---

CONTENTS:

NEWS HIGHLIGHTS OF THE WEEK:

1. World
2. Africa
3. Americas
4. Asia Pacific
5. Europe
6. Middle East
7. South Asia
8. Cyberterrorism and Information Warfare
9. Finance
10 Human Rights
11. Law and Legal Issues
12. Transportation
13. Weapons of Mass Destruction
14. Recently Published

FEATURE ARTICLE:
The Arte of Phishing (2004)

NEWS HIGHLIGHTS OF THE WEEK

---

1. World

Asia-Pacific Economic Cooperation (APEC), an intergovernmental grouping to facilitate regional economic growth, cooperation, trade and investment, is meeting in Chile, where there have been large anti-globalization and anti-Bush protests. Discussions will focus on opening trade, security collaboration, and ending corruption.
http://www.apec2004.cl/ http://www.apecsec.org.sg/apec.html

"Economic Prospects 2005" from the World Bank finds that many countries are likely to achieve the Millennium Development Goals, but sub-Saharan Africa faces daunting challenges. Developing countries are projected to have growth rates of 6.1 percent this year and just over five percent in 1005 and 1006, compared to overall global growth of four percent this year.
http://web.worldbank.org/WBSITE/EXTERNAL/EXTDEC/EXTDECPROSPECTS/GEPEXT/EXTGEP2005/0,,contentMDK:20279992~menuPK:538178~pagePK:64167689~piPK:64167673~theSitePK:538170,00.html

The Kyoto Protocol to combat global warming will take effect from February 16. http:/unfccc.int/resource/convkp.html In what the Economist magazine refers to as the "canary in the coal mine", the arctic is melting faster than estimated, as are glaciers.
http://www.acia.uaf.edu/
http://www.swissinfo.org/sen/swissinfo.html?siteSect=105&sid=5341903
http://www.nytimes.com/2004/11/09/science/earth/09glac.html
http://whc.unesco.org/

---

2. Africa

Africa's first UN rapid response Disaster Assessment and Coordination team is ready to be deployed across the continent.

Regional leaders of Africa's Great Lakes gathered in their first summit. It culminated in signing the Dar es Salaam Declaration for Peace, Security, Democracy and Development in the Great Lakes. The area is rich in natural resources and has been torn apart by regional conflict for more than ten years.
http://www.africa-union.org/

Burundi's referendum on the draft constitution scheduled for next week has been postponed to December 22.

Ivory Coast is under a UN Security Council arms embargo following the resumption of the civil war, sparked when the Ivorian air force broke the truce by attacking rebels in the north. President Gbagbo says he will not be an obstacle to peace in the country but also believes that rebels must be disarmed by force. African leaders and human rights groups recommend imposing other sanctions as well.

Niger President Tandja won the first round of presidential voting with 40.6 percent of the vote, but with less than an absolute majority a run-off election will be held December 4.

In Nigeria's Plateau state emergency rule has been lifted after six months. That region and the Niger Delta still face threats from gang and militia violence.

Rwanda and Uganda have agreed to conduct joint border security operations to combat drug trafficking, fraud and other cross-border crimes.

Sudan was the main topic of discussion in a UN Security Council meeting held in Nairobi, Kenya. The peace process in the south between the government and the Sudan People's Liberation Army reached a peace agreement that will be signed by the end of the year. However, the disaster in Darfur, now widely acknowledged to be genocide, has eclipsed the good news. Punitive sanctions and a stronger mandate for African union observers have been recommended. Unlike Ivory Coast, the Security Council has been slow to impose a strict arms embargo.

---

3. Americas

Argentina's capital, Buenos Aires, was the scene of a series of bombings against three banks, killing one and injuring another. Responsibility is unknown but coincides with a general breakdown in security that has followed the December 2001 economic collapse.

Colombian legislators have proposed new penalties for paramilitary fighters, including 10-year prison terms for atrocities and asset surrenders. These proposals are part of efforts to reach a peace agreement with the United Self-Defense Forces of Colombia (AUC).

