As more information comes out, it just confirms
that their security was really lacking. Or maybe they had all this
stuff to pass their audits, but no manager actually looked at the
reports.
Hackers
Stalked Bangladesh Bank for Two Weeks Before Big Heist
… The report cast the unidentified hackers as
a sophisticated group who sought to cover their tracks by deleting
computer logs as they went. Before making transfers they
sneaked through the network, inserting software that would allow
re-entry.
… "Malware was specifically designed for
a targeted attack on Bangladesh Bank to operate on SWIFT Alliance
Access servers," the interim report said. Those servers are
operated by the bank but run the SWIFT interface, and the report
makes it clear the breach stretches into other parts of the bank’s
network as well. "The
security breach of the SWIFT environment is part of a much larger
breach that is currently under investigation." [How
is your bank's security? Bob]
… “We reiterate that the SWIFT network
itself was not breached,” Booth said in an e-mail. “There is a
full investigation underway, on what appears to be a specific and
targeted attack on the victim’s local systems.”
… The assessment found the first suspicious
log-in came on Jan. 24 and lasted less than a minute. On Jan. 29,
attackers installed “SysMon in SWIFTLIVE" [See
below Bob] in what was interpreted as reconnaissance
activity, and appeared to operate exclusively with “local
administrator accounts.”
Operator
logs showed the hackers logged in for short periods of
time until Feb. 6, according to the report. The four transfers that
went to the Philippines occurred on Feb. 4. The report said the
hackers have already hit other FireEye clients, though it’s unclear
if those include other central banks.
… "Complex malwares have been identified
with advanced features of command & control communication,
harvesting of credentials and to securely erase all traces of
activity after accomplishing its task," the report said. It
identified 32 "compromised assets" that “were used for
reconnaissance and to gain control of the SWIFT servers and related
assets."
[Sysmon
is a Microsoft product that is part of their Sysinternals package.
Bob]
Sysmon
v3.2 This release of Sysmon, a background service that logs
security-relevant process and network activity to the Windows event
log, now has the option of logging raw disk and volume accesses,
operations commonly performed by malicious toolkits to read
information by bypassing higher-level security features.
(Related) Another indication of Organized Crime?
Perhaps a Special Ops team from some place like North Korea?
Researching and reporting on data breaches has
always had some element of risk attached. You can get accused of
hacking, or you can get threatened with litigation. In Brian Krebs’s
case, you can find yourself swatted. Or in my case, you can get
threatened with infection of HIV. But with the exception of
swatting, the rest pales in comparison to a researcher getting
kidnapped.
Catalin Cimpanu of Softpedia reports that may have
happened to a researcher involved in investigating the high-profile
breach
of Bangladesh’s central bank at the US Federal Reserve Bank in
New York that netted the thieves over $80 million (it would have been
worse but for a typo the criminals made).
In
the investigation that followed, security researchers blamed malware
and a faulty
printer but at the same time said that the Bangladesh central
bank officials were also to blame because of weak security
procedures. The bank’s governor and two deputy governors had to
quit their jobs after the scandal.
In
a weird turn of events, one of the security researchers who voiced
their criticism at the central bank’s security measures disappeared
on Wednesday night.
Family
members are saying that Zoha met with a friend at 11:30 PM on
Wednesday night, March 16. While coming home, a jeep pulled in front
of their auto-rickshaw, and men separated the two, putting them in
two different cars.
Read more on Softpedia.
So that's why you get “free” Apps.
FTC Warns
Apps Over Secret Microphone Tracking
Have you ever wondered why some apps ask for
access to the microphone on your phone?
… On Thursday, the Federal Trade Commission
sent a
letter to a dozen app developers that warned them not to abuse
so-called “audio beacons,” which are capable of picking up secret
noise signals embedded in TV shows. The beacon, which relies on your
phone’s built-in microphone, can serve to confirm you watched a
given program.
… The FTC also describes an underlying
technology offered by an Indian company called SilverPush. The
letter cites a Forbes article
that describes how SilverPush had used “inaudible sound to let
brands keep tabs on people’s online lives across TVs and
smartphones for more than a year.”
“Lawyer rips apart T-shirt, throws chair at
defense attorneys.” (It could happen.)
First Erin Andrews gets a $55M
award from a jury in her lawsuit over a privacy breach while a
hotel guest, and now Hulk Hogan gets a $115M
jury award in his lawsuit against Gawker over a sex tape they
made public.
I think the
public may be finding its voice on the value of personal privacy
and sending a strong message. Eriq Gardner sums up one key part of
the case this way:
Ultimately, the case became a battle — at least indirectly —between the First Amendment, guaranteeing free speech and a free press, and the Fourteenth Amendment, where courts have determined that a right to privacy derives under equal protection of life, liberty and property. Like many states, Florida has enacted statutes that guard against intrusions on seclusion and privacy of communications. Hogan also won on his right of publicity claim.
I’m sure we’ll see lots of coverage – and
legal analysis – of this case in the weeks and months to come.
And of course, Gawker is appealing it.
Update: Here’s the NY
Time’s coverage with Gawker’s statement on the case. Hulk
Hogan tweeted these responses:
Thank you God for justice, only love 4Life. HH
— Hulk Hogan (@HulkHogan) March 19, 2016
and
Told ya I was gonna slam another giant HH
— Hulk Hogan (@HulkHogan) March 19, 2016
A “shout out” to one of my favorite blogs, and
one I steal from wholesale. My blog turns 10 this year also, but I
do the blogging thing all wrong so I have far fewer posts.
On March 18, 2006, PogoWasRight.org’s co-founder
“Anonadmin” (a/k/a Ziplock) posted our very first news item on
PogoWasRight.org.
Interesting article. Puts a few issues in
perspective.
In 2011, Silicon Valley entrepreneur and investor
Marc Andreessen famously wrote the startling essay, Why Software
is Eating the World, in which he described how emerging
companies built on software were swallowing up whole industries and
disrupting previously dominant brand name corporations. Andreessen
was prescient and almost giddy, in anticipating the dramatic,
technological and economic shift through which software companies
would take over large swaths of the global economy. What he did not
anticipate was the extent to which software would also eat up the
realms of governance, security and human rights.
… Several dimensions of the new digital
ecosystem challenge this conception of governance.
The Trans-Border Nature
of the Internet
Digitization of
Everything
The Privatization of
Governance
Will this be allowed? How will Cuba react?
Definitely should be fun to watch.
Stripe
Wants To Help Cuban Entrepreneurs Enter The Digital Age
Ahead of President Obama’s historic
trip to Cuba next week, Silicon Valley payments upstart Stripe
announced that it is helping Cuban entrepreneurs set up U.S.
businesses.
The initiative lets foreign entrepreneurs
incorporate U.S. businesses, obtain U.S. bank accounts and tax ID
numbers, and, of course, set up a U.S. Stripe account to receive
payments. The service, which costs $500 per business, will also give
users access to tax advice from PwC along with legal advice.
An alternative Apple might have complied with? I
don't think so, but what do I know?
Zack Whittaker reports:
The US government has made numerous attempts to obtain source code from tech companies in an effort to find security flaws that could be used for surveillance or investigations.
The government has demanded source code in civil cases filed under seal but also by seeking clandestine rulings authorized under the secretive Foreign Intelligence Surveillance Act (FISA), a person with direct knowledge of these demands told ZDNet. We’re not naming the person as they relayed information that is likely classified.
Read more on ZDNet.
The world the FBI was born in has changed.
Perhaps they too need to re-invent themselves?
ProtonMail
Opens Encrypted Email Service to Public
Encrypted
email provider ProtonMail
announced the global availability of its privacy focused email
service to the public this week.
Offering
end-to-end encryption in its email service, ProtonMail was launched
in beta in May 2014 by CERN scientists and has been available on an
invite-only basis for the past two-years.
With
more than 1 million users participating in its closed beta, the
service is now open to the world to allow more people take advantage
of its privacy protection.
