This will definitely be a topic in my Spring
Computer Security class. Conversion (turning your stolen money into
laundered cash) is the hardest part of any theft.
Bangladesh
Heist Exposes Philippine Dirty Money Secrets
The $81 million stolen from the Bangladesh central
bank's American accounts last month was immediately sent via
electronic transfer to the Philippines' RCBC bank, with the thieves
deliberately targeting their laundering location.
The Philippines has some of the world's strictest
bank secrecy laws to protect account holders, while its casinos are
exempt from rules altogether aimed at preventing money laundering.
… Still,
if the thieves were to get away with their audacious heist, the money
had to be moved quickly through the banking system and into the
casinos.
And
it did.
Authorities
took four days to order a recall of the money.
But
by then it had vanished – leaving in its place a tale of death
threats, bribes, shady business figures and a bank manager who could
be the villain or a victim.
… A
final roadblock has emerged at the casinos, with the money apparently
vanishing in mountains of gambling chips and mysterious middlemen.
"Our
money trail ended at the casinos," Julia Abad, deputy director
of the anti-money laundering council, told senators Tuesday.
On
February 5, the same day Bangladesh Bank was hacked, the money was
sent electronically to four accounts in Deguito's RCBC branch in the
financial capital of Makati, according to testimony to the Senate
inquiry.
Those
accounts appeared to have been set up solely for that purpose because
they were done using aliases, the Senate inquiry heard.
After
that, the bulk of the money was transferred into accounts of a local
ethnic Chinese businessmen, William Go, who has since protested his
innocence. He said his signature was forged to set up the accounts.
From
there, the money was briefly held by Philrem, a foreign exchange
brokerage.
Philrem
President Salud Bautista told the Senate inquiry $30 million went to
a man named Weikang Xu.
He
was described as a casino junket operator but senators have said they
know little more about him other than he is of Chinese origin.
… Senator
Osmena said the case was likely just the tip of the iceberg.
"This
could have happened hundreds of times already," he said.
"We
discovered this one only because someone complained. But normally, if
a drug dealer from Burma (Myanmar) or China would send money here, no
one would complain."
(Related)
Eric Mugendi reports:
Unknown individuals have made four attempts to illegally transfer US$24 million (UGX81 billion) from the Bank of Uganda to accounts located outside the country.
Officials within the Government of Uganda are believed to have shared passwords with tech-savvy individuals who then logged in to the financial management system and targeted the accounts of the Defence, Energy and Agriculture ministries and the Uganda National Roads Authority (UNRA).
Read more on TechCabal.
Where
does responsibility begin and end?
Not our hack, not our data breach: Greenshades
Although media reports this month have been
talking about a hack
of payroll services provider Greenshades that has
resulted
in clients’ employees discovering that their identity info has been
used for fraudulent returns, Greenshades want you to know that
they haven’t had a breach of their system.
Earlier this week, Karen Berkowitz reported
that District 113 employees in Chicago had also been
reporting fraudulent tax returns filed with their identity
information. The District uses Greenshades as its payroll services
provider.
“We have identified potentially suspicious activity relating to Greenshades’ tax portal,” Herrick said, in a statement read Monday at a school board meeting attended by angry and distraught employees.
Herrick said the school district has used Jacksonville, Fla.-based Greenshades to process employees’ W-2 tax forms for more than 10 years. The forms detail earnings and withholdings. The school district also recently used the firm to distribute 1095 tax forms.
The district does not yet know how many employees have been affected. As a precaution, employees’ access to the Greenshades tax portal has been blocked while the district continues its investigation.
But the owner of Greenshades told Berkowitz that
this was not a “data
breach” or “hack,” because the criminals used valid login
credentials:
“For this particular client (District 113), the credentials that were required were the SSN and DOB,” Kane said, referring to the employee’s social security number and date of birth. “Those credentials were chosen by the client.”
“What happened from our perspective is that we detected IP addresses from (geographic) areas that seemed suspicious, trying to make multiple log-ins, and we shut them down,” Kane said.
Well, that, indeed would be an incident of a
different color.
In a statement on their blog
on March 16, Greenshades writes:
The IRS is reporting an increase in fraudulent tax filings nationwide, and Greenshades is likewise seeing a marked increase in reports of fraudulent login attempts to some client GreenEmployee portals. There is no indication that any of the information used in these fraudulent login attempts is a result of a technical breach of the Greenshades network. Instead, it appears criminals with personal information obtained from other sources are attempting to log into some GreenEmployee portals.
Greenshades is taking various steps to help maintain the security of client and employee information. This includes proactively monitoring attempts to access the Greenshades network from suspicious IP addresses and requiring that all clients adhere with Greenshades’ recommended log in settings. In the past, Greenshades has allowed the employer to establish its own credentials for log in.
Would it have been proper to install the “bug”
on the neighbor's property?
I frequently mutter to myself when I read stories
out of the U.K. about councils snooping on recycling bins or dog
poop, but in New Zealand, it’s barking dogs. The editors of Stuff
explain that an Avonside resident found bugging equipment on her
property after a neighbor complained about her dogs barking months
earlier.