Cuba and Panama have agreed to restore diplomatic ties, severed after Panama's former president had pardoned four Cuban exiles accused of attempting to assassinate Cuban President Castro.

In the US capital, Washington DC, an informant linked to the Federal Bureau of Investigation set himself on fire in front of the White House in despondency over the handling of his case related to money, citizenship and security. The man, Mohamed Alanssi, was from Yemen.

A review of US Postal Service physical security by the Government Accountability Office reports improvements as well as a number of serious vulnerabilities at core facilities.
http://www.gao.gov/cgi-bin/getrpt?GAO-05-48

Venezuelan leading prosecutor Danilo Anderson was killed with a car bomb. He had been investigating the attempted 2002 coup backers.

---

4. Asia Pacific

Australian Secret Service Intelligence Service (ASIS) remit has been expanded beyond intelligence gathering to possible covert actions. Agents will now be allowed to carry a gun. These measures are connected to more aggressive counterterrorism operations.
http://www.smh.com.au/articles/2004/11/14/1100384426894.html

Burma's military junta has begun releasing up to 4,000 people found to have been wrongly imprisoned, including senior National League for Democracy members. Aung San Suu Kyi remains under house arrest but a key leader, Min Ko Naing, who had been imprisoned for 15 years for leading the 1988 student democracy protests, has been freed.

China has apologized for the accidental incursion of its submarine into Japanese waters, saying it was a technical error. In Sichuan province, tens of thousands of farmers staged violent protests against the controversial Pubugou dam project. As a result, at lease one Communist Party official has been dismissed and work on the dam has been suspended.

Indonesia's parliament approved extending a state of civil emergency in Aceh by six months. In Sulawesi a bomb attack last week has led officials to send paramilitary troops to reinforce local security forces.

The Philippines island of Mindanao was the site of renewed military action targeting the Abu Sayyaf Group. The Moro Islamic Liberation Front (MILF) said the attack had hit a group of its members despite a ceasefire with the government being in place. Philippine journalists rallied in protest against escalating attacks against them, following the gunshot death of a radio journalist - the tenth such victim this year.

Thailand's King and Queen have appealed for an end to violence in the south. King Bhumibol Adulyadej warned that unchecked violence could lead to ruin. There is pressure on Prime Minister Thaksin to control heavy-handed tactics and widespread police abuse that has helped fuel the sectarian unrest.

---

5. Europe

Four Belgian political leaders received death threats and a Jewish man was shot dead. Investigations into the incident include investigating possible bias or religious fundamentalism to see if there are any connections to the recent violence in the Netherlands.

Czechs and Slovaks marked the 15th anniversary of the Velvet Revolution against Communist rule. In connection with this, the National Security Archive in the US has released the inaugural volume of the new Vaclav Havel Library.
http://www2.gwu.edu/~nsarchiv/NSAEBB/NSAEBB141/index.htm

Macedonia's Prime Minister Hari Kostov has resigned over the blocked reform process.

Russian President Putin said they are willing to resolve the dispute with Japan over the Kuril islands seized in WWII. He suggested they may cede two of the four islands, though Japan is likely to insist all four be returned.

Spain's banned Basque separatist party Batasuna offered to negotiate an end to the 25-year conflict but the government rejected the proposed talks since the proposal included no call for the armed separatist group ETA to explicitly renounce violence.

Birmingham, England marked the 30th anniversary of the 1974 pub bombings that killed 21 and injured 182. It was one of the worst Irish Republican Army (IRA) attacks on the mainland.

---

6. Middle East

In Egypt at the border with Gaza and Israeli tank opened fire on Egyptian police, killing three. Egypt issued a strong protest. Israel has apologized and opened an investigation.

In Gaza, Mahmoud Abbas (Abu Mazen) the acting chairman of the Palestine Liberation Organization and likely Arafat successor was caught up in a shooting fracas in a mourning tent where he was accepting condolences over Yasser Arafat's death. One of Abbas' security guards was killed. Also in Gaza, Israeli forces shot dead a Palestinian officer.

