Saturday, December 03, 2016
I wondered about this yesterday. They were talking “attacks” but articles did not mention any successful penetrations. This may not be related to Russian claims that some nation-sponsored attack is pending. It is also (probably) not another Swift / Bangladesh type attack.
Hackers try to steal $45m from Russia’s central bank
Regulator buries disclosure in 70-page report on risks to financial system
Hackers attempted to steal Rbs2.87bn ($45m) from Russian central bank correspondent accounts earlier in 2016, the country’s regulator said on Friday.
The Bank of Russia managed to prevent the theft of Rbs1.67bn by freezing accounts it said the hackers had opened to siphon away the stolen money and by blocking correspondent accounts, the regulator said.
The disclosure was buried in a 70-page twice-yearly report on risks to the Russian financial system that the central bank released on Friday. The report did not say when the attempted theft took place or whether the remainder of the funds under threat had been stolen.
Were they unable to justify spending to prevent the breach? “If you don't have time (budget) to do it right, when will you have time (money) to do it over?” John Wooden
Marie Weidmayer reports:
MSU will spend an estimated $2.9 million on identity theft protection in the wake of the data breach that exposed university records of about 400,000 people.
According to a statement from MSU President Lou Anna K. Simon, MSU will provide credit monitoring and identity theft protection free of charge to everyone affected.
“We have a reserve fund that we have set aside that is used to pay deductibles for insurance claims and general liability claims and the money will come from that reserve fund,” university spokesperson Jason Cody said.
Read more on The State News.
Automating hacking. What. You thought hackers couldn’t use technology to make their jobs easier?
Press Trust of India reports:
It may take as little as six seconds for hackers to guess your credit or debit card number, expiry date and security code, say scientists who were able to circumvent all security features meant to protect online payments from fraud.
Exposing the flaws in the VISA payment system, researchers from Newcastle University in the UK, found neither the network nor the banks were able to detect attackers making multiple, invalid attempts to get payment card data.
By automatically and systematically generating different variations of the cards security data and firing it at multiple websites, within seconds hackers are able to get a ‘hit’ and verify all the necessary security data.
Read more on NDTV.
Check if you were hit by the massive 'Avalanche' cybercrime ring
The U.S. government has posted links for free scanning programs so companies and individuals can check their computers to make sure they weren't victims of a massive, international cyber criminal operation that was taken down Thursday after a four-year investigation.
… The U.S. Computer Emergency Readiness Team (US_CERT) has posted links to five scanners on its site. Europol has also posted a list of sites in multiple languages for potentially infected users. The malware only affects systems running the Microsoft Windows operating system, according to US-CERT.
The Department of Homeland Security’s National Cybersecurity and Communications Integration Center, which includes US-CERT, will be providing victim notification to stakeholders, including Internet Service Providers, DHS said in a statement.
We have the data, let’s SWAT these people!
Todd Heywood reports:
Lansing Mayor Virg Bernero’s proposal aimed at regulating homegrown marijuana raises legal concerns and may even be unconstitutional, critics say.
The ordinance the mayor has called for would require the city-owned Lansing Board of Water & Light to monitor customers’ monthly electrical usage and report those using more than 5,000 kilowatts a month to enforcement agencies.
Read more on Lansing CityPulse.
See? Trump is good for business!
After Trump’s Win, Secure Messaging App Signal’s Downloads Increase 400%
… “There has never been a single event that has resulted in this kind of sustained, day-over-day increase,” Moxie Marlinspike, the founder of Open Whisper Systems, the software nonprofit behind Signal, told BuzzFeed News. Marlinspike interpreted the jump as a reaction to Trump’s win, and anxiety over the future of US surveillance.
No Internet, no problem? That must be why old-fashioned print newspapers don’t see the harm.
Marcia Coyle reports:
The Detroit Free Press is asking the U.S. Supreme Court to reverse a court decision that restricts public access to the mug shots of federal criminal defendants.
Booking photos provide an “important window” into the government’s exercise of its police powers, the media outlet said in its petition in Detroit Free Press v. U.S. Department of Justice.
The U.S. Court of Appeals for the Sixth Circuit in July ruled that Congress intended to exempt mug shots from disclosure under the Freedom of Information Act because of “possible embarrassment and the existence of the internet.”
Read more on National Law Journal.
My Governance students have a hard time believing this.
Who's responsible for data compliance? 25% of executives don't know
… According to the 2016 State of Compliance survey conducted by data management and integration provider Liaison Technologies, one-quarter of top executives are unclear who in their organization is responsible for compliance. [They are. Bob] And nearly half (47 percent) of respondents to the survey of 479 senior and C-level executives said they don't know which compliance standards apply to their organizations. [Their lawyers do. Bob]
… See the infographic below to learn more about the state of compliance.
(Related) Maybe they should not be concerned?
Kevin M. McGinty of Mintz Levin writes:
An attempt to impose liability on corporate officers and directors for data breach-related losses has once again failed. On November 30, 2016, a federal judge in Atlanta issued a 30 page decision dismissing a shareholder derivative action arising out of the September 2014 theft of customer credit card data from point-of-sale terminals in Home Depot stores. The dismissal of the Home Depot derivative action follows earlier dismissals of derivative actions arising from data breaches perpetrated against Wyndham and Target.
