Did New York Fed Miss Red Flags in $81 Million Bangladesh
Bank Theft?
The blame game over who should be held responsible for the
bank thefts via SWIFT continues. Ecuador's Banco del Austro (BDA) has already
launched action against Wells Fargo for releasing
$12 million to accounts largely in Hong Kong, claiming it failed to respond
to red flags in the transactions. Bangladeshi
officials have blamed both SWIFT (for not ensuring that a new SWIFT system at
the bank was secure) and the New York Federal Reserve Bank (for ignoring red
flags in the transactions) for its own loss
of $81 million.
… Now a new report
from Reuters suggests that the Bangladesh Central Bank may have a point. The New York Fed received a total of 35
fraudulent transfer requests. It blocked
all of them. "On the day of the
theft in February, the New York Fed initially rejected 35 requests to transfer
funds to various overseas accounts, a New York Fed official and a senior
Bangladesh Bank official told Reuters."
The requests were incorrectly formatted and omitted the
names of the receiving banks. Later the
same day the hackers at the Bangladesh bank resubmitted all 35 transfer
requests. This time they were correctly
formatted - but the New York Fed still blocked 30 of them. Five were approved for a total of $101 million
dollars. One of these was subsequently
reversed because of a spelling error; but the remaining four went through and
resulted in the $81 million loss.
However, what Reuters describes as 'a source close to the
bank' still has concerns. The four
approved transfers contained anomalies that should have raised flags. "They were paid to individual recipients,
a rarity for Bangladesh's central bank, and the false names on the four
approved withdrawals also appeared on some of the 30 resubmitted requests
rejected by the bank," reports Reuters.
In a commercial environment, the Board of Directors would
have fired lots of senior managers and had this under control in a couple of
months. Congress is still trying to
figure out what happened because they know HHS is lying to them.
King & Spalding write:
On May 25, 2016, the House Energy
and Commerce Subcommittee on Health held a hearing to examine the Department of
Health and Human Services’ (“HHS”) cybersecurity responsibilities. The hearing focused on legislation that would
create a new office within HHS, the Office of the Chief Information Security
Officer (“CISO”), consolidating information security within a single office at
the agency.
The HHS Data Protection Act (H.R.
5068) was introduced by Representatives Billy Long (R-MO) and Doris Matsui
(D-CA) on April 26. The legislation
would implement one of the key recommendations of an August 2015 report issued
by the Energy and Commerce Subcommittee on Oversight and Investigations. The report was the result of a year-long investigation focused on
an October 2013 breach at the Food and Drug Administration (“FDA”), and was
expanded to include information regarding security incidents at other HHS
divisions. Among the findings in the
report was that the current organizational structure was at least partially
responsible for information security incidents throughout HHS.
Read more on JDSupra.
And speaking of HHS responsibilities, this blogger (still)
can’t see where an HHS Office of Child Support Enforcement incident
reported
months ago has been added to HHS’s public breach tool. Was this reported for inclusion in the breach
tool? If not, why not? Was it the case that HHS did a risk assessment
and determined that it didn’t need to be reported? Even Congress appears to have had trouble
getting some straight answers from HHS when they tried to investigate. One of their
questions was why
HHS didn’t notify Congress within the one week period required
by FISMA and why it took two months for HHS to notify Congress. In response:
An HHS spokeswoman said Tuesday that the agency complied with
legal reporting requirements and notified
Congress within a week after it believed a major incident may have
occurred.
Something my Computer Security students need to read.
9 reasons why your security awareness program sucks
(Related) Also something for my Architecture
students. A department dedicated to
looking at start-ups?
J.P. Morgan’s CIO on the bank’s security game plan
… Question: How does J.P.
Morgan think about fintech?
Deasy: We are actively scanning most fintechs. We will evaluate a fintech and say we’re
already building what they’re doing and what we’re building will be better. Or we’ll look at something that is being built
and decide it’s a great partnering opportunity. And in some cases we may not only partner, we
may become an investor.
This is the kind of nonsense that happens when they keep
all their records on paper! And they
seem to suggest they have to do this one staffer at a time?
http://thehill.com/policy/technology/282434-state-dept-would-need-75-years-to-compile-clinton-emails
State Dept. would need 75 years to compile Clinton emails
The State Department said it would take 75 years for the
release of emails from top aides to Hillary
Clinton while she was serving as secretary of State.
Lawyers said it would take that long to compile the
450,000 pages of records from former Clinton aides Cheryl Mills, Jacob Sullivan
and Patrick Kennedy, according to a court filing from last week, which was
first reported by CNN.
"Given the Department's current [Freedom of
Information Act] (FOIA) workload and the complexity of these documents, it can process about 500 pages a month,
meaning it would take approximately 16-and-2/3 years to complete the review of
the Mills documents, 33-and-1/3 years to finish the review of the Sullivan
documents, and 25 years to wrap up the review of the Kennedy documents -- or 75
years in total," the State Department said in the filing.
In March, the Republican National Committee (RNC) filed a pair of lawsuits
requesting the release of emails and records from Clinton and her top aides
during and after her time at the State Department.
All of my students have Office 365 through the
University. This may be useful.
Microsoft Planner ready for showtime
Today marks the general availability of Microsoft Planner.
Over the next several weeks, Planner
will roll out to all eligible Office 365 customers worldwide. This includes Office 365 Enterprise E1–E5,
Business Essentials, Premium and
Education subscription plans.
All users with eligible subscription plans will
automatically see the Planner tile appear in the Office 365 app launcher when
it is available for them to use. No
specific action by Office 365 admins is needed.
The addition of Planner
to the Office 365 lineup introduces a new and improved way for businesses,
schools and organizations to structure teamwork easily and get more done. With Planner, teams can create new plans;
organize, assign and collaborate on tasks; set due dates; update statuses and
share files, while visual dashboards and email notifications keep everyone
informed on progress.
“Alexa, grade these papers for me!”
How to Test Drive the Amazon Echo in a Browser
… If you don’t
know anyone who owns an Echo, you can take Alexa for a spin by trying a new
online demo of the service. At Echosim.io,
you can use Alexa on the web — not a perfect emulation, but a pretty good copy
of the virtual assistant.
Just sign in with your Amazon account and
agree to let the site use your microphone, and you’ll be able to press and hold
a button to chat with Alexa.
No comments:
Post a Comment