Djibouti: Regional Security News Briefing

Djibouti (HAN)(HAN) June 26.2016. Public Diplomacy & Regional Security News. Top Security News Brief.

1- Updated Security Note: Again Al-Shabaab Killers killed innocent civilians after gunmen storm Somalia hotel known as “Naaso hablood”

Extremist group of Al-Shabaab claimed responsibility for the latest in a series of hotel attacks in Mogadishu, one that began with a powerful explosion at the entry gate. “We have finally ended the siege. The last remaining militants were killed on the top floor,” police Capt. Mohamed Hussein said after security forces cornered the gunmen, who had set up sniper posts on the roof of the Nasa-Hablod hotel. Police said at least four gunmen were involved in the attack, and two were killed.

A witness, Ali Mohamud, said the attackers randomly shot at guests. “They were shooting at everyone they could see. I escaped through the back door,” he said.

2- Qatar Charity has supported Yemeni refugees in Somalia 
The project is being implemented in line with a request from the Yemeni ambassador in Somalia.

3- Yemeni Intelligence Breifings: peace still a long way off 

The SIRAD institute intel reports received has learned that negotiations underway in Kuwait for the past two months on the political crisis in Yemen have made no progress as the two sides have been unable to find common ground.

Meanwhile, the Saudi ambassador to Yemen, Mohamed Said Al-Jaber, has put forth an initiative to form a military committee to monitor the ceasefire on the battlefront. The parties to the Yemen crisis ostensibly concluded a prior agreement in Dhahran, located in southern Saudi Arabia, on the operation of the truce committee. Riyadh has allocated one million riyals to cover operating costs, and the process will be overseen and implemented under a UN aegis

4- Ethiopia to give Kenyan goods preferential treatment
Ethiopia has committed to give Kenyan goods and services preferential treatment as contained in the Special Status Agreement signed in 2012.

According to the agreement, Ethiopia would reduce the tax imposed on Kenyan goods and services by 20 per cent, while Kenya would do the same by 10 per cent.

Speaking during the Kenya-Ethiopia Business Forum in Nairobi, Ethiopian Prime Minister Hailemariam Dessalegn said the two countries need to actualise the agreement to help enhance trade and investment in the region.

5- An American Sailor’s Death in Djibouti under Investigation
A sailor who was supporting forward Navy operations in Africa has died of a non-combat related injury, the Defense Department announced today.

Petty Officer 2nd Class Andrew Jerod Clement, 38, of Massachusetts, died while deployed to Camp Lemonnier, Djibouti, according to the announcement.

The incident is under investigation by the Africom military.

Meanwhile: the 411th Civil Affairs Battalion, a part of the U.S. Army Reserves, will be on a yearlong deployment conducting civil military operations in Djibouti this summer as a part of Operation Enduring Freedom to combat terrorism.

6- A Saudi Arabian police officer was shot Dead in Shiite city
A Saudi Arabian police officer was shot on Friday morning in the predominantly Shiite east region of the country, the Associated Press quoted authorities as saying. The policeman, Faisal al-Harbi, was on a traffic patrol when he was shot.

There has been unrest in the Shiite community in the predominantly Sunni country after a Shiite cleric, Sheikh Nimr al-Nimr, was executed in January.

7- Updated Iranian National Security Policy “Saudi Arabia Is Iran’s New National Security Threat”
The regional situation was even comparable to pre-World War I Europe. The relationship between Iran and Saudi Arabia, a European diplomat said, has deteriorated to such an extent that both sides and their allies have found themselves at the precipice of a major war.

8-R estrata (British-owned outfit) headquartered in the UAE nabs Egypt airport security training deal

From Egypt’s National Falcon has picked Restrata, to provide security training services for its airports.

National Falcon is tasked with providing the aviation security screening force for Egypt’s international airports, including Cairo Airport and those in tourist areas like Sharm-el-Sheikh. A key element in this process, is the training of all personnel in accordance with European Standards.