Read more on National Law Review.
From an editorial in the Tampa Bay Times:
In a four-month investigation, Tampa TV station WTVT-Fox 13 found that the DHSMV sells private driver records in bulk to more than 75 companies, despite federal and state laws deeming the information confidential. The federal Driver Privacy Protection Act, passed in 1994, says state motor vehicle agencies cannot disclose personal information “without the express consent of the person to whom such information applies.” Florida passed its own law a few years later. Personal information is defined as photographs, Social Security numbers, driver identification numbers, names, addresses, phone numbers, and medical or disability information. There are exceptions for government agencies carrying out official functions, private investigators, research activities and statistical reports, and some private businesses as long as the information is only used for verification purposes. Bulk distribution of personal information for marketing or solicitation is permitted only with the individual’s express consent.
Fox 13 found that the DHSMV sells personal information about Florida’s 15.5 million licensed drivers and 18 million registered vehicles to private vendors, including two major data brokers. The state claims it vets the companies to ensure they are entitled to the information under one of the law’s exemptions — but that vetting is limited to checking that the companies have business registration in Florida, the department told Fox 13. What’s more, the state has no way to keep the information from being handed off or resold to third parties.
Read the full editorial on the Tampa Bay Times. Given that Florida is a veritable hotbed of identity theft, you’d think the state and legislature would be looking to crack down on the sale of personal information that can be used to support an identity theft scheme.
We were discussing this yesterday in my Software Architecture class. (By the way, they see voice commands (Siri, OK Google, Alexa, etc.) as the next wave of disruption.
Warding Off the Threat of Disruption
How quickly do companies need to respond to innovations that could upend their markets? In “Keep Calm and Manage Disruption,” an article in the spring 2016 issue of MIT Sloan Management Review, Joshua S. Gans argued that companies may have more time than is commonly believed.
… That advice didn’t satisfy at least one reader. Daniel Cohen, vice president of business operations and strategy at Adobe Systems Inc., a software company based in San Jose, California, wrote to explain why he thinks companies need to move swiftly to avert disruption before it affects their performance. What follows is Cohen’s perspective, Gans’ response — and an informative dialogue about the importance of monitoring disruption in markets related to one’s own.
Social Media as a targeting tool. Predator drones do not need to read the encrypted messages.
ISIS tells members to stay off messaging apps
The Islamic State in Iraq and Syria (ISIS) is encouraging its members to avoid using encrypted messaging apps like WhatsApp and Telegram out of fear that U.S.-led coalitions are using their data to locate and target commanders, according to Reuters.
… Al-Naba has also called for members to turn off their phones before entering ISIS bases.
"Switch off your phone after you finish your communication and beware of the greatest disobedience of all — switching it on when you are in one of the offices," it said. "As long as it has power, the phone is spying on you."
Will this allow Samsung to become “The First National Bank of the Exploding Smartphone?”
Regulator Will Start Issuing Bank Charters for Fintech Firms
Firms offering online loans, smartphone payments and other financial-technology products would get new flexibility to expand and further shake up the U.S. banking industry under a proposed new federal policy.
A top regulator said Friday that his agency would for the first time start granting banking licenses to “fintech” firms, giving them greater freedom to operate across the country without seeking state-by-state permission or joining with brick-and-mortar banks.
The move could open the door to more competition between the old and new financial firms, and provide a bigger opening for some large tech companies to consider new ways to offer digital payments or other services.
… Today, virtually all technology companies join with banks in some fashion to access the payment system or make loans.
With a charter, fintech upstarts could possibly move to become independent from banking partners.
How Much You Should Be Charging for Your Freelancing Gigs (Infographic)
… Accounting software Freshbooks surveyed 2,000 of its customers to come up with median rates for six industries.
Check out the company’s infographic below to make sure you’re charging what you’re worth.
For my Statistics class: How to be wrong with confidence!
How Much The Polls Missed By In Every State
… The national polls are ultimately going to be off by only about 2 percentage points, which is not out of the ordinary historically speaking. State polls however, missed by wider margins. In 41 of the 50 states, the average of the polls underestimated Donald Trump’s margin of victory. But they weren’t wrong by the same magnitude or in the same direction in every state.
Enough to make you a buyer?
$49 Windows tablets, $1,000 PC discounts, and 50% off Xbox games highlight Microsoft deals
This has become an “I hate Trump” rant. I’ll skip that part.
Hack Education Weekly News
… Via The Chronicle of Higher Education: “In a report released on Wednesday, the U.S. Government Accountability Office said the federal government would forgive at least $108 billion of student debt in the coming years, an amount higher than expected.” More via NPR and Inside Higher Ed. [Bad loans of taxpayer money? Bob]
… Colorado Heights University will close, according to The Chronicle of Higher Education, after losing recognition by its accreditor.
… Via PRI: “Job retraining classes are offered to Rust Belt workers, but many don’t want them.”
… Common Sense Media looks at education applications’ use of encryption. “Our findings indicate that a significant number of vendors do not provide even basic support for encryption. While 52 percent of the 1,221 login URLs we surveyed require encryption, 25 percent do not support encryption at all, and an additional 20 percent do not require an encrypted connection.”