Now It’s Three: Ecuador Bank Hacked via Swift
A little-noticed lawsuit details a hacking attack similar
to one that stole $81 million from Bangladesh’s central bank, saying
cybercriminals stole about $9 million last year from a bank in Ecuador. The case suggests global bankers haven’t been
sharing critical information to prevent such heists.
… In the January
2015 Ecuador hack, as with the Bangladesh case, hackers managed to get the
bank’s codes for using Swift, the global bank messaging service, to procure
funds from another bank, according to court papers.
A spokeswoman for Swift said Thursday that the network was
never told of the earlier hack. “We need
to be informed by customers of such frauds if they relate to our products and
services, so that we can inform and support the wider community,” said
spokeswoman Natasha de Teran. “We have
been in touch with the bank concerned to get more information and are reminding
customers of their obligations to share such information with us.’’
The Ecuadorean bank, Banco del Austro, filed a lawsuit in
New York federal court this year, accusing
Wells Fargo & Co. of failing to notice “red flags” in a dozen
January 2015 transactions and to stop them before the thieves transferred about
$12 million, most of it to banks in Hong Kong.
… According to
that filing on behalf of Banco del Austro, or BDA, “For each of the
unauthorized transfers, an unauthorized user, using the Internet, hacked into
BDA’s computer system after hours using malware that allowed remote access,
logged onto the Swift network purporting to be BDA, and redirected transactions
to new beneficiaries with new amounts.”
Using that method, just before midnight on Jan. 14, 2015,
a payment order made to a Miami company for less than $3,000 was altered to
send $1.4 million to an account in Hong Kong, according to the court filing.
Let the lawsuits begin!
Worth re-visiting in light of the Supreme Court’s ruling
in Spokeo v. Robins:
Consumers whose personal
information was accessed in a cyberattack should not have to show someone stole
their identities or ruined their credit to have standing to sue the hacked
company, according to a friend-of-the-court brief filed in a federal appeals
court.
Washington-based Electronic Privacy Information
Center, or EPIC, asks the 3rd U.S. Circuit Court of Appeals to allow a
class action against national payroll firm Paytime Inc. to move forward.
Read more on Legal
Solutions Blog.
Previous coverage of the Paytime breach and updates linked
from here.
(Related) I’m going
to use that weed wacker bit.
Over on DataBreaches.net, I noted
that there were already a few cases where defendants in data breach lawsuits
were citing Spokeo v. Robins in
seeking dismissal of the lawsuits.
Alison Frankel of Reuters subsequently blogged about the
issue today, and mentioned yet a few more cases now rushing to the courts
citing Spokeo. She writes:
It will be a long while until the
lower courts decide who won Spokeo – but it is already clear that defendants in privacy class actions are going to wield
the Supreme Court ruling like a weed wacker. In just the first few days after its issuance,
the decision is already an issue in three privacy breach cases.
The three cases she cites involve Children’s National
Health System (which I had also mentioned on DataBreaches.net), PayTime, and
Conde Nast. If you include Barnes &
Noble, which I had also cited today, that’s four cases so far.
Read more on Reuters.
I certainly would.
Defendants demand to see FBI's secret hacking tool
… Defendants have
demanded to see details of the FBI's network investigative technique (NIT), the
agency's name for the relatively recent hacking tool, in a handful of criminal
cases, but the agency has refused to disclose the information.
… If the FBI
shares the source code, its hacking tools may be compromised in future cases. But the U.S. Constitution's Sixth
Amendment gives a defendant the right to confront his accusers and
challenge their investigation.
Judge Robert Bryan of the U.S. District Court for the
Western District of Washington wrestled with the competing interests in a case
status order he issued in the U.S. v. Michaud case this week.
The defendant's request for the NIT source code
"places this matter in an unusual position," Bryan wrote. "What should be done about it when, under
these facts, the defense has a justifiable need for information in the hands of
the government, but the government has a justifiable right not to turn the
information over to the defense?"
… The FBI's
strategy with NIT-aided investigations appears to involve hiding its use of
hacking tools, and, in some cases, pressing for guilty pleas before defendants
and their lawyers question the investigative techniques, said Nathan Freed
Wessler, a staff attorney with the American Civil Liberties Union.
… "This is a
classic example of the law not keeping up with technology," Goodnow said
by email. "The law on the
disclosure of source code is murky, at best."
… In addition,
expect more defendants to challenge government hacking techniques, with their
lawyers questioning whether the hacking exceeded the limits of a warrant,
Goodnow added.
"When it comes to source code, defendants are going
to argue that they have a constitutional right to explore whether the officer
provided the judge with enough specificity about how evidence was being
obtained and whether the obtained evidence is within the scope of that
warrant," he said. "No code;
no due process; no conviction -- at least that’s how the argument will
go."
Just out of curiosity, why does the FBI need drone
detection technology? Are they
responsible for airport security? TSA
can’t do the job?
The FAA has been testing the FBI's drone-detection system at
JFK airport
… This week, the
FAA said it had been conducting trials of a
new drone-detection system built by the FBI, testing the technology at JFK
airport in New York.
… That's about all
we know though. It's not clear how
successful the trials were, or what the FBI's drone-detection system consists
of.