British Ambassador John Casson and Egypt’s Minister for Civil Aviation Sherif Fathy were present at the ceremony.

Update: Remarking on the contract, Casson said: “The UK and Egypt stand together on the frontline against terrorism and aviation security is a top priority for both our governments.

“We have a strong partnership when it comes to working on aviation security, no more so than in Sharm el-Sheikh where we are working to restart flights as quickly as possible.

9- Dubai: 80 per cent of UAE firms lack IT security infrastructure
UAE’s IT security spending is not enough – according to IT security expert statement received by SIRAD Institute.

Firms in the United Arab Emirates are found to be lacking in efficient security infrastructure, a survey by International Data Corporation (IDC) Connect has found.

According to the survey, 80 per cent of local firms lack the ability to analyse threats. While 52 per cent are unable to adapt and integrate risk management solutions and 42 per cent say the cyber-security support systems are not enough to manage cyber risks.

10- President Tayyip Erdogan warning that more countries could seek to leave EU.
Turkey warns of rising European xenophobia after Brexit vote. Britain’s vote to exit the European Union deprived Turkey of what had been a major backer in its quest for EU membership.

President Tayyip Erdogan blamed Islamophobia for holding up Turkey’s accession process, accusing the bloc of double standards and warning that more countries could seek to leave.

11- Turkey to sell train rails to Iran in exchange for oil

Transportation, Maritime Affairs and Communications Minister Binali Yildirim has said Turkey will buy oil from Iran in exchange of train rails in line with an 80-million-euro deal.

Yildirim visited the Black Sea province of Karabuk to open a railway route, which was completed by European Union funds and Turkey’s financial contributions, in the region on April 26.

Yildirim noted Turkey had inked a deal with Iran for Iranian oil in exchange for train rails, which are made in Karabuk.

12- Equatorial Guinea president elevates son to Vice President
FromThe President of Equatorial Guinea, Teodoro Obiang Nguema has promoted his son Teodorin, to the position of Vice President in charge of defense and security. According to a decree on state television, President Obiang made other appointments which follow a dissolution of the country’s government on June the 17th, after the presidential election in April, as provided by the Constitution.

Teodorin Nguema Obiang, who is 47 years old and a possible successor to his father, previously held the position of 2nd Vice-President since 2012.

In 2014, Equatorial Guinea’s vice president Teodorin Nguema Obiang has been ordered by the U.S. Justice Department to sell more than $30 million worth of property it believes was bought using illegally obtained assets from corrupt business deals

13- Somalia DPM, Mohamed Omer Arteh on Conflict Zone
Somalia’s current political and security crisis is no longer just affecting its own population. After a civil war that lasted for 25 years, the domestic failure to deal with the al Qaeda-linked militant group al-Shabab is spreading to neighboring states like Kenya and Ethiopia.

Mohamed Omer Arteh, Somali Deputy Prime Minister, acknowledged the problem but refused to take the responsibility for his government’s shortcomings in an exclusive DW interview: “[There’s] an instability in the whole region simply because for a very long time, there hasn’t been a proper intervention that was done by the international community, leaving Somalis alone to solve all these problems.”

14- African Fisheries Plundered by Foreign Fleets
According to Algerian Maritime researcher, “The most depressing thing for me was the realization that African countries got no benefit at all from all the foreign fleets,” she said. “In fact, the fishing communities suffered a lot, and in most places, the only people who made money were the government officials who sold the fishing licenses.”

15- Brazil Girds for Terrorist Threat at Rio Olympic Games
Islamic State has begun posting digital propaganda in Portuguese, presenting an apparent threat and a new challenge to Brazilian security officials just six weeks before the start of the Olympic Games. The postings, which have surfaced on encrypted webpages and an instant-messaging platform, lay out the tenets of the radical militant group. Brazil’s federal intelligence agency, the ABIN, said Thursdaythat Islamic State’s Portuguese-language channel is “aimed at extremist indoctrination, directed at the Portuguese-speaking public, increases the complexity of the work of confronting terrorism, and represents an additional facility of radicalizing Brazilian citizens.” The postings are also likely aimed at the United States and other Olympics participants, some analysts say. Brazilian officials have said the country is already taking all necessary measures to safeguard the Games, which will be held Aug. 5 through 21. Brazilian security and intelligence agents said they are monitoring an undisclosed number of Brazilians and foreigners living in Brazil who may be sympathetic to terrorist organizations. Tens of thousands of military personnel will augment Rio’s Olympics security forces. The country plans to deploy roughly 85,000 federal police and armed-forces members, more than double the number on hand at the 2012 Summer Games in London. Brazil also has assembled a broad task force to deal with cyberattacks. Brazilian defense officials say they are in contact with U.S. intelligence services and the U.S. Embassy, as well as the secret services of the U.K., France, Israel, and Russia.

16- Conventions in Two Cities Are Bracing for Large Protests

Republicans arriving in Cleveland next month to nominate Donald Trump will be greeted by as many as 6,000 protesters on the first day, a noisy coalition of dozens of groups, including Black Lives Matter and the Workers World Party. The demonstrators intend to ignore restrictions keeping them far from the delegates, raising fears the violence that accompanied some of Trump’s rallies will be magnified on a mass scale. Two marches along routes the city has not authorized are planned for the convention’s opening day, July 18. Organizers say they are gearing up for confrontation with the police, including training in civil disobedience. A week later, as Democrats pour into Philadelphia, so will an army of Bernie Sanders supporters planning Occupy Wall Street-style protests against what they call the “fraudulent” nomination of Hillary Clinton. One group, Occupy DNC Convention, is circulating information about protecting oneself from tear gas by wearing a vinegar-soaked bandanna and swim goggles. Philadelphia is considering issuing $100 summonses to marchers blocking highways or failing to disperse, rather than arresting them. Philadelphia is also allowing daylong rallies of Sanders supporters in Franklin Delano Roosevelt Park facing the convention site, the Wells Fargo Center, on all four days of the convention. A spokesman for Mayor Frank G. Jackson of Cleveland, meanwhile, said the police have trained for 18 months to deal with protesters. He said that protesters who chose other march routes would not be arrested as long as they used sidewalks and did not block traffic.

17- Saving Lives With a Test: Active Shooter Response Training for Employees

Although weather emergency drills are common for schools and businesses, institutions are often resistant to implement active shooter drills and other workplace violence training for fear of alarming their employees or creating uninformed or ineffective plans. Jay Hart, founder of the Force Training Institute, said active shooter drills need to be done in a way that is mindful of employees and their emotional responses. He noted that training should focus on empowering individuals to make safe, informed decisions during an incident. Security executives also are responsible for ensuring employees are educated and well-prepared. “We need to do a better job explaining that active shooter training is really about leadership,” Hart said. “As leaders we have an obligation to share the Gift of Safety with employees so that if an active shooter incident ever occurs our employees know what to do.” Active shooter response strategies differ depending on the location and nature of the business or school. For example, a kindergarten teacher will need to take more direct responsibility over his or her students than those of a high school teacher.

18- Spearphishing Attacks Target Boards

Spearphishing attacks are targeting corporate boards of directors more than ever, according to recent data. About 350 different clients for Experian Information Solutions have reported spearphishing attacks, about a third of which specifically targeted board members. These messages ask for tax information or bank transfers and often result in the loss of financial statements, cybersecurity strategy documents and protocols, and intellectual property. Orrstown Bank, which has 25 branches in Pennsylvania and Maryland, is aware of the risks and is doing its part to stop the criminals. The bank currently provides company-specific email addresses to its board members, as well as security training and mobile device management. This allows for confidential bank data to be isolated from personal data on the directors’ devices. Orrstown is now looking to move to the cloud, where other companies are starting to seem myriad security benefits. Security and ease of use are important, so companies like Diligent allow for businesses to prevent recipients from forwarding sensitive documents, or even printing them. It represents a solution to lower-security servers: around 21 percent of directors in the U.S. use free consumer email service providers, such as Gmail, AOL, and Yahoo.

