Sugata Ghosh & Sangita Mehta report:
Indian banks are waking
up to a new kind of cyber attack. Hackers recently infiltrated the systems of
three government-owned banks -two head headquartered in Mumbai and one in
Kolkata -to create fake trade documents that may have been used to raise
finance abroad or facilitate dealings in banned items.
The banks in question discovered
that their SWIFT systems -the global financial messaging service banks use to
move millions of dollars and documents across borders every day -have been
compromised to create fake documents.
Read more on ET
Tech.
[From the
article:
“It's possible that some banks may not be aware that an
outsider has crawled into the system. Since there is no immediate loss of money,
a bank may take a long time to sense that its SWIFT system has been hacked and
misused,“ said a cyber
security professional.
Since June 2016, SWIFT systems of four Indian banks have
been targeted. In the first case (involving
another Mumbai-based public sector bank), the bank had a narrow escape after a
large American bank to which hackers had tried to transfer funds suspected that
something was amiss.
If the hackers had their way, the local lender would have
lost $150 million about twice the size of the hit taken by the Bangladesh
central bank whose chief stepped down after the cyber heist a year ago.
(Related). And timely!
For my Governance students.
When an organization fails because of executive
malfeasance, it generates a lot of attention. But such situations are actually relatively
rare. It’s much more common, though less talked about, for organizations to
fail because of ungoverned incompetence. That is, someone does the wrong thing while
trying to do the right thing, and organizational systems fail to catch it and
contain it.
For the Computer Security part of my Data Management class. How do you secure your data against rogue
employees?
Jessica Sier reports:
Online fashion house Showpo is
suing one of its former graphic designers and fledgling online retailer Black
Swallow for reputational damage and loss of sales alleging the woman stole the
entire customer database and passed it on to her new employer.
In documents filed with the
Federal Court, Showpo claims 24-year-old Melissa Aroutunian exported its
306,000-strong customer database before she left the company in September last
year and passed it on to Black Swallow, which it claims then used the list to
market itself as an affiliate of Showpo, using similar branding.
Read more on The
Age.
The solution is simple: turn your hand around and lower
the index finger.
It seems that now we can’t even make a non-obscene gesture
like flashing the “peace” sign without risk of having our biometric information
surveilled and captured.
Phys.org reports:
Fingerprint recognition
technology is becoming widely available to verify identities, such as when
logging on to smartphones, tablets and laptop computers.
Bu the proliferation of mobile
devices with high-quality cameras and social media sites where photographs can
be easily posted is raising the risk of personal information being leaked,
reports said.
The NII researchers were able to
copy fingerprints based on photos taken by a digital camera three metres (nine
feet) away from the subject.
Read more on Phys.org.
I think we’re doing much the same thing with our Computer
Science and IT classes.
Law School Case Study: UC-Hastings’ Startup Legal Garage
by Sabrina
I. Pacifici on Jan 15, 2017
“In Thomson Reuters’ examination of methods that modern
law schools can use to help enable their students to become
more “practice ready,” we identified four law schools already integrating
practice-ready skills into their curriculums. In the following series of case studies, we
explore how those schools are shaping law students and law firms.”
Speaking of law firms and security… (We’ll ignore Hillary Clinton for the moment.)
A New Focus on Law Firm Cybersecurity
by Sabrina
I. Pacifici on Jan 15, 2017
A New Focus on Law Firm Cybersecurity – Daniel Garrie January 11, 2017.
“Law firms have long held a hallowed position in the
corporate world, as the
preeminent keeper of confidences. But the frequency with which law firms are
falling victim to data breaches and hacks should leave clients questioning
their firm’s data security. Due to their
trusted position in the business world, law firms have become a prime target
for cyber criminals, and without adequate data security confidential client
information can fall into the hands of a wide variety of bad actors.
