Sunday, February 15, 2015
Looks like this is going to rattle some teller cages.
In late 2013, an A.T.M. in Kiev started dispensing cash at seemingly random times of day. No one had put in a card or touched a button. Cameras showed that the piles of money had been swept up by customers who appeared lucky to be there at the right moment.
But when a Russian cybersecurity firm, Kaspersky Lab, was called to Ukraine to investigate, it discovered that the errant machine was the least of the bank’s problems.
The bank’s internal computers, used by employees who process daily transfers and conduct bookkeeping, had been penetrated by malware that allowed cybercriminals to record their every move. The malicious software lurked for months, sending back video feeds and images that told a criminal group — including Russians, Chinese and Europeans — how the bank conducted its daily routines, according to the investigators.
Then the group impersonated bank officers, not only turning on various cash machines, but also transferring millions of dollars from banks in Russia, Japan, Switzerland, the United States and the Netherlands into dummy accounts set up in other countries.
In a report to be published on Monday, and provided in advance to The New York Times, Kaspersky Lab says that the scope of this attack on more than 100 banks and other financial institutions in 30 nations could make it one of the largest bank thefts ever — and one conducted without the usual signs of robbery.
… Kaspersky Lab says it has seen evidence of $300 million in theft through clients, and believes the total could be triple that. But that projection is impossible to verify because the thefts were limited to $10 million a transaction, though some banks were hit several times.
… The majority of the targets were in Russia, [Does this suggest the hackers were Russian and started at home, OR the hackers were Ukrainian and were taking revenge, OR they wanted to drain assets from Russia before the were all lost to devaluation of the ruble? Bob] but many were in Japan, the United States and Europe.
… The managing director of the Kaspersky North America office in Boston, Chris Doggett, argued that the “Carbanak cybergang,” named for the malware it deployed, represents an increase in the sophistication of cyberattacks on financial firms.
“This is likely the most sophisticated attack the world has seen to date in terms of the tactics and methods that cybercriminals have used to remain covert,” Mr. Doggett said.
… But the largest sums were stolen by hacking into a bank’s accounting systems and briefly manipulating account balances. Using the access gained by impersonating the banking officers, the criminals first would inflate a balance — for example, an account with $1,000 would be altered to show $10,000. Then $9,000 would be transferred outside the bank. The actual account holder would not suspect a problem, and it would take the bank some time to figure out what had happened.
“We found that many banks only check the accounts every 10 hours or so,” Mr. Golovanov of Kaspersky Lab said. “So in the interim, you could change the numbers and transfer the money.”
Can't wait until the government has it all lumped together to make it easier to steal in bulk.
Aarti Shahani sat down with Greg Virgin, CEO of the security firm RedJack, to discuss the black market for stolen health care data:
After poking around for about an hour, we come across an advertisement by someone selling Medicare IDs.
We’re not revealing the site address or name because we don’t want the dealer to know we’re watching.
According to the online rating system — similar to Yelp, but for criminal sales — the dealer delivers what’s promised and gets 5 out of 5 stars. “He definitely seems legit” — to the underworld, Virgin says.
The dealer is selling a value pack that includes 10 people’s Medicare numbers – only it’s not cheap. It costs 22 bitcoin — about $4,700 according to today’s exchange rate.
Security experts say health data is showing up in the black market more and more.
Read more on NPR.
Analyzing Big Data. “If you build it, IBM will market it!”
IBM Extends Reach of Watson API Portfolio
As part of an ongoing effort to build a developer ecosystem around the IBM Watson platform for creating cognitive computing applications, IBM is now beta testing five additional Watson APIs.
Lauri Saft, director of the Watson ecosystem for IBM, says IBM has now defined eight APIs for Watson. The new API services provide access to functions such as speech-to-text; text to speech; visual recognition of various types of media content; conceptual search to identify explicit and implicit links between data; and tradeoff analytics that enable an application to balance conflicting goals against several sets of criteria.
The IBM Watson Developer Cloud running on the IBM Bluemix cloud platform, says Saft, has already spawned 6,000 application projects — 147 of which IBM has committed to support and sell. As a result, Saft notes that IBM is not only committed to helping developers build applications, it also is enabling developers to take advantage of multiple routes to market that IBM and its business partners can provide. In fact, IBM has created an entire business unit dedicated to the IBM Watson platform.
An alternate alternative. Interesting that Apple (a day late) even bothered.
Apple offers free iWork for iCloud to all Windows users
Apple has opened the beta of its iWork for iCloud application suite to Windows-only users, letting people without an iOS device or OS X-powered Mac create an Apple ID needed to access the Web apps.
… iWork for iCloud, which has been in beta for more than a year and a half, is Apple's productivity answer to Microsoft's Office. Starting in the fall of 2013, Apple began giving away the iOS and OS X iWork apps to new buyers of iPhones, iPads and Macs; iWork for iCloud is the browser-based side of those apps.
The availability of iWork for iCloud will tempt few if any Windows-only consumers: They have free access to Microsoft's own Web apps, dubbed Office Online.
Although analysts thought that Apple's move might draw some Windows users when the Cupertino, Calif. company launched the free iWork and iWork for iCloud, that was before Microsoft started giving away its Office iOS apps to consumers.
… Interested Windows users can create an Apple ID from the banner notification on the iCloud beta website.
For my gamers...
No Hidden Cost: 7 Free-To-Play Games That Are Actually Free