Monday, May 23, 2016
Willie Sutton robbed banks because, “That’s where the money is.” ATM are small change in comparison, but if you can hit 1400 at once…
Manhunt After Millions Stolen in Hours-long Japan ATM Heist
Armed with fake credit card details from South Africa's Standard Bank, the thieves hit 1,400 convenience store ATMs in a coordinated attack earlier this month.
The international gang members, reportedly numbering around 100 people, each made a series of withdrawals in less than three hours, Japanese media said.
Their haul totaled 1.4 billion yen ($13 million), according to the reports, with machines in Tokyo and Osaka among those targeted.
It was not clear how the gang made off with the equivalent of millions of dollars so quickly as the cash machines usually limit withdrawals to 100,000 yen ($910) a day.
Japanese police declined to confirm the robbery, but Standard Bank acknowledged the heist and put its losses at around $19 million.
… Similar robberies have occurred in recent years, including a pair of heists totaling about $45 million that saw a group of cyber thieves disable withdrawal limits on ATMs around the world.
The machines were later raided by street associates who used stolen security passcodes to harvest the loot.
This suggests that SWIFT was surprised to learn of earlier attempts to enter bogus transactions.
SWIFT asks customers to help it end a string of bank frauds
The SWIFT network itself is still secure, it insisted in a letter to banks and financial institutions. However, some of its customers have suffered security breaches in their own infrastructure, allowing attackers to fraudulently authorize transactions and send them over the SWIFT network, it said.
That's the best explanation so far for how authenticated instructions were sent from Bangladesh Bank to the U.S. Federal Reserve Bank of New York over the SWIFT network, ordering the transfer of almost $1 billion. The Fed transferred around $101 million of that before identifying an anomaly in one of the instructions. Only $20 million of that has so far been recovered.
… SWIFT wants its customers to come forward with information about other fraudulent transfers made using their SWIFT credentials, to help it build a picture of how the attackers are working.
It's making more than a polite request: It reminded its customers that they have an obligation to provide such information under the terms of their contract, and also to help SWIFT identify, investigate and resolve problems, including by providing diagnostic information following an incident.
… The current security guidance is sorely in need of an update, according to Doug Gourlay, corporate vice president of security software vendor Skyport Systems. He reviewed the guidance document issued on March 18 and found it wanting. (SWIFT updated the guidance document on April 29 to reflect changes in Alliance Access 7.1.15.)
"The document is a fairly comprehensive approach to securing SWIFT against the types of attacks that were prevalent a decade ago," Gourlay wrote in a May 13 blog post. But times have changed, he said, and "their model does not seem to have adapted to the threat landscape we are facing today."
Among his recommendations, he suggested limiting the attack surface by allowing access to the Alliance Web platform only from secure administrative workstations. Better yet, he suggested, use virtual workstations, rebuilding them after each administrative session to eliminate malware such as keyloggers.
He expressed shock that SWIFT recommended accessing the Web platform using Internet Explorer, the last version of which was released in 2013, or Firefox, but made no mention of either Chrome or Microsoft Edge, the browser included with Windows 10.
You learn things from analyzing your data (or data you grab from your customer’s phone) that allows you to do things like this.
Uber riders are more likely to pay surge pricing when their phones are dying
With the advent of smartphones also came the feeling of panic whenever your phone battery is this close to dying. Uber knows this very well, because that context provided the company with an interesting bit of insight about human psychology.
Uber’s app asks for all sorts of permissions, such as for access to your camera, contacts, location, and battery life. It is this last permission that Uber head of economic research Keith Chen talks about during his guest appearance on NPR’s The Hidden Brain podcast, in which he stated that the ride-sharing service keeps tabs on battery life in order to know when to go into energy-conservation mode. By keeping tabs on your phone’s battery life, however, Uber learned that riders are more likely to pay surge pricing — pricing that takes busier times into account — if their phones are on the verge of dying.
For my App developers…
Skype For Business SDK Available For Download: Developers Can Now Integrate The Messaging Platform Into Their Apps
And they share their tool!
Online tracking: A 1-million-site measurement and analysis
is the largest and most detailed measurement of online tracking to date. We measure stateful (cookie-based) and stateless (fingerprinting-based) tracking, the effect of browser privacy tools, and "cookie syncing".
This measurement is made possible by our web measurement tool OpenWPM, a mature platform that enables fully automated web crawls using a full-fledged and instrumented browser.
Articles like this amuse me greatly.
What Chaos Theory Tell Us About e-Discovery and the Projected ‘Information → Knowledge → Wisdom’ Transition
… A key leader in the Chaos Theory field is the late great French mathematician, Benoit Mandelbrot (1924-2010). Benoit, a math genius who never learned the alphabet, spent most of his adult life employed by IBM. He discovered and named the natural phenomena of fractals. He discovered that there is a hidden order to any complex, seemingly chaotic system, including economics and the price of cotton. He also learned that this order was not causal and could not be predicted.