Saturday, August 18, 2018

Cyber crime is big business.
Indian Bank Hit in $13.5M Cyberheist After FBI ATM Cashout Warning
On Sunday, Aug. 12, KrebsOnSecurity carried an exclusive: The FBI was warning banks about an imminent “ATM cashout” scheme about to unfold across the globe, thanks to a data breach at an unknown financial institution. On Aug. 14, a bank in India disclosed hackers had broken into its servers, stealing nearly $2 million in fraudulent bank transfers and $11.5 million unauthorized ATM withdrawals from cash machines in more than two dozen countries.
The FBI put out its alert on Friday, Aug. 10. The criminals who hacked into Pune, India-based Cosmos Bank executed their two-pronged heist the following day, sending co-conspirators to fan out and withdraw a total of about $11.5 million from ATMs in 28 countries.
… Just prior to executing on ATM cashouts, the intruders will remove many fraud controls at the financial institution, such as maximum withdrawal amounts and any limits on the number of customer ATM transactions daily.
The perpetrators alter account balances and security measures to make an unlimited amount of money available at the time of the transactions, allowing for large amounts of cash to be quickly removed from the ATM.
… One final note: Several news outlets have confused the attack that hit Cosmos Bank with another ATM crime called “jackpotting,” which requires thieves to have physical access to the inside of the cash machine and the ability to install malicious software that makes the ATM spit out large chunks of cash at once. Like ATM cashouts/unlimited operations, jackpotting attacks do not directly affect customer accounts but instead drain ATMs of currency.




Here we go again. If I can teach my students how to encrypt using RSA public/private keys, (in one hour using tools on the Internet) why wouldn’t criminals do the same if they suspected they were being tapped?
Exclusive: U.S. government seeks Facebook help to wiretap Messenger - sources
The U.S. government is trying to force Facebook Inc (FB.O) to break the encryption in its popular Messenger app so law enforcement may listen to a suspect’s voice conversations in a criminal probe, three people briefed on the case said, resurrecting the issue of whether companies can be compelled to alter their products to enable surveillance.
The previously unreported case in a federal court in California is proceeding under seal, so no filings are publicly available, but the three people told Reuters that Facebook is contesting the U.S. Department of Justice’s demand.
The judge in the Messenger case heard arguments on Tuesday on a government motion to hold Facebook in contempt of court for refusing to carry out the surveillance request, according to the sources, who spoke on condition of anonymity.
Facebook and the Department of Justice declined to comment.
The Messenger issue arose in Fresno, California, as part of an investigation of the MS-13 gang, one of the people said.
… Unlike the San Bernardino case, where the FBI wanted to crack one iPhone in its possession, prosecutors are seeking a wiretap of ongoing voice conversations by one person on Facebook Messenger.
Facebook is arguing in court that Messenger voice calls are encrypted end-to-end, meaning that only the two parties have access to the conversation, two of the people briefed on the case said.
Ordinary Facebook text messages, Alphabet Inc’s Gmail, and other services are decrypted by the service providers during transit for targeted advertising or other reasons, making them available for court-ordered interception.
End-to-end encrypted communications, by contrast, go directly from one user to another user without revealing anything intelligible to providers.




Perspective.
When China Rules the Web
For almost five decades, the United States has guided the growth of the Internet. From its origins as a small Pentagon program to its status as a global platform that connects more than half of the world’s population and tens of billions of devices, the Internet has long been an American project. Yet today, the United States has ceded leadership in cyberspace to China. Chinese President Xi Jinping has outlined his plans to turn China into a “cyber-superpower.” Already, more people in China have access to the Internet than in any other country, but Xi has grander plans. Through domestic regulations, technological innovation, and foreign policy, China aims to build an “impregnable” cyberdefense system, give itself a greater voice in Internet governance, foster more world-class companies, and lead the globe in advanced technologies.
China’s continued rise as a cyber-superpower is not guaranteed. Top-down, state-led efforts at innovation in artificial intelligence, quantum computing, robotics, and other ambitious technologies may well fail.
… But given China’s size and technological sophistication, Beijing has a good chance of succeeding—thereby remaking cyberspace in its own image. If this happens, the Internet will be less global and less open. A major part of it will run Chinese applications over Chinese-made hardware. And Beijing will reap the economic, diplomatic, national security, and intelligence benefits that once flowed to Washington.


No comments: