Saturday, September 21, 2013
Sneaky trick #49 Most banks don't have outside “engineers” wandering around working on their computers.
Eight men have been arrested on suspicion of stealing 1.3 million pounds ($2 million) from a Barclays bank branch by tapping into its computers, British police said Friday.
Detective Supt. Terry Wilson said one of the arrested men is the “Mr. Big” of British cybercrime.
Police suspect that in both cases a gang member posed as an engineer and installed devices on the bank’s computers that allowed the suspects, in the Barclays case, to gain information used to siphon money from the bank.
Read more of this story on HuffPost.
[From the article:
Police suspect that in both cases a gang member posed as an engineer and installed a KVM on the bank's computers that allowed the suspects, in the Barclays case, to gain information used to siphon money from the bank.
"That would allow them to log the keystrokes and the actual screen, so you could gather passwords and see how people log into their systems," said Graham Cluley, an independent computer security analyst. "Then you could remotely access the computers as if you were sitting in front of it. Effectively, it's like breaking into the bank in the middle of the night."
Santander hacking plot: How did gang use keyboard video mouse to take control of a bank's computers?
… Expert Chris Pirillo, speaking on YouTube, explained how it worked. "The idea behind KVM is that you can have one set of peripherals, a keyboard, monitor and a mouse, to control many computers.
"An example is that if you have multiple computers in a house and you want to control them with relative ease you can have a KVM switch."
Once installed, the technology would mean that a person keen to steal from a bank, could effectively attempt to transfer cash from its computer systems from the comfort of their own home.
According to police, the gang arrested allegedly used this technology to control of all the computers at the Santander branch in Surrey Quays shopping centre
However, according to the Spanish bank said they were unable to steal any money.
I have to wonder if we've trained some privacy advocates too well.
NSA job post for 'Civil Liberties & Privacy Officer' goes live
… President Obama announced during a press conference in August the plan to create the new position, along with an NSA Web site devoted to greater transparency, which, surprisingly to some, took the form of a Tumblr blog.
Here's the job listing in full
No doubt Section II, Paragraph C, Line 4 says something like “and then a miracle occurs.”
Somini Sengupta of the NYT reports:
Kids. The reckless rants and pictures they post online can often get them in trouble, by compromising their chances of getting into a good college or even landing them in jail. What to do about such lapses vexes parents, school officials, the Internet companies that host their words and images — and the law.
Now California legislators are trying to solve the problem with the first measure in the country to give minors the legal right to scrub away their online indiscretions. The legislation puts the state in the middle of a turbulent debate over how best to protect children and their privacy on the Internet, and whether states should even be trying to tame the Web.
Gov. Jerry Brown has taken no position on the bill. He has until mid-October to sign it, after which, without his signature, the legislation becomes law.
Read more on BendBulletin.com
Update: For those seeking the text of the bill, it’s SB 568
[From the article:
Some supporters of the bill say Internet companies got off easy. The eraser bill does not, for example, require companies to remove the deleted data from its servers altogether, nor does it offer any way to delete material that has been shared by others; a sensational picture that has gone viral, in other words, can’t be purged from the Internet.
Interesting in theory, unlikely in practice.
EFF – Thirteen Principles Against Unchecked Surveillance Launched at United Nations
Privacy Advocates Call Upon UN Member States to End Mass Internet Spying Worldwide: “Geneva – At the 24th Session of the United Nations Human Rights Council on Friday, six major privacy NGOs, including the Electronic Frontier Foundation (EFF), warned nations of the urgent need comply with international human rights law to protect their citizens from the dangers posed by mass digital surveillance. The groups launched the “International Principles on the Application of Human Rights to Communications Surveillance” at a side event on privacy hosted by the governments of Austria, Germany, Hungary, Liechtenstein, Norway, and Switzerland. The text is available in 30 languages at http://necessaryandproportionate.org. The document was the product of a year-long negotiation process between Privacy International, the Electronic Frontier Foundation, Access, Human Rights Watch, Reporters Without Borders, and the Association for Progressive Communications. The document spells out how existing human rights law applies to modern digital surveillance and gives lawmakers and observers a benchmark for measuring states’ surveillance practices against long-established human rights standards. The principles have now been endorsed by over 260 organizations from 77 countries, from Somalia to Sweden. Included in the 13 principles are tenets such as:
Necessity: State surveillance must be limited to that which is necessary to achieve a legitimate aim.
Proportionality: Communications surveillance should be regarded as a highly intrusive act and weighed against the harm that would be caused to the individual’s rights.
Transparency: States must be transparent about the use and scope of communications surveillance.
Public Oversight: States need independent oversight mechanisms.
Integrity of Communications and Systems: Because compromising security for state purposes always compromises security more generally, states must not compel ISPs or hardware and software vendors to include backdoors or other spying capabilities.”
Big Data is not automatically Big Money. If raw data was all you needed, NSA would provide all the money needed to run the government.
Here are four steps your organization can take in order to understand the value of your data, and to plan for potential monetization:
Clarify whether it’s really your data
Understand who would value it, why, and how much
Frame up realistic aspirations for monetization
Test, learn, and tweak
I'm on a two week break between Quarters, so I might try one or two “free online” movies...
– What are you in the mood to watch right now? Movievisor helps you find something to fill your cravings. Give Movievisor the thumbs up or down, and it will customize its recommendations. Suggestions come from Netflix, Amazon Instant and Hulu, with more sources to be added soon. You can see reviews for each movie on the page as well.
First question I ask in each class, “Who reads SiFi?” They will have no problem with new concepts OR will drive me crazy with “What if...” questions.
Why Today's Inventors Need to Read More Science Fiction
… This fall, MIT Media Lab researchers Dan Novy and Sophia Brueckner are teaching "Science Fiction to Science Fabrication," aka "Pulp to Prototype," a course that mines these "fantastic imaginings of the future" for analysis of our very real present. Over email, I asked Novy and Brueckner about the books they'll be teaching, the inventions that found their antecedents in those pages, and why Novy and Brueckner believe it is so important for designers working in the very real world to study the imaginary. An edited transcript of our correspondence follows.
Every week a new laugh...
… EdX launched a new program, “the XSeries,” that will offer certificates for students who complete a sequence of classes offered on its MOOC platform. The program starts with two series: Foundations of Computer Science and Supply Chain and Logistics Management. These new certificates will require an ID verification program, newly launched from edX too. More details on the courses and the fees in Inside Higher Ed.
… All of the courses that make up the first year of Wharton’s MBA program are now available online via Coursera.