The Paris Club creditor nations have agreed to forgive 80 percent of Iraq's debts to them -- about a quarter of total debts. This is a needed boost to a country whose infrastructure requires major reconstruction. The US army operation in Fallujah, the "city of mosques" is focused now on specific areas of resistance remaining in the city. During the operation more than a thousand fighters were captured, all but some five percent Iraqi. Clashes in Baghdad, Mosul and elsewhere around the country continue unabated.

Saudi Arabian security forced engaged in a shootout with wanted militants, killing one officer. Five suspects, including two alleged al Qaeda, were arrested.

In Jenin, West Bank, Israeli have completed more than two weeks of operations in which 25 Palestinians were arrested, nine killed, and 25 wounded, and have now withdrawn.

Palestinian Authority elections for president are scheduled for January 9.

---

7. South Asia

The Afghanistan Opium Survey 2004 paints a disturbing picture of a failed state rapidly degenerating into narco-terrorism. Opium cultivation rose by 64 percent this year, providing 87 percent of the world's supply despite bad weather and disease. One in ten Afghans work in the opium trade that makes up 60 percent of the gross national product.
http://www.unodc.org/pdf/afg/afghanistan_opium_survey_2004.pdf
http://www0.un.org/apps/news/story.asp?NewsID=12573&Cr=afghan&Cr1=

The Indian state of Manipur has been unsettled since security forces used the Armed Forces Special Powers Act to justify their abusive murder of a local woman. Prime Minister Singh has begun a visit to the area where a general strike is planned to put pressure on the government to withdraw the law that had been designed to fight insurgents.

A thousand Indian soldiers withdrew from Kashmir. India said it was a response to declining separatist violence. Pakistan welcomed the move as an important step to reduce tensions. However, India has rejected Pakistan's suggestion that all measures, including redrawing boundaries, should be considered.

In clashes with Maoist rebels, six Nepali security personnel were killed. The army claims 30 rebels were killed. In another attack a landmine killed eight policemen.

Pakistani police have shot dead Asim Ghafoor, who was wanted in connection with the 2002 kidnap/murder of journalist Daniel Pearl. A bomb, possibly linked to crime, set off at a cinema in the North West Frontier Province killed two and injured 29.

Sri Lanka has reinstituted the death penalty for murder, rape and drugs trafficking, ending a 30-year moratorium. The move follows the murder of a high court judge and his bodyguard. Tamil Tigers also killed an intelligence officer and informant - an event the government said violated the ceasefire.

---

8. Cyberterrorism and Information Warfare

Two critical Windows vulnerabilities have emerged from several unfixed security bugs.
http://secunia.com/advisories/13191/
http://secunia.com/advisories/12959/

The newest version of the Sober virus family (W32.Sober.I@mm) has the ability to regenerate itself if some parts on the infected machine are not deleted.
http://securityresponse.symantec.com/avcenter/venc/data/[email protected]

US Immigration and Customs officials raided three locations of an open-air false document sales operation, arresting 29. Seized documents included fake alien registration cards ("green cards"), fraudulent employment authorization cards, and fraudulent Social Security cards. It was part of the ongoing "Operation Card Shark".
http://www.ice.gov/graphics/news/newsreleases/articles/111804docoperation.htm

Verisign's Internet Security Intelligence Briefing reports that increased financial rewards and sophistication are responsible for a rise of security incidents of 150 per cent relative to the same period last year. They warn of growth in hybrid attacks.

---

9. Finance

The consequences of failing to address basic AML/CFT measures continue to unfold at Riggs Bank. Third quarter losses are attributed to legal fees and fines; the Federal Reserve will likely not approve the next trust-preferred securities payment; and criminal investigations have extended to Chile and Spain. Terence O'Hara of The Washington Post provides excellent coverage of these matters; start with this and follow the links:
http://www.washingtonpost.com/wp-dyn/articles/A63814-2004Nov19.html

The US Treasury's Office of Foreign Assets Control (OFAC) added seven businesses and 16 individuals to its list of Specially Designated Narcotics Traffickers (SDNTs). They are believed to be fronts for Colombian drug lords Miguel and Gilberto Rodriguez Orejuela and a vital part of their organization's financial network in Colombia and abroad.
Press release: http://www.treas.gov/press/releases/js2106.htm
Diagram of the named businesses: http://www.treas.gov/press/releases/js2107.pdf