19- Chinese Curb Cyberattacks on U.S. Interests, Report Finds
The first detailed study of Chinese hacking since a September meeting between President Obama and Chinese President Xi Jinping shows a sharp decline in cyber raids on Silicon Valley firms, military contractors, and other commercial targets. The study, conducted by FireEye, concluded that the drop-off actually started a year before the two leaders agreed to decrease cyber espionage. The study’s results are largely echoed by American intelligence officials and could be associated with Xi’s attempts to gain more control of the Chinese military, which is considered one of the main sponsors of the attacks. A People’s Liberation Army cyber-arm called Unit 61398 was primarily responsible for some of the most highly-publicized thefts of American technology and that daily barrage of attacks has diminished. According to John P. Carlin, the assistant attorney general for national security, the report validated the strategy he set out to complete. “The lesson is that when you figure out who has done this kind of theft, don’t fear making it public,” he said. The FireEye study concluded that as early as 2014, around the time of the indictment of the PLA’s officers and hackers, the Chinese government had already been modifying its approach to cyberoperations.

20- Concerns About Security, Information Sharing Up Among Industrial Control System Security Pros

Security managers for industrial control systems (ICS) are concerned about system security and insufficient information sharing in the industry, SANS Institute reports. According to 67 percent of respondents, threats to ICS are ranked from moderate to severe, up from 43 percent last year. The growing concern is explained in part by a growing number of reported security incidents; a report from Booz Allen Hamilton says incidents increased by 20 percent from 2014 to 2015. According to the SANS survey, 27 percent of respondents experienced a security breach, and only 13 percent were certain they had not been infiltrated. “Knowledge is a big problem here,” says Derek Harp, director of ICS global programs at SANS. “There are a lot of undetected problems. It’s widely held that most systems have had some sort of probing, but it’s really hard to know if someone was in there.” Organizations say the current information-sharing environment is inadequate; 41 percent of organizations exchanged intelligence through industry partnerships and 34 percent received information from government agencies. The survey also found that 31 percent of organizations had not completed a security assessment in the last year, and 16 percent have never done a control system assessment.

21- How Do You Stop a Future Terrorist When the Only Evidence Is a Thought?

In the wake of Omar Mateen’s rampage at an Orlando nightclub, law enforcement officials are struggling to combat the threat posed by hard-to-track extremists. While Mateen was clearly building toward violent acts, and had even been named in terrorism investigations, he was still able to launch his attack. Because there are thousands of terrorism surveillance cases going on at any given time, authorities in Europe and the U.S. say they are swamped and in a difficult position of trying to stop attacks when the only forewarning is often what someone thinks or what they are overheard saying. After Mateen’s massacre, FBI director James Comey said that the shooter’s file had been “hundreds and hundreds of cases all across the country,” and compared identifying him to finding “needles in a nationwide haystack.” In France’s case, authorities employ an S List, a database of people believed to have been radicalized. This list has over 10,000 names and is not ranked according to threat level. France last week introduced a bill creating the status of “administrative detention” for those representing a security threat in an effort to better combat the threat. In Magnanville, a community about 40 miles from Paris, the problems came to a head when an extremist stabbed an off-duty police officer and his partner before pledging allegiance to Islamic State. These are the attacks that authorities say are so difficult to stop.

