Wednesday, May 25, 2016

Failure to secure the organization can be costly. (Something to share with your CEO?)
Austrian Firm Fires CEO After $56-million Cyber Scam
Austrian aircraft parts maker FACC said Wednesday that it has fired its chief executive of 17 years after cyber criminals stole some 50 million euros ($55.7 million) in a so-called "fake president" scam.
FACC, whose customers include Airbus, Boeing and Rolls-Royce, said that the its supervisory board sacked Walter Stephan with immediate effect after he "severely violated his duties".
Press reports said that in January a FACC employee wired around 50 million euros, equivalent to almost 10 percent of annual revenues, after receiving emailed instructions from someone posing as Stephan.
   The company said Wednesday that the scam, also known as "bogus boss" or "CEO fraud" and increasingly popular with sophisticated organized criminals, cost it 41.9 million euros in its 2015/16 business year.
It has managed to claw back 10.9 million euros, it said, but still posted a pretax loss of 23.4 million euros.  In February the company also sacked its finance chief because of the slip-up.
There was no suggestion that either executive was involved in the scam.

(Related) The latest Class Action fad?
So here’s another case where employees are suing their employer after their W-2 data was phished.  I wonder how many more lawsuits like this we may see, keeping in mind that I’ve listed over 120 entities whose employees had their W-2 data phished. 
Joe Robertson reports:
A Rockhurst University employee hopes to represent some 1,200 school staffers in seeking damages for a data breach last month.
Someone duped university staff into supplying information on IRS W-2 forms, including Social Security numbers, in an act of fraud April 4.
The lawsuit filed Thursday in Jackson County Circuit Court by Alexandria Stobbe said the university was willful and reckless in exposing the personal information in “flagrant disregard” for the employees’ rights to privacy and property.
Read more on Kansas City Star.


Could these be the guys who hit Japanese ATMs?
On 18 May 2016, the French Gendarmerie of Pau[1], in close cooperation with the Investigative Unit of the Italian State Police of Imperia[2] and Europol, disrupted an international criminal group responsible for large-scale ATM skimming and money laundering.  Composed mainly of French-Italian nationals, the criminal network used sophisticated ATM skimming devices which allowed them to compromise ATMs and perform fraudulent withdrawals outside the EU.  Estimated losses incurred by the criminals’ activities amount to more than half a million euros.
This operation resulted in multiple house searches and the final arrest of nine individuals in France. Micro camera bars, card readers, magnetic strip readers and writers, computers, phones and flash drives, two hand guns, five vehicles, as well as thousands of plastic cards ready to be encoded, were seized in several locations between France and Italy as part of this operation.
The primary modus operandi of the criminals was to harvest financial data from ATMs in different areas of France.  The compromised card data, which was used to create fake payment cards, was stored on a cloud server managed by the members of the criminal organisation.  These fake cards were used to withdraw large amounts of cash from ATMs outside the European Union (Asia and the US).
Europol’s European Cybercrime Centre (EC3) initiated the case early this year and supported the involved law enforcement authorities in their efforts to identify the suspects.  Operational meetings were held at Europol’s headquarters in The Hague and EC3 provided analytical and forensic support throughout the investigation including the deployment of a mobile office and a forensic expert during the final action day to assist the French authorities.
In addition, Europol’s information and analysis systems were used to exchange and cross-check intelligence received from EU Member States and non-EU countries with which Europol has operational agreements.
[1] Section de Recherches de Pau.
[2] Squadra Mobile della Questura di Imperia.
SOURCE: Europol


This should make future clashes interesting.  (Something for my Computer Security classes)
Bad News, FBI: Apple Hires Security Pro Jon Callas
If the FBI was hoping Apple CEO Tim Cook was all talk when he said his company is digging in its heels to protect user privacy, it's time to put on the disappointed face because Jon Callas is back on the payroll.  His credentials in the security and privacy world make him a strong asset for Apple—just as he was when he previously worked for the company—and should have the FBI very worried about how far it'll be able to hack into future iPhones and Macs.
Mr. Callas rejoined Apple in May, according to Reuters, although the company isn't saying which projects he'll be working on.  Considering his history and skills, it's a safe bet it'll be security and encryption-related.
This isn't the first security related hire for Apple since its standoff with the FBI. George Stathakopoulos joined the company in March and is tasked with protecting customer and corporate data, and it's a safe bet other experts have come on board to help shore up iOS and OS X security.