… Figuring out
exactly how much of a threat drones are to commercial flights is also a tricky
issue. Although reports from pilots of
drones flying near airports and planes have gone up, some have suggested that
at least part of this increase is due to objects being
misidentified as drones. Last month, reports of a collision between a drone and
an airplane in the UK turned
out not to be true, with officials suggesting the object in question
"may even have been a plastic bag."
If we never have the time to do things right, how is it
that we always find the time to do things over?
Data Quality Should Be Everyone’s Job
All of us depend on data created elsewhere to do our work.
In the face of errors, most people’s
natural reaction is to correct
such errors in the data they need — after all, when you’re
dealing with a mountain of day-in, day-out demands, that seems the
fastest, most efficient way to complete the task at hand. The problem is that finding and fixing flawed
data soon becomes a permanent fixture. Writ
large, it is expensive and time-consuming. Worst of all, it doesn’t work well: Too many
errors leak through, rearing their ugly heads later on and leading to larger
mistakes, bad decisions, and angry customers.
The alternative is to prevent errors at their sources,
obviating the need to find and fix them. While this seems obvious enough, it
simply doesn’t occur to most people.
No doubt Watson (The IBM tool to eliminate lawyers) will
be listening.
Free Seminar – What Happens When Laws Become Open Data?
by Sabrina I. Pacifici on May 20, 2016
Center for Data Innovation – “Since President Obama’s
first day in office, open data has been a major priority for the
administration, and the United States has established itself as a world leader
in open data. But until recently,
legislative data—information about legislative activities, including bills and
their status, lawmaker votes, committee meetings, public communications by
members of Congress, lobbying information, and the products of legislative
support agencies such as the Congressional Research Service—was rarely
published as open data. This is
changing. In late 2015, a bill was introduced
to Congress to transform the Statutes at Large, the catalog of all laws enacted
during a session of Congress, into freely
accessible and machine readable open data.
In February 2016, the Government Publishing Office began publishing bill
status information in machine readable formats and making it available for bulk download. And in March 2016, the House and Senate
introduced bills that would make Congressional Research Service reports
publicly available. Like other types of
open data, legislative data can serve as a platform for new products and
services that enhance transparency, promote civic engagement, and fuel new
business models. But open legislative
data specifically offers unprecedented insight into the legislative process,
making it easier than ever for the public to analyze legislative activities,
monitor influence, and hold lawmakers accountable for their actions. Join the Center for Data
Innovation for a panel discussion exploring the impact of open legislative
data on the public and private sectors and identifying opportunities for both
federal and state governments to better provide this data to unlock social and
economic benefits.” [Via Kris Kasianovitz]
Tuesday, May 24, 2016, from 9:00-10:30 AM, 101 K Street
NW, Suite 610, Washington, D.C., 20005.
Perspective.
U.S. Children On Average Receive Their Very First Smartphone
At Age 10
… Would you believe
that the average age a child is given their first phone is a mere 10.3 years
old? Or how about the fact that 39% of
kids aged 11.4 receive their first social
media account?
I have been looking for something like this to serve as
the basis for my spreadsheet class “funding your retirement” project.
Historical infographic maps returns of major asset classes
over time
by Sabrina I. Pacifici on May 20, 2016
Chicago Booth CRSP (Center for Research in Security
Prices) – “2016 the Big Picture illustrates the investment returns of major
asset classes from 1926 onward. The animated chart will open at full screen.” [David vun
Kannon]
We need a bigger 3D Printer…
3D Printed Electric Motorcycle from APWorks Looks Fragile,
but It’s Deceptively Strong
If the University won’t allow us to use their servers…
10 Good
Options for Creating Digital Portfolios - A PDF Handout
For the majority of readers of this blog the end of the
school year is already here or will be here within a month. This is the time of year that I get a lot of
requests for suggestions on digital portfolio tools. If you find yourself looking for a digital
portfolio tool and or have colleagues asking for suggestions, take a look at
the ten options featured in my PDF handout embedded below or grab the Google Docs copy.
The weekly silly.
Hack Education Weekly News
… “Colorado Education
Commissioner Rich Crandall announced his resignation Thursday just
four-and-a-half months into the job, shocking the state’s education community
and roiling the state Department of Education as it embarks on a number of
critical initiatives,” Chalkbeat
Colorado reports.
… Via
KNN: “‘aisectmoocs.com’ launched as India’s
largest free online open learning platform.” [Only India so
far? Bob]
… Burlington
College will close its doors, “citing longstanding financial woes,” according
to The Chronicle of Higher Education. Here’s a different angle, via
The Week: “Burlington College will close due to crushing debt incurred by Bernie
Sanders’ wife, Jane Sanders.”
… Via
the NiemanLab: “The Knight Foundation and Columbia
University are partnering to launch a new organization focused on First
Amendment research and litigation. Knight and Columbia will each commit $5
million in operating funds and $25 million in endowment funds (for an initial
total of $60 million) to a new nonprofit affiliated with the university called
the First Amendment Institute.”
… “Apple
and Maine education officials are allowing school districts to
trade in iPads for laptops after teachers and students say the computers are
better for schoolwork,” according
to The Sun Journal.
No comments:
Post a Comment