To
ensure that user data is not accessible by third-parties, not even by
ProtonMail itself, the company says that it stores data in an
encrypted format and uses two passwords, one required to identify the
user, and the other to decrypt the data. The
second password is never sent to the server but is used only on the
device, making the data unavailable to anyone else but the user, the
company explains.
In
addition to fully opening the service to the public, ProtonMail
announced the availability of free iOS
and Android
mobile apps.
Remember your driving test? This isn't it.
Google
argues that if self-driving cars can pass safety tests, they should
be legal
Chris Urmson, director of Google's self-driving
car project, has sent a letter to US Transportation Secretary Anthony
Foxx today with a plan for selling autonomous vehicles that have no
steering wheels or pedals, AP
reports. The plan appears to be pretty straightforward: Urmson
argues that if a self-driving car can pass standardized federal
safety tests, they should be road-legal.
My students who drive for Uber need to think about
this.
Uber Orders
100,000 Mercedes, Magazine Reports
Ride-hailing service Uber has placed a large order
for cars with Germany’s Daimler, Manager Magazin reported on
Friday.
Citing sources at both companies, the magazine
said Uber had placed a long-term order for at least 100,000 Mercedes
S-Class cars.
Uber is particularly interested in autonomous
driving vehicles, the magazine reported, adding that such cars are
expected to be available after 2020.
Perspective. I'll give you a couple of examples.
Get 11 Big
Benefits from These 20 Sharing Economy Tools
Flightcar
(iOS)
allows you to park your car in one of several city airports
(currently 13)
completely free of charge. In return, they can rent your vehicle out
to approved visitors in your city for the duration of your vacation.
All vehicles are insured for up to $1 million.
Deliver Anything to Anyone
It won’t be long until Uber takes on this
industry, but for now, Postmates
(iOS,
Android)
is working hard to corner the on-demand delivery market
Has the government been using bad data and will
Big Data correct the problem? Will Economics become less dismal? A
very interesting article.
Can Big
Data Help Measure Inflation?
… In the last decade, though, the government
has had a harder time measuring CPI. Their method is usually to go
around from store to store, taking stock of prices around the
country. But e-commerce now accounts for around 7
percent of U.S. GDP, which means online spending is an important
component of the CPI. As more and more people are shopping online,
calculating this index has
gotten more difficult, because there haven’t been any great
ways of recording prices from the sites disparate retailers.
… Adobe is now aggregating the sales data that
flows through their software for its Digital
Price Index (DPI) project, an initiative that’s meant to answer
some of the questions that have been dogging researchers now that
e-commerce is such a big part of the economy.
The project, which tracks billions of online
transactions and the prices of over a million products, was developed
with the help of the economists Austan Goolsbee, the former chairman
of Obama’s Council of Economic Advisors and a professor at the
University of Chicago’s Booth School of Business, and Peter Klenow,
a professor at Stanford University.
… One notable finding of Adobe’s DPI, for
instance, is what has happened to the prices of electronics in the
past year. While the CPI reports 7.1 percent deflation for computers
and 14.4 percent for TVs over that time period, the DPI found 13.1
percent and 19.4 percent.
Another advantage of the Adobe data, according to
Goolsbee and Klenow, is that it gives a sense of how many units of
any given product are being sold, which helps economists identify
instances in which consumers substitute one product for another
For my students.
How to
Quickly Write a Resume Today with LinkedIn
As I grade papers, I'll still keep current on the
industry.
Hack
Education Weekly News
… Via
the BBC: “Every school to become an academy, ministers to
announce.” That’s every school in England. And becoming an
academy means the end to local control.
… Via
the Courier-Journal: “All students who graduate from Kentucky
high schools, home schools or obtain their GEDs in Kentucky will be
able to attend community colleges for free under a bill that passed
the Kentucky House of Representatives on Thursday.”
… “Colorado State U Launches Online ‘Boot
Camp’ Style Comp Sci Programs,” says
Campus Technology.