OFAC also adopted a licensing policy to authorize US suppliers to engage in certain transactions with Colombian Government-controlled entities designated SDNTs. Previously part of the Cali drug cartel, the eligible companies are Cooperativa Multiactiva de Empleados de Distribuidores de Drogas Copservir Ltda., Cooperativa Multiactiva de Comercializacion y Servicios Farmacoop (FARMACOOP) and Cooperativa de Cosmeticos y Populares Cosmepop (COSMEPOP). http://www.treas.gov/press/releases/js2102.htm

Britain's Financial Services Authority has published "Countering Financial Crime Risks in Information Security". It reviews industry practices and standards and finds that, "Although financial losses to firms and customers were found to be low, firms could do more to address the potential risks rather than responding to attacks once they have occurred. The report highlights the need for senior management to take on responsibility for information security which includes the need for firms' defences to be continuously reviewed and updated to keep on top of the increasingly sophisticated methods used by criminals". http://www.fsa.gov.uk/pubs/press/2004/095.html

Addressing one of the topics in the FSA report, Javelin Strategy and Research has published the Identity Fraud Scorecard, recommending the banking industry implement basic online identity fraud mitigation techniques of prevention, detection and resolution to help address security gaps found at even some of the largest institutions. In particular, email alerts of unusual account activity are recommended and, Javelin reports, are highly valued by customers.
http://www.javelinstrategy.com/reports/

---

10. Human Rights

The Coalition to Stop the Use of Child Soldiers has released its 2004 Global Report. It finds that children under the age of 18 have been used in 22 conflicts over the last three years. New conflicts in Ivory Coast and Sudan alone have drawn in over 25,000. The children have been used as informants, spies, messengers, and executioners - and if they did not comply were tortured or killed. Even in developed countries the problem has not been eliminated, with Australia, the UK and the US all recruiting underage soldiers.
http://www.child-soldiers.org/resources/global-reports

The US Supreme Court overturned the death sentence imposed by a Texas court against LaRoyce L. Smith. The Court's majority felt the evidence was so clear they did not hold hearings and instead rebuked Texas for having disregarded his learning disability and other evidence that offered mitigating factors. Texas law at the time required a mandatory death sentence if the jury found the killing was deliberate and the defendant presented a continuing threat.
http://www.supremecourtus.gov/opinions/04slipopinion.html

The International Day of Tolerance was marked on November 16.
http://www.un.org/depts/dhl/tolerance/

---

11. Law and Legal Issues

Abdeladim Akoudad, a Moroccan, has been detained in Spain on suspicion of membership in the Dutch Islamic militant cell believed involved in the death of Dutch filmmaker Theo Van Gogh.

Tayseer Alouni, a well-known Spanish reporter, has been re-arrested. No explanation was provided but he had previously been charged with fundraising for al Qaeda.

Rahman Camili ("Barok") and Rio Dimson Manamba ("Bobot") were arrested in the Philippines in connection with the Davao bombings last year in which 38 people were killed and more than 150 injured. The Moro Islamic Liberation Front (MILF) says the two men are members of the group but were not involved in the attack or connected with Jemaah Islamiah, who is believed responsible for the attack.

Fatmir Limaj, Haradin Bala and Isak Musliu have gone on trial in the international tribunal for alleged war crimes in Kosovo in 1998. The three members of the Kosovo Liberation Army are the first Kosovo Albanians so tried.

"El Gitanillo" ("The little gypsy"), a 16-year-old Spanish boy (whose real name cannot be given because he is a minor), has been sentenced to six years prison for helping obtain explosives used in Madrid's March 11 train bombings. Eighteen other suspects have been charged.

"Gothard L" was arrested in Switzerland under an international arrest warrant issued in Germany. The German engineer joins two other suspects arrested in connection with aiding Libya to develop nuclear weapons.

Osama Nazir, a leader of Jaish-e-Muhammad (Army of Muhammad) was arrested in Pakistan for involvement in a grenade attack on a church that killed five people, including the wife and child of an American diplomat.