Consider the following hypothetical about a top global
firm. It has attorneys working with
companies and individuals in virtually every industry in the world. These attorneys are privy to a wide variety of
highly sensitive and confidential financial information — information that
would be of great value to cyber-criminals. A senior mergers and acquisitions partner
chose to use his smartphone for both work and personal use. As a senior partner, no one was willing to
require the need to segregate data and users. The senior partner regularly let his son use
the smartphone to surf the Internet and download games. One day, the son downloads a game which has
malware code attached to it. The malware
infiltrated the firm’s email server. This
silent intrusion allowed a cyber-criminal to monitor all emails in the senior
partner’s practice group. The
cyber-criminal was able to access confidential financial information, which
allowed him to engage in insider trading, making millions of dollars off of the
information, and causing serious harm to the firm’s client by driving up the
price of the stock. While the above
hypothetical may seem like a doomsday scenario, it can happen, as revealed in a
recent indictment in the Southern District of New York. The indictment alleged that three criminals
gained access to a top law firm’s email server through undisclosed means. On multiple occasions, these criminals were
able to gain confidential inside information about pending M&A deals. The criminals were then able to trade on that
information, making more than $4 million before being caught. The criminals were charged with insider
trading, wire fraud, and violations of the Computer Fraud and Abuse Act. While the facts are little known for how the
criminals in the above case broke into the firm’s mail servers, it’s likely
that the criminals exploited a lawyer with access to the email server — a much
easier pathway — rather than attacking the system directly.”
Tools and Techniques for my Computer Forensics
students.
Cartapping: How Feds Have Spied On Connected Cars For 15
Years
The rapid spread of connected devices that can listen and
locate has been a boon for law enforcement. Any new technology hooked up to the web has
the potential to become a surveillance device, even if it's original purpose
was benign, as shown in a 2016 Arkansas murder investigation where Amazon was asked to hand over audio from a suspect's Echo.
But such information and much more, I've learned, has long
been retrievable from cars. Indeed,
court documents reveal a 15-year history of what's been dubbed
"cartapping," where almost real-time audio and location data can be
retrieved when cops order vehicle tech providers to hand it over.
We’re not talking Computer Security here, we’re talking
Marketing.
How to make sure the future connected car is secure
Often dubbed a “data center on wheels,” the connected car
is one of the fastest-growing markets in the ecosystem that makes up the
Internet of Things (IoT). The
convergence of IoT and in-vehicle technologies, like remote diagnostics,
on-board GPS, collision avoidance systems, and 4G LTE Wi-Fi hotspots, has paved
the road for new and exciting opportunities in this industry. In fact, the connected car market is expected
to reach $155 billion by 2022, while 75 percent of the estimated 92 million cars shipped
globally in 2020 will be built with internet connectivity.
As the market grows, the biggest
opportunity for profit comes from the ongoing services that can be
offered and the ongoing revenue that subscriptions to these services can
create. Although this is where the value
lies, many consumers who purchase connected cars have been hesitant to “turn
on” their connected services. Recent
statistics tell the story. A 2016 Spireon survey showed that consumers are interested in
connected cars (especially those with safety features), but 54 percent said
they have not actually used connected car features.
My students reached the same conclusion.
How Electric Vehicles Could End Car Ownership as We Know It
… in the past few
years, with the convergence of better battery technology, lighter materials and
smaller, more powerful electric motors, entirely new kinds of transportation
have bloomed. The electric powertrain,
unlike that of the internal combustion engine, scales smoothly from tiny to
huge, powering everything from 10-pound electric skateboards to 20-ton electric
buses.
This Cambrian explosion of new vehicles enables two other
revolutions: self-driving technology, and the shift from vehicle ownership to
transportation as a service.
Best Practices often come from a careful examination of
Bad Practices.
DOJ Announces Findings of Investigation into Chicago Police
Department
by Sabrina
I. Pacifici on Jan 15, 2017
“The Justice Department announced…that it has found
reasonable cause to believe that the Chicago Police Department (CPD) engages in
a pattern or practice of using force, including deadly force, in violation of
the Fourth Amendment of the Constitution. The department found that CPD officers’ practices unnecessarily endanger themselves
and result in unnecessary and avoidable uses of force. The pattern or practice results from systemic
deficiencies in training and accountability, including the failure to train
officers in de-escalation and the failure to conduct meaningful investigations
of uses of force. The city of Chicago
and the Justice Department have signed an agreement in principle to work
together, with community input, to create a federal court-enforceable consent
decree addressing the deficiencies found during the investigation.”
Chicago Police Department
Findings
Chicago Agreement in Principle
Chicago Police Department Findings Fact Sheet
Pattern or Practice Accomplishments Document
Chicago Agreement in Principle
Chicago Police Department Findings Fact Sheet
Pattern or Practice Accomplishments Document
Interesting because Judge Lamberth has been known to point
out ‘bad lawyering’ in rather scathing language. I can’t wait!
No comments:
Post a Comment