In today's business environment, the ONLY report
of multi-million dollar transactions is a paper printout? This looks
very well planned for a hack foiled by a misspelling.
Broken
printer costs Bangladesh $100mn in cyber heist
… It took the regulator nearly four days to
discover the problem and ask banks across the globe to halt payments
to the hackers after the central bank's joint director Zubair bin
Huda had noticed a glitch with a printer on February 5. The
printer was set up to automatically print all SWIFT wire transfers.
"Since such glitches happened before, we
thought it was a common problem just like any other day,"
Huda said in the complaint.
He then tried and failed to print out the messages
manually from the SWIFT system.
The theft happened on Friday, a weekend in
Muslim Bangladesh, so the official says he left the office and
asked his colleagues to help fix the problem.
After the system was rebooted more than 24 hours
later, the employees managed to print the receipts. They revealed
dozens of questionable transactions to the Philippines, Sri Lanka and
elsewhere.
The receipts showed the Federal Reserve Bank of
New York had sent back queries to Bangladesh Bank against 46 payment
orders in different messages.
(Related)
Man in
Manila gets $30 million cash from cyber heist; Bangladesh central
bank governor quits
Bangladesh's central
bank governor resigned on Tuesday over the theft of $81 million from
the bank's U.S. account, as details emerged in the Philippines that
$30 million of the money was delivered in cash to a casino junket
operator in Manila.
The rest of the money
hackers stole from the Bangladesh Bank's account at the New York
Federal Reserve, one of the largest cyber heists in history, went to
two casinos, officials told a Philippines Senate hearing into the
scandal.
… Bangladesh Bank
is also working with anti-money laundering authorities in the
Philippines, where it suspects the stolen $81 million arrived in four
tranches.
The Philippines' Rizal Commercial Banking Corp (RCBC) (RCB.PS)
said last week it was investigating deposits amounting to just that
sum, which were made at one of its branches.
… CCTV
cameras at the branch were not functioning when the money was
withdrawn, RCBC's anti-money laundering head, Laurinda
Rogero, told the Senate hearing.
The president of a
foreign exchange broker called Philrem Service Corp, Salud Bautista,
told the Senate that her firm was instructed by the bank branch to
transfer the funds to a man named Weikang Xu and two casinos.
She said that $30
million went to Xu in cash. Guingona has said Xu was ethnic Chinese
and a foreigner, but he was not sure if he was a Chinese national.
Still not a huge breach, but another case of an
organization unable to quickly determine what happened.
Well, I may have to walk back some of my praise
for outdoor gear company Bailey’s
after I first read and reported
on a payment card breach they discovered and disclosed.
The firm has updated its breach disclosure after
subsequently discovering that the breach did not begin in September,
2015, and it wasn’t 15,000 affected. According to their updated
notification, the breach began in December, 2011 and affected
250,000.
They still get brownie points for transparency,
but lost a few points for having a breach go undetected for so many
years.
Beware of hackers sending phishing emails warning
of hackers sending phishing emails!
TASS reports:
Hackers attacked dozens of Russian banks by sending letters on behalf of FinCert on Tuesday, March 15, Kaspersky Lab said in a report on Wednesday.
FinCert is a structure of the Central Bank, which warns financial institutions of cyber threats.
“On March 15, dozens of Russian banks became targets of cyberattacks by means of sending malicious messages to electronic addresses of their employees. The peculiarity of this attack was that cybercriminals posed as FinCert, a special department of the Central Bank, created about a year ago to inform Russian banks on security incidents in the financial sector,”- according to the report.
Read more on TASS.
[From
the article:
The malefactors registered the domain name
fincert.net, which allowed them to send letters from the addresses
similar to the current address of FinCert.
Their letters contained alleged security files
which in reality were malicious software. The download of the files
allowed attackers to gain access to the information system of the
banks.
The newsletters were sent as addressed mails –
each letter started with the name of a specific recipient.
Cybercriminals had collected a special database of contacts,
presumably on the basis of the materials of industry conferences or
official documents of a number of banks.
Another government entity going after poor
security planning. A trend I approve!
First: refresh your memory of a 2011
breach involving Accretive Health, a business associate of North
Memorial Hospital.
Then read HHS’s press release how that breach
just cost North Memorial Hospital $1.55 million, and why:
$1.55 million settlement underscores the importance of executing HIPAA business associate agreements
North Memorial Health Care of Minnesota has agreed to pay $1,550,000 to settle charges that it potentially violated the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules by failing to enter into a business associate agreement with a major contractor and failing to institute an organization-wide risk analysis to address the risks and vulnerabilities to its patient information.
[Much omitted Bob]
In addition to the $1,550,000 payment, North
Memorial is required to develop an organization-wide risk analysis
and risk management plan, as required under the Security Rule. North
Memorial will also train appropriate workforce members on all
policies and procedures newly developed or revised pursuant to this
corrective action plan.
The Resolution Agreement and Corrective Action
Plan can be found on the HHS website at:
http://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/agreements/north-memorial-health-care/index.html.
A warning for my vets.
Free phone
scam targets veterans
… The FTC
has posted a warning for veterans who are approached by someone
offering a cell phone and service for free. And to make the scammer
seem even more legitimate, they
set up shop in booths outside of VA facilities.
Here’s the scam: a couple months after a veteran
signs up, they will get a letter notifying them that they need to
send their personal information. Additionally, they are asked to
send documentation proving their income meets the low-income
requirements.
A warning for me.
American
Express Warns Cardholders of Data Breach
American
Express informed customers last week that their payment card
information may have been compromised after a third party service
provider suffered a data breach.
Information
associated with current or previously issued American Express cards,
including account numbers, names and expiration dates, might have
been obtained by unauthorized parties, Amex said in a data
breach notice submitted to California’s attorney general.