The Center for Justice and Accountability has filed suit on behalf of Mohamed Ali Samatar and Yusuf Abdi Ali, Somalis residing in the US, for alleged involvement in human rights violations during late Somali President Barre's military regime.

Goran Stojkov, Aleksandar Cvetkov, Boban Utkovski (all connected with security) and businessman Mitko Kikerkov are on trial in Macedonia for falsifying a terrorism raid in which six innocent Pakistanis and an Indian were killed solely to bolster Macedonia's standing in the "war on terror". The plot mastermind, former interior minister Ljube Boskovski, fled Macedonia and now awaits trial in Croatia.

Joseph Terrence Thomas ("Jihad Jack") has been arrested in Australia for allegedly supporting al Qaeda.

---

12. Transportation

The US Transportation Security Administration (TSA) launched the prototype phase of the Transportation Worker Identification Credential, a biometric ID card.
http://www.dhs.gov/dhspublic/display?content=4120

TSA also announced they are accepting applications from commercial airports that want to participate in the Screening Partnership Program that allows private airport security screeners. http://www.tsa.gov/public/display?theme=44&content=09000519800e0a74 In connection with this plan, the Government Accountability Office published "Preliminary Observations" on it.
http://www.gao.gov/cgi-bin/getrpt?GAO-05-126

The International Maritime Bureau reports on sustained piracy at the oil port of Balikpapan, Indonesia. In just the last week there have been three attacks.
http://www.iccwbo.org/ccs/imb_piracy/weekly_piracy_report.asp

The 14th Mariner and the Maritime Seminar looked at "The Criminalization of the Seafarer". http://www.neni.org.uk/brochure_2004.pdf The topic is covered in the Shiptalk Newsletter:
http://www.shiptalk.com/newsletter.html

US Secretary of Defense Rumsfeld toured the Panama Canal, praising its security. http://www.defenselink.mil/news/Nov2004/n11142004_2004111404.html

---

13. Weapons of Mass Destruction

Shortly after Iran reached agreement with the EU to suspend its uranium enrichment program as of November 22, the US alleged that Iran was rushing to produce large amounts of bomb-grade materials and that the EU was being duped. Outgoing Secretary of State Powell reported intelligence findings based on a classified unvetted single source and dissidents. The US insists this proves that Iran has a hidden nuclear weapons program. The International Atomic Energy Agency has found no such evidence and is treating these allegations with extreme caution. IAEA does believe that Iran has continued and possibly accelerated enrichment prior to the deadline. The EU-brokered agreement includes provision that should Iran break its pledge the matter will be referred immediately to the Security Council.
http://www.washingtonpost.com/ac2/wp-dyn/A61079-2004Nov18 http://www.iaea.org
http://www.state.gov/r/pa/prs/dpb/2004/38400.htm

Russian President Putin announced they are developing a unique nuclear missile system, unlike anything held by any other nuclear state and that this would give Russia a nuclear edge for at least the next few years.

Richard L. Garwin details " Holes in the Missile Shield: The national missile defense now being deployed by the U.S. should be replaced with a more effective system" in Scientific American:
http://www.sciam.com/article.cfm?chanID=sa006&colID=1&articleID=000A45A2-E044-115D-A04483414B7F0000

"Resuscitating the Bioweapons Ban" from the Center for Strategic and International Studies and other experts says that international compliance with the Biological Weapons Convention can be routinely monitored and outlines a detailed plan of how this could be accomplished.
http://www.csis.org/isp/041117_Bioweapons.pdf

---

14. Recently Published

Dan Bortolotti, "Hope in Hell: Inside the World of Doctors Without Borders" Firefly
Committee of Sponsoring Organizations of the Treadway Commission (COSO) ERM Framework.
http://www.coso.org/

Leon Goldensohn, Robert Gellately, "The Nuremberg Interviews: An American Psychiatrist's Conversations with the Defendants and Witnesses" Knopf

