8%
Other household theft – up 4%
Theft from the person – up 12%
other theft of personal property – up 14%
All violence – up 9%
All BCS crime – up 4%

British Crime Survey

The survey covers August 2011 when there were significant disturbances in cities across England.

Editor’s view: Let’s help business tackle street crime with CCTV

During the same period of time, the police reported a 4% decrease across all categories of crime. The BCS survey complements data collected from the police and often contradicts police figures. This is because BCS data is based on interviews with individuals and includes incidents which are not reported to the police.

The survey notes an 11% increase in personal crime in the period, but discounts this as a blip and points to data since 2004/05 to claim that crime levels have remained relatively unchanged.

The 9% increase in violent crime was said to be not statistically significant and there is no upward trend in violence, especially in light of an 8% fall in violent crime recorded by police last year and a five-year downward trend.

Meanwhile, robberies of businesses has fallen while personal robbery (street robbery for phones, bags and cash) has risen by 4% according to police figures, supporting the 12% rise noted in the BCS survey. 50% of all street robbery takes place in London where there has been a 13% increase.

And police and councils are getting the credit for beating crime, with 57% of those questioned saying they were doing a good job compared to just over half last year.

Trevor Elliott, director of manpower and membership services, BSIA

Trevor Elliott, director of manpower and membership services of the British Security Industry Association (BSIA), said, ”The quoted reduction in robberies of businesses is certainly encouraging and a testament to the work carried out by the police, the business sector and the private security industry to diminish the incidence of this type of crime. However, commercial crime is still an unwelcome reality and in order to continue reducing its effects on businesses it is essential for all parties to continue working together effectively.

“Businesses should check that their security measures are reliable and up-to-date. CCTV equipment, manned guarding and access control systems such as item tags have time and again proven invaluable in deterring criminals and responding more effectively to offences, but to get the most out of these systems they must be properly installed and monitored and provided by expert and professional security companies.

“The improved effectiveness of the security systems in place will in fact not only deter criminals, but also ensure immediate police response and facilitate the conviction of offenders.”

Links

British Crime Survey

British Security Industry Association (BSIA)

Original news source: Security News Desk

The Cyber Security Challenge - King of The Hill

2012-01-21T22:39:00.001+00:00

I attended one of the 3 stream finals of the Cyber Security Challenge (CSC) ‘King of the Hill’ today. I was kindly invited some months ago as an influential blogger in the security industry which was nice, although Ellie (part of the CSC team), did tell me today that there are not many of us about, but still it was nice all the same!

Today’s event was sponsored by PWC and SAIC, there were proper journalists present from Wired, BBC (Adam Shaw) and City AM.

I was a little apprehensive going into today as Cyber Security is a little out of my area of expertise although the boundaries across security specialisms are constantly becoming blended and we now have to be experts in all disciplines (and HR and Legal and Audit and Risk Management etc etc). By the way the location was perfect with two of the most iconic landmarks in London, the Tower of London and Tower Bridge literally on the door step.

The morning kicked off with a brief presentation about the CSC and then we went straight into a very comprehensive demonstration of the exercise that the candidates would experience later in the day during their competition.

My Cyber expert and ‘ethical hacker’ was Jonathan of PWC, who’s knowledge was impressive, although he had only been in security for a couple of years! He gave me a whirl wind tour of the tools of his trade and I was surprised to hear that the penetration software is easily available and for free apparently! He went on to demonstrate how easy (for him) to compromise and potentially control a series of targets. He also showed me how a ‘password list’ is utilised by a hacker to automatically search for the specific password required to gain access to the chosen target (which I have read about but never seen done in front of me). Our password list contained 1.5m examples of commonly used passwords!

I was also shown how easy it is to hack a SMTP (Simple Mail Transfer Protocol…get me) which ultimately enables the hacker to send emails containing the actual companies domain name. These would appear to be official emails by the person receiving them but may for example contain a piece of Malware or inappropriate images (the implications may be far reaching as experienced by STARTFOR at the end of 2011). It certainly demonstrated to me the importance of simple preventive measures like choosing good passwords and ensuring regular security patching.

During the day I met a number of candidates, some first timers and others who attended last week’s event at Sophos. Most of the candidates I met are current university students with an interest in computers and/or cyber security but with little practical experience. It was good to see people who are in the early stages of their careers and actually have a hunger and eagerness to progress into this industry.

I also had the opportunity to speak to some of sponsors who are security professionals in their right and it was good to exchange ideas and to share best practice (which is exactly why I blog).

I actually came away with more knowledge then I walked in with, however I was truly shocked at just how easy 'hacking' is (with a few free tools and some technical know how of course). As I type this article there are thousands of people all over the world using these tools looking for opportunities and their next potential target.

I even found out what this type of art is called……

Ascii Art!

What I like about the CSC is that it's nurturing talent and raising the profile of a profession which is apparently struggling to attract new talent - but at least they are doing something about it! Will the CSC attract more talent into the industry? Will it uncover new talent? Do we need to continue to protect our national infrastructure and business interests? I think it’s a resounding yes to all of these points and lets hope that the CSC continues to run for many years.

The final takes place in March and the prize list is impressive.

I look forward to watching the BBC programme (and of course if I am in it) and a special thank you goes to Ellie for the kind invitation and your hospitality on the day.

If you want to learn more about the challenge please click on this.

Olympics counter-terrorism training offered to London burger vendors

2012-01-19T21:05:00.000+00:00

Police want licensed mobile traders to help spot suspects who may be looking at potential targets for 2012 Games.

Burger van workers and other licensed mobile traders are being offered free counter-terrorism training to help them spot suspects who might be reconnoitring potential targets in the runup to the Olympics and Paralympics.

The on-street presence of people selling food and drink in London – from ice-cream to baguettes, pizzas and hot dogs – means they are well placed to "contribute to effective surveillance", according to environmental health experts.

The training is being offered by the Metropolitan police and Westminster council and builds on an existing scheme in which business representatives attend courses to get tips on "hostile reconnaissance", what to do in case of an attack – including the 'dos and don'ts of bombs' – and understanding police communications and cordons.

But not all traders will find themselves on the right side of the law. Many will be subject to spot checks to establish that they are operating legally and safely, with those suspected of breaches having their names, dates of birth and nationalities passed to police and the UK Border Agency(UKBA) for investigation of possible criminal links and their immigration status.

Source: The Guardian - click on the link to read more

Comments from Chatback........the total number of people involved in the security operation is apparently around 45,000ish (including 20,000 security guards - an increase from an original figure of 10,000, and 13,000 military personnel, and 12,000+ Police officers (in London)). Not forgetting that these numbers are directly linked to the Olympics and it does not include the additional numbers of security staff that businesses, retailers, offices will automatically add during this busy time. I don't think we should forget that securing the Olympics is costing over £1bn (originally £600m) and with all these big numbers why on earth do we need to train 'burger van workers' in Hostile Recon??

All I can say is that this years IFSEC will not be 'the largest annual security event in the UK' the 2012 Olympics games will be!!