… It’s
worth pointing out that the breach is dated December 7, 2013 on the
website of California’s attorney general. [No
date on the Amex notice Bob] The name of the affected
service provider, which Amex says is engaged by numerous merchants,
has not been made public.
“This
breach is another example of a broken chain of custody with
confidential data. AMEX protects it, but then relinquishes control
to another party that has weak controls which the bad actors know how
to exploit.
...
“As
an AMEX card user myself, one of the things that I have done is turn
on the immediate notification when a purchase is made
with the card or when the card is not present. Members can choose
the amount limit on the transaction and the type of notification
(text, email, etc.) It gives users immediate notification, as well
as some level of peace of mind,” Blake added.
For my Disaster Recovery students. Two systems in
case one fails?
Apple said
to move part of cloud business from AWS to Google
Apple has moved some of its iCloud and services
data from Amazon Web Services to Google's cloud platform, in what is
seen as a bid by the iPhone maker to diversify its cloud service
providers, according to reports.
The move comes even as the company is building its
own new data centers, leading to speculation whether the shift is
only temporary.
The big “out?” “The NSA wouldn't give me
use a secure device, so I secured my own email”
NSA
dismissed Clinton request for ‘secure’ BlackBerry
Federal intelligence officials rebuffed an early
effort by Hillary
Clinton’s top aides to provide her with a “secure
‘BlackBerry-like’” device to use while serving as secretary of
State, according to new emails released Wednesday.
Emails released as part of an open records lawsuit
from conservative legal watchdog Judicial Watch show that the
National Security Agency (NSA) rebuffed requests from the State
Department in February of 2009 to find a replacement for Clinton’s
mobile device.
… It’s unclear from the emails how the
matter was ultimately resolved.
Politics overrides all that Law School training?
The Law is
Clear: The FBI Cannot Make Apple Rewrite its OS
Every once in a while, President Obama removes his
Law Professor in Chief hat and puts on his I Get Terrifying Briefings
Every Day hat.
… The problem for the
president is that when it comes to the specific battle going on right
now between Apple and the FBI, the law is clear: twenty years ago,
Congress passed a statute, the
Communications Assistance for Law Enforcement Act (CALEA) that
does not allow the government to tell manufacturers how to design or
configure a phone or software used by that phone — including
security software used by that phone.
CALEA was the subject of
intense negotiation — a deal, in other words. The government
won an extensive, specific list of wiretapping assistance
requirements in connection with digital communications. But in
exchange, in Section 1002 of that act, the Feds gave up authority to
“require
any specific design of equipment, facilities, services, features or
system configurations” from any phone manufacturer. The
government can’t require companies that build phones to come to it
for clearance in advance of launching a new device. Nor can the
authorities ask a manufacturer to design something new — like a
back door — once that device is out.
Perhaps this would keep you from starting your car
with your smartphone and call you an Uber ride instead?
Machine-Learning
Algorithm Identifies Tweets Sent Under the Influence of Alcohol
… Today, these guys show how they’ve trained
a machine to spot alcohol-related tweets. And they also show how to
use this data to monitor alcohol-related activity and the way it is
distributed throughout society. They say the method could have a
significant impact on the way we understand and respond to the public
health issues that alcohol and other activities raise.
Perspective.
WeChat
still unstoppable, grows to 697m active users
WeChat, Tencent’s popular messaging app, is
still growing fast. It added nearly 200 million monthly active users
(MAUs) in the past year.
… Tencent did not disclose how many of
WeChat’s users are in mainland China versus other areas. But it’s
clear that WeChat is focused on mainland China from the number of the
app’s features that are limited just to its home nation, such as
online and in-store payments via the WeChat Pay feature.
For my Data Management students to consider.
Can an
App-only E-commerce Model Succeed in India?
Tools & Techniques
How to Make
a Screencast Tutorial for YouTube
One of the most popular
types of YouTube video is the screencast — the desktop tutorial
that shows you how to do almost anything, from making better use of
the Windows
10 shell, to something simple like switching your desktop theme.
If you’ve ever considered making such a video,
you’ll be happy to know that they’re remarkably straightforward
to produce, so much so that YouTube even offers a tool to help you
make it happen
Gack! We are too lazy to learn Cursive now that
we can thumb our messages into a smartphone – and now this?
Nike’s
first official self-tying sneakers go on sale this year
Nike made
a number of new product announcements at a glitzy event in New
York yesterday, but perhaps the most exciting revelation was that the
company is finally bringing a pair of self-tying sneakers to market —
just
like in that movie.
While Nike has teased
prototypes and versions of the shoe from Back to the Future 2
in the past, with the HyperAdapt 1.0, the American sports apparel
giant is finally bringing a pair of the futuristic wonders to market
for anyone to buy. The sneakers sport “adaptive lacing”
technology, which can automatically adjust the snugness of the shoe.
“When you step in, your heel will hit a sensor and the system will
automatically tighten,” said Tiffany Beers, Nike’s senior
innovator, in a press
release. “Then there are two buttons on the side to tighten
and loosen. You can adjust it until it’s perfect.”
It might be fun to read these lines and see how
many of my students recognize them. But then again, it might just be
depressing. (and why does Douglas Adams rate two mentions?)
Do You
Remember These First Lines From Famous Books?
If you’ve ever attempted to learn to write
a book, one of the very early lessons you were told is that you
need to hook to reader right away. Many of the best pieces
of literature start off with an opening line that’s so
memorable and engaging that you can’t help but keep going.
It’s with that in mind that we take a peek at
this awesome infographic that shows off some of the most compelling
opening lines in literature’s long history.
How many of them do you remember from the first
time you read the books?
No comments:
Post a Comment