Max Hastings, "Armageddon", Knopf

Michael Kater, "Hitler Youth" Harvard University Press

Institute of Directors. "The Handbook of International Corporate Governance: A Definitive Guide" Kogan Page
http://www.kogan-page.co.uk/asp/bookdetails.asp?key=4138

Michael Mann, "The Dark Side of Democracy: Explaining Ethnic Cleansing" Cambridge University Press

Jessica Warner, "John the Painter: Terrorist of the American Revolution" Thunder's Mouth

---

FEATURE ARTICLE: The Arte of Phishing (2004)

When William Samuel wrote The Arte of Angling (1577) no one could have foreseen that the skill of luring and hooking a fish would be adopted in such a radically different environment today, but modern phishing frauds leverage many of the same finely honed skills.

The idea that hackers were fishing for passwords and other sensitive information on the Internet dates at least as far back as 1996. The use of phishing is a common substitute for the letter f, dating back to the original phone phreaks like John Draper. His nickname, "Captain Crunch", came from his use of the whistle given as a prize in boxes of cereal of the same name to mimic phone (another ph) signals.

In its earliest incarnations, this hunting took effort on the part of the hacker, who had to hunt for vulnerabilities that would open the desired secrets. But when technology can substitute for hard work, the criminal tends to get there first.

The first technique to emerge was called spoofing. Spoofing occurs when a user receives email that appears to be from one source when it actually was sent from another. This tactic attempts to fool the user into a response that could include providing a password or other sensitive information.

Spoofing takes advantage of two attributes. First, the internet protocol Simple Mail Transfer Protocol (SMTP) has no authentication. If an address is correctly formatted it is accepted. Web browsers, software flaws, and other mechanisms also allow people to substitute addresses. Second is human nature or, in technical terms, social engineering.\

This combination of technical and human vulnerabilities, leveraging the successful tricks used by virus writers, has led to the extraordinary growth in one of history's most successful frauds: phishing.

Phishing began last fall when criminals registered lookalike domain names. They could contain slight spelling errors or falsify subdomains. For instance, a company could register icheatyou.com and by prefixing it with a known domain could trick a person into believing a web site or email could be trusted. Websites began to match these false domains, eventually becoming so sophisticated they looked identical to the genuine site. Taking advantage of a number of software flaws, the criminal could attach a pop-up, such as a fake log-in box, to the genuine website, making it extremely difficult to detect the fraud. (The Washington Post has an informative phishing test that demonstrates this difficulty.) To further leverage human nature, once entering the required information a victim will be redirected to the original site, reinforcing the notion of trust when in fact s/he has been roundly swindled.

There is almost no limit to the number of sites that have attracted phishing frauds. Financial services sites have become the favorite, as shown in these recent examples from The Anti-Phishing Working Group (APWG):

No one is immune. Regulatory authorities have been spoofed and even US presidential candidate Kerry's website was used to skim campaign donations. Most recently, entire fake stores and services companies have been set up. Websense identified fraudulent pharmacy, banks, mortgage and loan websites as the most popular scams, lasting an average of 8.5 days, which is longer than phishing sites.

Phishing is so successful that it can result in a five- percent response rate. That's a lot of personal information and contributes significantly to the identity theft epidemic. Gartner Research estimates that "57 million Americans likely have received these fraudulent e-mails.... Direct losses from identity theft fraud against these phishing attack victims cost U.S. banks and credit card issuers about $1.2 billion last year.... 30 million adult Internet users believe they have definitely experienced a phishing attack, and another 27 million believe they have observed what looked like a phishing attack."

APWG latest activity trends report highlights 1,142 active phishing sites reported in October; a 25 percent growth rate in the last quarter; 44 brands hijacked; the USA hosted the most sites; average time online for a site 6.4 days and longest 31 days.

Given the scale of the problem, it's important to take all practical measures to avoid being phished. The links below point you to detailed information, but here are some key tips.

For Companies:

For Individuals:

Additional Resources:

---

HOW TO CONTACT US:

Please contact us with your questions or comments by sending email to .

We look forward to hearing from you.
Editorial Team
TerrorismCentral
All Rights Reserved. Copyright © 2004 by TerrorismCentral.