22- Red-Carpet Security Under Scrutiny Post-Orlando

The recent string of shootings in the U.S. has resulted in increased concerns about high-profile events. Social media has made it much easier for fans to access celebrities on a more personal level than ever before, but this could also leave those in the public eye vulnerable. “There have been incidents; there have been things that have happened that have been kept from the public eye,” says Eric Rose, West Coast director at Pinkerton, which works on Hollywood events. Law enforcement officials are concerned about potentially armed lone wolves who pose a threat to those on a red carpet or the crowds nearby. Most in Hollywood agree that tighter event security should be a priority, but providing that security while trying to engage fans and promote films can be challenging. Jeff Zisner, head of Aegis Security & Investigations, says that security is a “soft science” and no single tactic can defer all breaches.

23- Extending Cybersecurity to Fraud Analytics
Traditional IT tools and practices such as firewalls, intrusion-detection systems, and malware detection are not equipped to detect and prevent user fraud, according to the (ISC)² U.S. Government Advisory Council. The difficulty in discovering fraudulent activity is highlighted by two recent high-profile incidents at federal agencies. In 2015, the Office of Personnel Management experienced two related cybersecurity breaches in which user credentials were stolen to gain access to the OPM network. And in 2015, cybercriminals used taxpayer credentials to the IRS Get Transcript web application and obtained past tax transcripts. Although malware was planted to initiate the OPM attack, no malware or system intrusion was used in the IRS incident; attackers navigated the app as it was designed to access taxpayer information. Network defense tools, reliant on identification of malicious files or defined signatures of traffic, are currently unable to recognize fraudulent activity. Fraud detection and prevention requires the collection of data on expected user activity behaviors in order to establish a baseline of valid behaviors. Updated traditional security tools or specialized fraud detection technologies could be used to monitor user behavior and report suspicious activity.

24- CDC and States Ponder Plans to Keep Ahead of Zika
FCDC last week released a 58-page blueprint for what to do if a homegrown case of Zika surfaces. The agency says it is focusing much of its mosquito control effort on six states and one county most at risk: California, Texas, Florida, Hawaii, Arizona, and Louisiana, and Los Angeles County. While scientists do not expect the epidemic to take off in the continental United States as it has in Brazil, officials are warning that even a small cluster of cases could have outsize effects if it includes anyone who is pregnant. Anne Schuchat, the principal deputy director at CDC, said the agency’s plan “sketches out what we’re expecting states and cities to need.” Should there be a local case, CDC plans to help the local government investigate it and warn residents. The agency detailed how to define the area of transmission—important for warning pregnant women what places to avoid—and underscored the urgency of alerting blood banks. If asked, the agency will dispatch a team of experts to help with everything from logistics to lab testing. Some states, and even cities, are preparing their own plans. Tennessee, for example, is doing drills, giving staff members in local health departments surprise scenarios.

25- Ransomware Epidemic Prompting Firms to Rethink Information Sharing
An epidemic of ransomware is prompting governments and industry to move toward information sharing. The U.S. Department of Homeland Security (DHS) has signed up 100 “non-federal” users for its Automated Indicator Sharing (AIS) program, the machine-to-machine cyber information-sharing program authorized under the Cybersecurity Information Sharing Act of 2015. Non-federal users include state governments, international organizations, computer emergency response teams, banks, and other private companies, according to Preston Wertz in the DHS Office of Cybersecurity and Communications. The group also includes Information Sharing and Analysis Centers and Information Sharing and Analysis Organizations run by industries. Historically, organizations have been hesitant to share information in cases of economic espionage, intellectual property theft, and similar cybercrimes because of the potential that disclosures could have an adverse impact on their financial prospects. AIS enables the machine-to-machine exchange of cyberthreat indicator information between the federal government and the private sector.