The Christchurch City Council has admitted placing bugging equipment without consent inside the Bennetts’ property, in an attempt to get a lead on their barking dogs, and has now apologised. The Bennetts – who hold “responsible dog owner” status with the council – have accepted the apology and are waiting to hear from their lawyer about whether to take legal action against the council for the breach of privacy.
So the council got busted, and apologized. But
they intend to keep monitoring – with the homeowner’s consent, it
seems. The council says
they’ll ignore any sounds or speech picked up. *cough*
So….would you permit that bugging device on your
property or tell them they are free to monitor noise from the street,
but not from your private property?
Read the editorial from Stuff here.
The FTC is saying that governments can't control
technology. Isn't that the opposite of the FBI's argument?
Gigabites:
Muni Broadband Takes a Backseat
Score one for the
incumbent ISPs. The state of Tennessee has killed
a bill that would have allowed municipal utility companies to
expand their broadband service offerings to new regions, pushing off
further debate until next year.
That's not the whole story, however. More than a
year ago, the Federal
Communications Commission (FCC) passed a ruling saying that
Tennessee and North
Carolina specifically are not allowed to prohibit muni broadband
expansion. That might have prevented Tennessee from
killing this year's bill, but the FCC is now locked in a court battle
with both states, which are suing the agency for allegedly
overstepping its authority. The oral arguments for the case against
the FCC were heard
this week in the United States Court of Appeals for the Sixth
Circuit, though it's not yet clear when the court plans to rule on
the lawsuit. (See FCC
Clears Way for Muni Network Expansion.)
And to add one further wrinkle, lawmakers in
Tennessee were treated to
an invitation this week by ISP incumbent Charter
Communications Inc. to record their own PSAs as part of Charter's
public affairs programming. Representative Kevin Brooks thought the
timing was suspect, seeing as how the state House had just done
Charter a favor, blocking the path of municipal competitors like
Chattanooga's municipally
owned (and Gigabit darling) EPB
Fiber Optics.
At least my students will find this interesting.
(What happened to the friend's wife?)
Hulk Hogan
verdict raises crucial privacy issues in the digital age
It's hard to think of a case with details more
spectacular: A videotape featuring wrestling star Hulk Hogan having
sex in a canopy bed with the young wife of a good friend — a guy
whose legal name is Bubba the Love Sponge Clem.
… "People are thinking a little bit more
about the concept of what is newsworthy, because what's changed is
the concept of who a public figure is," said Mary Anne Franks, a
professor at the University
of Miami School of Law and the legislative and tech policy
director of the nonprofit Cyber Civil Rights Initiative, which
advocates for privacy issues.
"Society can be contemptuous toward a
celebrity because they're a celebrity, and people think that a
celebrity can deal with this," Franks said. "But
nowadays you can be turned into a public figure because of a sex tape
that is released of you." [Does
it have to be a sex tape? Bob]
… But the Hulk Hogan verdict has emboldened
privacy advocates, who say that 1st Amendment rights don't trump an
individual's right to privacy — no matter how famous the person.
Unlike other celebrity-versus-media legal battles, the
issue here was privacy, not whether published material was defamatory
or false.
… After a photo or a video appears on the
Internet, the Web's cut-and-paste powers of regeneration make it
virtually impossible to take down — even if an individual is armed
with a pile of injunctions.
It's an issue that isn't just affecting
celebrities, but private citizens too, who have to contend with the
phenomenon of revenge porn.
"The term we prefer is 'nonconsensual
pornography,'" Franks said. "It's not about the
motives of the person who posted it. It's sexually explicit material
distributed without consent."
… Whether the amount or the verdict will stick
on appeal remains to be seen. But at a moment in which questions of
privacy are in the ether — from NSA surveillance to the FBI's
battle with Apple over its iPhone source code — attitudes
about what might appear to be a silly celebrity sex tape may be
shifting.
(Related) And there seems to be plenty of cases
to argue about.
Antonio Giansante Garcia, a 39 year old computer
professional, pled guilty today to providing accessibility of nude
and sexually explicit photos to his ex-girlfriend’s employer,
supervisors and fellow workers. The goal of such actions was to
embarrass the victim before her professional associates.
(Related) A different take on the same issue.
Fire the victim!
Seanna Adcox of AP reports that Leigh Anne Arthur,
the Union County, South Carolina teacher whose nude photos on her
cell phone were disseminated by a student to others, has now sued her
former employee. No, she doesn’t want her job back after being
forced to resign. She wants her dignity back, she says.
The case made headlines because there were
conflicting reports about whether students were routinely allowed to
use her cellphone and whether the nude photos had been in a separate,
and secured file in her phone. [Should
that make a difference? Bob] The student who accessed
the photos and disseminated them was arrested and is no longer
attending that school.
Read more of the AP’s report on NewsTimes.
Perspective. “Tip me, or I'll go all Terminator
on you!”
Domino’s
Pizza delivery robots on trial run in New Zealand
(Related) Coincidence or proof that the
technology is ready?
Future of
fast food? Carl’s Jr. CEO contemplates restaurants where diners
‘never see a person’
No comments:
Post a Comment