Sunday, January 12, 2014
For my Ethical Hackers: As the number of records stolen goes up, the price per record goes down. (It hardly pays to steal less than a million fullz.)
Cybercrime shopping list study points to falling prices
Fancy a bank account with $300,000 (£184,000) in it? If you know where to look and you don't mind dealing with cybercriminals then the going rate is just $300, a study of the hacking underworld suggests.
For that you'll get the bank account details, plus online username and password providing you with full access to the money.
For criminal buyers that price is a steal compared with the sums they were paying as little as two years ago. Back in 2011 the most they could have expected to acquire for $300 would have been a compromised bank account with just $7,000 in it, and probably less, the researchers say,
… It's not just the price of online bank account credentials that has fallen, Mr Stewart adds.
For example, a full dossier of financial and other information about an individual that can be used to commit identity theft now costs just $25 for a US victim, or $30-40 for a British one.
Two years ago these full dossiers - known as Fullz in hacker speak - changed hands for as much as $60 each.
… The going rate is about $4 per card for US Visa or Mastercard details, and $7-$8 for UK or European ones, he says.
My government in action...
EPIC Settles FOIA Case, Obtains Body Scanner Radiation Fact Sheets
by Sabrina I. Pacifici on January 11, 2014
“EPIC has received the documents that were the subject of EPIC’s Freedom of Information Act appeal to the D.C. Circuit in EPIC v. DHS (Body Scanner FOIA Appeal). The agency had previously withheld test results, fact sheets, and estimates regarding the radiation risks of body scanners used to screen passengers at airports. EPIC challenged the lower court’s determination that the factual material was “deliberative” and therefore exempt from the FOIA. After filing an opening brief to the D.C. Circuit, EPIC participated in a new appellate mediation program. As a result of the mediation, EPIC obtained not only the records sought, but also attorneys’ fees. The fact sheets show that the agency did not perform a “quantitative analysis” of risks and benefits before implementing the body scanner program. EPIC addressed that concern in the 2011 lawsuit EPIC v. DHS (Suspension of Body Scanner Program). That EPIC case also had a favorable outcome, and ultimately resulted in the removal of backscatter x-ray scanners from US airports. For more information, see EPIC v. DHS – Body Scanner FOIA Appeal and EPIC v. DHS – Suspension of Body Scanner Program.”
One example, for my students
7 Business Apps Every Professional Should Download
7. IFTTT (If This Then That) (iPhone only)
Wouldn’t it be neat if every time you took a screenshot of your iPhone, that screenshot was automatically saved to where you want it? Or if every time you completed a Reminder on your phone, it emailed the appropriate person to let them know, automatically? Or if you could see, on your phone, every photo you’ve been tagged in from Facebook? With IFTTT (short for If This Then That), that kind of two-step, non-thinking action is entirely possible. The hardest part is thinking up the “recipes” that you want for your phone, but after playing with the website a bit, you should get a real sense of just how many things can be done without your having to even think about it. Be sure to install this iPhone app so you can take full advantage of that set-and-forget productivity. (iTunes).
Dilbert explains how to “Manage Up”