Exclusive: SWIFT warns customers of multiple cyber fraud
cases
SWIFT, the global
financial network that banks use to transfer billions of dollars every day,
warned its customers on Monday that it was aware of "a number of recent
cyber incidents" where attackers had sent fraudulent messages over its
system.
… "SWIFT is aware
of a number of recent cyber incidents in which malicious insiders or external
attackers have managed to submit SWIFT messages from financial institutions'
back-offices, PCs or workstations connected to their local interface to the
SWIFT network," the group warned customers on Monday in a notice seen by
Reuters.
… SWIFT, or the Society for Worldwide Interbank Financial Telecommunication,
is a cooperative owned by 3,000 financial institutions.
… BAE said it
could not explain how the fraudulent orders were created and pushed through the
system.
But SWIFT provided some
evidence about how that happened in its note to customers, saying that in most
cases the modus operandi was similar.
It said the attackers
obtained valid credentials for operators authorized to create and approve SWIFT
messages, then submitted fraudulent messages by impersonating those people.
As I read this, the FBI intends to claim institutional ignorance. “We don’t have to share what we know because
we don’t know what we know.” Should be
amusing in any case where they need to show more than “It was a miracle!” in
court.
FBI won’t reveal method for cracking San Bernardino iPhone
The FBI intends to tell the White House this week that its
understanding of how a third party hacked the iPhone of a shooter in San
Bernardino, Calif., is so limited that there’s no point in undertaking a
government review of whether the tool should be shared with Apple, officials
said.
… Last month, the FBI paid more than
$1 million for a tool to crack an iPhone used by one of the shooters in
California. But the
contract did not include rights to the software flaws that went into
the tool, officials said.As a result, the bureau has a limited technical understanding of how the method worked, officials said.
… “The threshold is: Are we aware of the
vulnerability, or did we just buy a tool and don’t have sufficient knowledge of
the vulnerability that would implicate the process?” he said at a cyber
conference at Georgetown University.
(Related) Another reason not to share information with
Apple.
Apple says FBI gave it first vulnerability tip on April 14
The FBI informed Apple Inc
of a vulnerability in its iPhone and Mac software on April 14, the first time
it had told the company about a flaw in Apple products under a controversial
White House process for sharing such information, the company told Reuters on Tuesday.
The FBI told the company
that the disclosure resulted from the so-called Vulnerability Equities Process
for deciding what to do with information about security holes, Apple said.
The process, which has been
in place in its current form since 2014, is meant to balance law enforcement
and U.S. intelligence desires to hack into devices with the need to warn
manufacturers so that they can patch holes before criminals and other hackers
take advantage of them.
… The issue of how
U.S. government agencies decide to share information about vulnerabilities in
computer and telecom products has received renewed scrutiny since the FBI
announced last month that it had found a way to break into the iPhone of one of
the shooters in December's massacre in San Bernardino, California.
Reuters reported earlier this month that the FBI
believed it did not have legal ownership of the necessary information and
techniques for breaking into the iPhone so would not be able to bring it to the
White House for review under the equities process.
The day after that report,
the FBI offered information about the older vulnerabilities to Apple. The move may have been an effort to show that
it can and does use the White House process and disclose hacking methods when
it can.
Even banks have customers.
Why are they any different?
James Salmon reports that a new tool for small businesses
from Barclays Bank is raising privacy hackles.
The online service will enable
small companies – from corner shops to florists and local butchers – to track
the performance of similar businesses in their area.
Salmon reports that even though the data will supposedly
be anonymous – no individuals or individual firms are supposedly identifiable –
privacy advocates such as Privacy International find the service unacceptable:
Banks not only hold our money but
also vast quantities of our personal data. This gives them extraordinary insight, and
therefore power, into what we value and how we behave individually and as
compared to our peers.
‘Services such as SmartBusiness
demonstrate a growing trend of companies exploiting the vast amount of data
they collect on their customers. Such
exploitation is done without customers’ informed consent, and is unacceptable. The notion that any data, in particular
financial data, is anonymous is deceitful.
Read more on Daily Mail.
It’s no longer just idle flapping of your lips.
Gary Ridley reports:
State police officials are using
online surveillance to monitor social media comments made about the Flint water
crisis, according to emails released by Gov. Rick Snyder’s office.
The emails show that officials
attempted on at least one occasion to initiate criminal proceedings against a Copper
City man over allegedly threatening comments he made on Facebook about the
government’s handling of the crisis.
“It’s time for civil unrest. Burn down the Governor mansion, elimionate
(sic) the capitol where the legislators RE-INSTATED the emergency dictator law
after the PEOPLE voted it down, and tell the Mich (sic) State Police if they
use military force, we will return with same,” according to a state police
email about the Facebook post.
Read more on mLive.
There’s phishing, spear phishing and then there’s whaling.
Whaling emerges as major cybersecurity threat
A clever variant of phishing scams is proliferating among
enterprises, forcing CIOs to up their game even as they are still refining
their cybersecurity practices to contend with various zero-day attacks. Called whaling, the social engineering grift
typically involves a hacker masquerading as a senior executive asking an
employee to transfer money.
… Whaling is becoming a big
enough issue that it's landed on the radar of the Federal
Bureau of Investigation, which last week said that such scams have cost
companies more than $2.3 billion in losses over the past three years. The losses affect every U.S. state and in at
least 79 countries . The FBI said that
it has seen a 270 percent increase in identified victims and exposed losses
from CEO scams since January 2015. For
example, Mattel lost
$3 million in 2015 to one CEO fraud scam, while Snapchat
and Seagate Technologies also fell prey to similar schemes.
(Related) Some details.
Report says criminals are better communicators than IT
staffers
… Verizon,
in its just-released annual report of report of
cyber incidents, identifies phishing as the major problem. Of the over 65,200 incidents it gathered data
about, about 2,250 resulted in a breach, or confirmed disclosure of data to a
third party. (In Verizon's parlance, a
security 'incident' falls short of a breach.)
Should we tell them there is a
way bombs can home in on cash? (Or is
all this purely accidental?)
http://www.bbc.com/news/world-middle-east-36145301
Islamic State: Up to $800m of funds 'destroyed by strikes'
Maj Gen Peter Gersten, who is based in Baghdad, said the
US had repeatedly targeted stores of the group's funds.
The blow to the group's financing has contributed to a 90%
jump in defections and a drop in new arrivals, he said.
… In a
briefing to reporters, Maj Gen Gersten, the deputy commander for operations
and intelligence for the US-led operation against IS, said under 20 air strikes
targeting the group's stores of money had been conducted.
He did not specify how the US knew how much money had been
destroyed.
In one case, he said, an estimated $150m was destroyed at
a house in Mosul, Iraq.
A class we will have to teach soon.
http://sloanreview.mit.edu/article/blockchain-data-storage-may-soon-change-your-business-model/
Blockchain Data Storage May (Soon) Change Your Business Model
Blockchain is a data storage technology with implications
for business that extend well beyond its most popular application to date — the
virtual currency, Bitcoin. To be sure,
the financial industry is taking notice of how it might use blockchain. Even the U.S.
Federal Reserve is optimistic, and a consortium of 42 top banks recently
demonstrated a proof of concept, with Barclays, BMO Financial Group, Credit
Suisse, Commonwealth Bank of Australia, HSBC, Natixis, Royal Bank of Scotland,
TD Bank, UBS, UniCredit, and Wells Fargo trading
mock shares and money. These are
staid financial institutions, not breathless startups.
A most interesting resource!
Cybersecurity: Overview Reports and Links to Government,
News, and Related Resources
by Sabrina I. Pacifici on Apr 26, 2016
Via FAS, CRS report – Cybersecurity:
Overview Reports and Links to Government, News, and Related Resources, March
2, 2016 (R44405)
“Much is written on the topic of cybersecurity. This CRS report and those listed below direct the reader to authoritative sources
that address many of the most prominent issues. Included in the reports are resources and
studies from government agencies (federal, state, local, and international),
think tanks, academic institutions, news organizations, and other sources. This report is intended to serve as a starting
point for congressional staff assigned to cover cybersecurity issues. It includes annotated descriptions of reports,
websites, or external resources…”
If you could send an email from Hillary to Donald, what
would you say?
How Do
Scammers Spoof Your Email Address?
We’ve all had questionable emails from miscellaneous folk
begging for a wire transfer to Nigeria. Most of us can spot the signs fairly easily,
and know when to delete an email straight away. In fact, most of these just automatically go
into spam and are subsequently swept away by a solid email service.
But then we get emails from family and friends — or
sometimes from our own address! So
what’s all that about? Does this mean
you (or someone you know) have been compromised? Otherwise, how can scammers do that?
What happens if the kid’s arm isn’t long enough?
How to Keep Kids From Holding Phones Too Close to Their Eyes
… If your young
children use your phone, part of your phone’s
child-proofing process should include a new free Android app from Samsung called Samsung Safety Screen. The app is simple but important: it uses the
device’s front camera to detect if a face is too close to the screen.
Thankfully, you can password protect the app so kids don’t
just disable it and go on their merry way. You might find this app to be overkill, and it
won’t be battery-friendly since it needs to constantly access the camera, but
for those with young ones concerned about their screen time, it’s worth a shot.
An interesting question.
This is not supposed to work, so why did it?
Widening Highways Never Fixes Traffic. But Darnit, It Did in
Texas
In a true fairy tale of a
transportation project, Texas spent a measly $4.25 million widening a highway
and, in defiance of conventional wisdom among transportation planners, doubled
the speed of rush hour traffic on a notoriously congested highway in Dallas.
The Texas Department of Transportation repaved the
shoulders along both sides of a 6.3-mile stretch of State Highway 161 between
Dallas and Fort Worth in September. Then
it opened them up to traffic during the daily rush hour, keeping tow trucks on
standby in case someone breaks down. Based
on figures released this month, with the extra lanes in place, traffic “started
sailing,” The Dallas Morning News reported
this week.
It isn’t supposed to work that way. The rule of induced demand says widening
highways does not ease congestion, and often makes it worse.
Reading is good, even if it isn’t your textbook.
How to Find Free Unlimited Content for Your Kindle
… If you’re
looking for more things to read on your Kindle, have no fear. Here are all the websites, tools, and tips you
need to fill your e-reader with high-quality free content that will keep you
reading for hours without breaking the bank.
… More Articles on
Your Kindle
Just because a site doesn’t offer a Send to Kindle button
doesn’t mean you can’t get their articles on your e-reader. There are plenty of apps and extensions that
will let you send just about anything to
your Kindle (this is great for reading longform articles that might strain your eyes on a
backlit screen).
Push to Kindle, for example, has a browser extension that
lets you send anything you want with a click of a button.
Will my geeks start wandering the halls with cardboard
over their eyes?
How to Get Started With Virtual Reality for Under $30
… 2016 looks set to be the year that virtual
reality comes into its own, but looking at the most popular
devices on the market may discourage you due to the high
costs. That’s why we’re going to show you how to get started with
VR on the cheap using the Google Cardboard.
Want a techie job? Use techie
tools to get it.
Supercharge Your Next Job Interview with These 11 Free Tools
We’re trying to put teams together…
Hacking competitions that will get you noticed
From the Hack the Pentagon
announcement to the Facebook
Hacker Cup, there are loads of opportunities for those new to security to
either participate in educational hacking competitions or simply learn by
watching others compete. Michiel Prins,
co-founder, HackerOne, and Ryan Stortz, security researcher, Trail of Bits,
offered up a list of popular competitions and what they like most about some of
them. 
No comments:
Post a Comment