26- Security Researchers Puzzled by Demise of TeslaCrypt Ransomware
Ransomware group TeslaCrypt announced May 18 that its operations have shut down; the group has released their master key to unlock remaining encrypted data. Security researchers are baffled at the group’s sudden and mysterious shuttering, signaled only by a brief goodbye note. Some researchers speculate a wariness of law enforcement could have driven the cybercriminals underground. “Several companies were doing deep dives to find issues in their programs, and add to that law enforcement targeting them,” says Craig Williams, senior technical leader with Cisco’s Talos team. “When you are a bad guy, having too much attention on you is not something you want.” Initial versions of TeslaCrypt, released in February 2015, resembled ransomware giants CryptoLocker and CryptoWall. TeslaCrypt’s impact was small in comparison to CryptoWall’s 83 percent share of ransomware traffic; only 0.08 percent of ransomware traffic was associated with TeslaCrypt. However, in just the first two months of its release, TeslaCrypt made nearly $77,000 from 163 victims. The group’s exit came as a surprise, and ESET researcher David Harley says the circumstances could have been much worse. “I can’t say I admire the people behind TeslaCrypt, but they could have simply dropped development and left their remaining victims with no way to recover their files, and the fact that they were persuaded not to probably deserves a muted cheer,” he says.

27- Fighting ISIS With an Algorithm, Physicists Try to Predict Attacks
University of Miami physicist Neil Johnson has led a team that created a mathematical model to search for clues in posts and Twitter messages that appear to promote terrorist militants’ cause. The study searched for pro-Islamic State posts each day from mid-2014 until August 2015, mining mentions of beheadings and blood baths in multiple languages on Vkontakte, a Russia-based social media service that is the largest European equivalent to Facebook. Johnson’s team developed an equation that attempts to explain the activity of Islamic State sympathizers online. The team hopes that the equation will eventually help to predict attacks that are about to happen. Experts caution that more information will be needed to substantiate any predictive potential of the team’s equation.

28- Network Defense Must Improve as Hacking Profession Matures
A new Kaspersky Lab white paper provides insights into the cybercrime ecosystem, which can help security officers to better defend networks. The report shows although the number of new malware files declined in 2015, the number of users affected grew 5 percent. This trend indicates that less expensive attacks targeting high-value accounts are delivering a better return on investment. For example, 40 percent of ransomware victims pay to have their data unlocked. In addition, cybercriminals are using encryption to make detection and analysis of malicious code more difficult. Small and medium-sized organizations increasingly are targeted, especially subcontractors to large enterprises, according to Kaspersky. A recent Department of Homeland Security report found 31 percent of cyberattacks are aimed at organizations with less than 250 employees. Kaspersky also found peak activity occurring Monday through Thursday, with an average of 80 percent of distributed denial-of-service attacks taking place. Moreover, Kaspersky found cybercriminals use anonymization technology such as Tor and bitcoin to hide command servers and financial transactions, and they prefer hosting services in countries where the hosting market is well developed.

29- Ransomware Sends Phishing Volumes Up Almost 800 Percent
There has been a 789-percent jump, totaling a 6.3-million increase in raw numbers, in the amount of phishing emails pushing ransomware, according to PhishMe’s analysis of phishing email campaigns from the first three months of 2016. “Thus far in 2016, we have recorded an unprecedented rise in encryption ransomware attacks, and we see no signs of this trend abating,” says PhishMe CEO Rohyt Belani. “Individuals, small- and medium-sized businesses, hospitals, and global enterprises are all faced with the reality that this is now one of the most favored cyber-criminal enterprises.” PhishMe first-quarter 2016 Malware Review report identified three key trends previously recorded through 2015: encryption ransomware, soft targeting by functional area, and downloader/ransomware. “In contrast to both broad distribution and the careful targeting of one or two individuals via spear phishing emails, soft targeting focuses on a category of individuals based on their role within any organization anywhere in the world,” Belani says. However, Belani notes whatever tactic threat actors use, the impact on the victimized organization can be significant. “They have to expend scarce incident response resources on the clean-up effort, manage a potential public relations nightmare, and in some cases even cave in to hacker demands of paying the ransom being demanded,” the report says.