Manhunt After Millions Stolen in Hours-long Japan ATM Heist
Armed with fake credit card details from South Africa's
Standard Bank, the thieves hit 1,400 convenience store ATMs in a coordinated
attack earlier this month.
The international gang members, reportedly numbering
around 100 people, each made a series of withdrawals in less than three hours,
Japanese media said.
Their haul totaled 1.4 billion yen ($13 million),
according to the reports, with machines in Tokyo and Osaka among those
targeted.
It was not clear how the gang made off with the equivalent
of millions of dollars so quickly as the cash machines usually limit
withdrawals to 100,000 yen ($910) a day.
Japanese police declined to confirm the robbery, but
Standard Bank acknowledged the heist and put its losses at around $19 million.
… Similar
robberies have occurred in recent years, including a pair of heists totaling
about $45 million that saw a group of cyber thieves disable withdrawal limits
on ATMs around the world.
The machines were later raided by street associates who
used stolen security passcodes to harvest the loot.
This suggests that SWIFT was surprised to learn of earlier
attempts to enter bogus transactions.
SWIFT asks customers to help it end a string of bank frauds
The SWIFT network itself is still secure, it insisted in a letter to banks and financial institutions. However, some of
its customers have suffered security breaches in their own infrastructure,
allowing attackers to fraudulently authorize transactions and send them over
the SWIFT network, it said.
That's the best explanation so far for how authenticated
instructions were sent from Bangladesh Bank to the U.S. Federal Reserve Bank of
New York over the SWIFT network, ordering
the transfer of almost $1 billion. The Fed transferred around $101 million
of that before identifying an anomaly in one of the instructions. Only $20
million of that has so far been recovered.
… SWIFT wants its
customers to come forward with information about other fraudulent transfers
made using their SWIFT credentials, to help it build a picture of how the
attackers are working.
It's making more than a polite request: It reminded its
customers that they have an obligation to provide such information under the terms of their contract, and also to help SWIFT identify,
investigate and resolve problems, including by providing diagnostic information
following an incident.
… The current
security guidance is sorely in need of an update, according to Doug Gourlay,
corporate vice president of security software vendor Skyport Systems. He reviewed the guidance document issued on
March 18 and found it wanting. (SWIFT
updated the guidance document on April 29 to reflect changes in Alliance Access
7.1.15.)
"The document is a fairly comprehensive approach to
securing SWIFT against the types of attacks that were prevalent a decade
ago," Gourlay wrote in a May 13 blog post. But times have changed, he said, and
"their model does not seem to have adapted to the threat landscape we are
facing today."
Among his recommendations, he suggested limiting the
attack surface by allowing access to the Alliance Web platform only from secure
administrative workstations. Better yet,
he suggested, use virtual workstations, rebuilding them after each
administrative session to eliminate malware such as keyloggers.
He expressed shock that SWIFT recommended accessing the
Web platform using Internet Explorer, the last version of which was released in
2013, or Firefox, but made no mention of either Chrome or Microsoft Edge, the
browser included with Windows 10.
You learn things from analyzing your data (or data you
grab from your customer’s phone) that allows you to do things like this.
Uber riders are more likely to pay surge pricing when their
phones are dying
With the advent of smartphones also came the feeling of
panic whenever your phone battery is this close to dying. Uber knows this very well, because that
context provided the company with an interesting bit of
insight about human psychology.
Uber’s app asks for all sorts of permissions, such as for
access to your camera, contacts, location, and battery life. It is this last permission that Uber head of
economic research Keith Chen talks about during his guest appearance on NPR’s The Hidden Brain podcast, in which he stated that
the ride-sharing service keeps tabs on battery life in order to know when to go
into energy-conservation mode. By
keeping tabs on your phone’s battery life, however, Uber learned that riders
are more likely to pay surge pricing — pricing that takes busier times into
account — if their phones are on the verge of dying.
For my App developers…
Skype For Business SDK Available For Download: Developers Can
Now Integrate The Messaging Platform Into Their Apps
And they share their tool!
Online tracking: A 1-million-site measurement and analysis
is the largest and most detailed measurement of online
tracking to date. We measure stateful (cookie-based) and stateless
(fingerprinting-based) tracking, the effect of browser privacy tools, and
"cookie syncing".
This measurement is made possible by our web measurement
tool OpenWPM, a mature platform
that enables fully automated web crawls using a full-fledged and instrumented
browser.
Articles like this amuse me greatly.
What Chaos Theory Tell Us About e-Discovery and the Projected
‘Information → Knowledge → Wisdom’ Transition
… A key leader in
the Chaos Theory field is the late great French mathematician, Benoit
Mandelbrot (1924-2010). Benoit, a math
genius who never learned the alphabet,
spent most of his adult life employed by IBM.
He discovered and named the natural phenomena of fractals. He discovered that there is a hidden order to
any complex, seemingly chaotic system, including
economics and the price of cotton. He also learned that this order was not causal and
could not be predicted.
No comments:
Post a Comment