Should law enforcement be banned from using public information that any teenager can access, or is it the tool that makes it simple that causes concern?  Can I get a copy for my students?
Joe Cadillic is working on a series of posts.  I was going to wait to post the whole series, but I’ve decided to go ahead and post something about the first one now, because I don’t think the topic’s gotten enough attention.
Joe writes:
Thanks to Purdue University and Homeland Security, police can now access public CCTV cameras anywhere.
Purdue researchers have developed a prototype system called ‘Visual Analytics for Command, Control and Interoperability Environments‘ (VACCINE) which allows law enforcement to tap into thousands of CCTV cameras.  This means police can spy on you in parking garages, college campuses, national parks, highways etc., no place is safe from Big Brother.
VACCINE allows police to spy on millions of images of citizens daily.
Read more of Part 1 on MassPrivateI.


A new legal specialty? 
Tech woes stymie jury in Oracle case aginst Google
As if the jury deciding the Oracle v. Google trial didn't have enough on its plate already.
Deliberations were interrupted Tuesday when the 10-member panel ran into technical problems trying to review evidence from the case given to them on a PC.

The jurors apparently wanted to look at some of the source code for Google’s Android OS and couldn’t get the large files to open.
“You lawyers should not have done this to the jury; you should have tested it out yourselves,” an irritated Judge William Alsup told lawyers for the two sides, who huddled with the court’s IT specialist to try to figure out the problem.


I should understand this and I don’t.  Shame on me.
How Blockchain Technology Will Disrupt Financial Services Firms
   “Silicon Valley is coming,” JPMorgan Chase CEO Jamie Dimon warned in his annual letter to shareholders.  He said startups are coming for Wall Street, innovating and creating efficiency in areas that are important to companies such as JPMorgan, particularly in the lending and payments space.


A “recommendation” from the folks who fund your campaign.
Tech companies warn senators not to 'weaken' email privacy bill
The letter from nearly 70 prominent tech companies and advocates urges the Senate to approve the "carefully negotiated compromise" immediately and without any amendments to "weaken" the legislation. 
   Tuesday's letter was signed by Adobe, Amazon, Apple, Cisco, Dropbox, Facebook, Google, IBM, Intel, Microsoft, Snapchat, Twitter, Yahoo and dozens of others. 


Perspective. Will this market fragment with each car manufacturer partnering with a different ride-sharing company?  Let’s hope they can talk to each other. 
VW invests $300M in Uber rival Gett in new ride-sharing partnership

(Related)
Toyota-Uber Places Automakers in Rival Ride-Sharing Alliances


For my App developers.
Apple Smart Speaker Coming Soon As Siri SDK Will Be Available To Developers: Amazon Echo In The Crosshairs?
   “After years of internal debate and discussion about how to do so, the company is preparing to open up Siri to apps made by others,” reads the report. “And it is working on an Amazon Echo-like device with a speaker and microphone that people can use to turn on music, get news headlines or set a timer.”
The report says that a Siri software development kit is the company’s “more immediate step.” The said SDK will be made available to developers who wish their apps to be more accessible via the company’s voice assistant. In the meantime, the Amazon Echo’s competitor seems to be Apple’s more long-term project.
The Siri SDK is believed to be rolled out this coming June, during the company’s yearly WWDC conference.


Resources for my students.
Open-access index delists thousands of journals
by Sabrina I. Pacifici on
Baker, M. (2016). Open-access index delists thousands of journals Nature DOI: 10.1038/nature. Van Noorden, R. (2014).  Open-access website gets tough  Nature, 512 (7512), 17-17 DOI: 10.1038/512017a Morrison, Heather, 2014-03, “Dramatic Growth of Open Access”, http://hdl.handle.net/10864/10660 Morrison, Heather; V11.
“A leading index of open-access journals is set to shrink by more than one-quarter after delisting around 3,300 titles as part of an effort to exclude questionable and inactive publishers.  The Directory of Open Access Journals (DOAJ), which at the beginning of the year listed more than 11,000 open-access academic journals, announced two years ago that it would be tightening its standards for inclusion.  It asked every journal in its index to provide more details about their operations so it could ensure that they adhere to basic publishing standards.”


It’s that time of year again.  OR people only read in the summer?
Thousands of Free eBooks for Summer Reading

(Related)
35 Classic Novels You Can Read for Free on Your Kindle


Anything to get rid of my students.
iHire for employers and job seekers
by Sabrina I. Pacifici on
“Rapid technological advancements and emerging means of connecting, communicating, and distributing information have forever changed the way people search for employment and the way employers find top talent.  Founded in 1999, iHire has been in the thick of this digital job- and talent-search revolution since the search first went “online.”  At iHire, we recognized from the start that niche communities, or websites dedicated to specific professions, are the catalyst for networking among qualified professionals and employers who require their exact skill set.  Our communities accelerate our job seekers’ and employers’ abilities to reach their employment goals by reducing noise and focusing their searches in an industry-specific environment. For employers, we provide straightforward hiring tools to help fill open positions quickly and cost effectively.  We understand that successful recruiting isn’t about a lot of resumes; it’s about the right resumes.  That’s why we offer a niche-centric community of candidates and a fast, affordable way to reach them…”

No comments: