Tom Donilon's opinion on illicit arms trafficking and cybercrime

[Ferrari]

Hey guys,

I have to write a paper on Tom Donilon (National Security Advisor) and about his views on "cybercrime" and "illicit arms trafficking". Thus, I tried looking for information that reveals his opinion and solutions on these topics.
Unfortunately, I could not find any.

Do you know what his views are on these topics and where I can find information?

Thank you!

Greetings,
Ferrari

 

[waltky]

Obama crackin' the whip on cybercrime...

President Obama cracks whip on cybercrime
February 12th, 2013 - Having run out of patience for Congress to act on a cybersecurity bill, President Obama has decided to take matters into his own hands.

Obama signed an executive order on Tuesday addressing the country's most basic cybersecurity needs and highlighted the effort in his State of the Union address. "We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy," Obama said. The order will make it easier for private companies in control of the nation's critical infrastructure to share information about cyberattacks with the government. In return, the Department of Homeland Security will share "sanitized" classified information with companies about attacks believed to be occurring or that are about to take place.

The order also directs the government to work with the private sector on standards that will help protect companies from cybercrime, though there is nothing in the order about how this will be enforced. This is hardly comprehensive, but at least it's something aimed at protecting our nation's power, water and nuclear systems from attack. That's more than Congress can say it has accomplished. Lawmakers failed to pass any of the dozens of cybersecurity bills aimed at meaningfully securing critical infrastructure from an online criminals.

Meanwhile, the number of attacks on critical infrastructure companies reported to a U.S. Department of Homeland Security cybersecurity response team grew by 52% in 2012, according to a recent report. Several of them resulted in successful break-ins. While Obama's plan to remedy the problem is a start, critics say it has major limitations that make the order virtually meaningless. "It doesn't have any teeth; it has no backing," said Rob Beck, critical infrastructure cybersecurity consultant for Casaba Security. "This is not going to have any measurable impact on anything." Administration officials acknowledged the order's limitations on Tuesday, but insisted the changes will have a meaningful impact.

Unlike Congress, the president alone does not have the power to protect companies from lawsuits when they are engaged in information sharing. Since the data they'd be handing over to the federal government could include private information from customers, companies likely won't share that information without guaranteed protections. "Businesses have to be good citizens, but they also have to be concerned about their liabilities and interests of their users," said Evan Brown, senior counsel with InfoLawGroup, a law firm focused on digital privacy and cybersecurity issues. "There are all kinds of ramifications if companies are found not to be good protectors of user privacy."

MORE

 

[g5000]

Your first post on this forum is to ask us to do your homework for you?

 

[waltky]

China caught with its hand in the cyber cookie jar...

Portrait of accused China cyberspy unit emerges
Feb 20,`13 -- Unit 61398 of the People's Liberation Army has been recruiting computer experts for at least a decade. It has made no secret of details of community life such as badminton matches and kindergarten, but its apparent purpose became clear only when a U.S. Internet security firm accused it of conducting a massive hacking campaign against North American targets.

Hackers with the Chinese unit have been active for years, using online handles such as "UglyGorilla," Virginia-based firm Mandiant said in a report released Tuesday as the U.S. prepared to crack down on countries responsible for cyber espionage. The Mandiant report plus details collected by The Associated Press depict a highly specialized community of Internet warriors working from a blocky white building in Shanghai:

-RECRUITING THE SPIES: Unit 61398, alleged to be one of several hacking operations run by China's military, recruits directly from universities. It favors high computer expertise and English language skills. A notice dated 2003 on the Chinese Internet said the unit was seeking master's degree students from Zhejiang University's College of Computer Science and Technology. It offered a scholarship, conditional on the student reporting for work at Unit 61398 after graduation.

-CYBERSPY WORKPLACE: Mandiant says it traced scores of cyberattacks on U.S. defense and infrastructure companies to a neighborhood in Shanghai's Pudong district that includes the 12-story building where Unit 61398 is known to be housed. The building has office space for up to 2,000 people. Mandiant estimates the number of personnel in the unit to be anywhere from hundreds to several thousand. The surrounding neighborhood is filled with apartment buildings, tea houses, shops and karaoke bars.

-THE UNIT 61398 COMMUNITY: While the building's activities may be top secret, Unit 61398's status in the community as a military division is not. It turns up in numerous Chinese Internet references to community events, including a 2010 accord with the local government to set up a joint outreach center on family planning. Other articles describe mass weddings for officers, badminton matches and even discussion of the merits of the "Unit 61398 Kindergarten." Other support facilities include a clinic, car pool, and guesthouse - all standard for the military's often self-contained communities across China.

-THE PIPELINE:

See also:

Commercial cyberspying offers rich payoff
Feb 20,`13 -- For state-backed cyberspies such as a Chinese military unit implicated by a U.S. security firm in a computer crime wave, hacking foreign companies can produce high-value secrets ranging from details on oil fields to advanced manufacturing technology.

This week's report by Mandiant Inc. adds to mounting suspicion that Chinese military experts are helping state industry by stealing secrets from Western companies possibly worth hundreds of millions of dollars. The Chinese military has denied involvement in the attacks. "This is really the new era of cybercrime," said Graham Cluley, a British security expert. "We've moved from kids in their bedroom and financially motivated crime to state-sponsored cybercrime, which is interested in stealing secrets and getting military or commercial advantage." Instead of credit card numbers and other consumer data sought by crime gangs, security experts say cyberspies with resources that suggest they work for governments aim at better-guarded but more valuable information.

Companies in fields from petrochemicals to software can cut costs by receiving stolen secrets. An energy company bidding for access to an oil field abroad can save money if spies can tell it what foreign rivals might pay. Suppliers can press customers to pay more if they know details of their finances. For China, advanced technology and other information from the West could help speed the rise of giant state-owned companies seen as national champions. "It's like an ongoing war," said Ryusuke Masuoka, a cybersecurity expert at Tokyo's Center for International Public Policy Studies, a private think tank. "It is going to spread and get deeper and deeper." Mandiant, headquartered in Alexandria, Virginia, said it found attacks on 141 entities, mostly in the United States but also in Canada, Britain and elsewhere.

Attackers stole information about pricing, contract negotiations, manufacturing, product testing and corporate acquisitions, the company said. It said multiple details indicated the attackers, dubbed APT1 in its report, were from a military unit in Shanghai, though there was a small chance others might be responsible. Target companies were in four of the seven strategic industries identified in the Communist Party's latest five-year development plan, it said. "We do believe that this stolen information can be used to obvious advantage" by China's government and state enterprises, Mandiant said.

China's military is a leader in cyberwarfare research, along with its counterparts in the United States and Russia. The People's Liberation Army supports hacker hobby clubs with as many as 100,000 members to develop a pool of possible recruits, according to security consultants. Mandiant said it traced attacks to a neighborhood in Shanghai's Pudong district where the PLA's Unit 61398 is housed in a 12-story building. The unit has advertised online for recruits with computer skills. Mandiant estimated its personnel at anywhere from hundreds to several thousand. On Wednesday, the PLA rejected Mandiant's findings and said computer addresses linked to the attacks could have been hijacked by attackers elsewhere. A military statement complained that "one-sided attacks in the media" destroy the atmosphere for cooperation in fighting online crime. Many experts are not swayed by the denials.

MORE

 

[waltky]

Granny says, "Dat's right - dey prob'ly hacked the Washington Monument too...

Chinese cyberspies have hacked most Washington institutions, experts say
February 20,`13 - Start asking security experts which powerful Washington institutions have been penetrated by Chinese cyberspies, and this is the usual answer: almost all of them.

The list of those hacked in recent years includes law firms, think tanks, news organizations, human rights groups, contractors, congressional offices, embassies and federal agencies. The information compromised by such intrusions, security experts say, would be enough to map how power is exercised in Washington to a remarkably nuanced degree. The only question, they say, is whether the Chinese have the analytical resources to sort through the massive troves of data they steal every day. “The dark secret is there is no such thing as a secure unclassified network,” said James A. Lewis, a cybersecurity expert at the Center for Strategic and International Studies, which has been hacked in the past. “Law firms, think tanks, newspapers — if there’s something of interest, you should assume you’ve been penetrated.”

The rising wave of cyber-espionage has produced diplomatic backlash and talk of action against the Chinese, who have steadfastly denied involvement in hacking campaigns. A strategy paper released by the Obama administration Wednesday outlined new efforts to fight the theft of trade secrets. Cyberspying against what could be called the “information industry” differs from hacks against traditional economic targets such as Lockheed Martin, Coca-Cola and Apple, whose computer systems contain valuable intellectual property that could assist Chinese industrial or military capabilities.

Instead, journalists, lawyers and human rights workers often have access to political actors whose communications could offer insight to Chinese intelligence services eager to understand how Washington works. Hackers often are searching for the unseen forces that might explain how the administration approaches an issue, experts say, with many Chinese officials presuming that reports by think tanks or news organizations are secretly the work of government officials — much as they would be in Beijing. “They’re trying to make connections between prominent people who work at think tanks, prominent donors that they’ve heard of and how the government makes decisions,” said Dan Blumenthal, director of Asian studies at the American Enterprise Institute, which also has been hacked. “It’s a sophisticated intelligence-gathering effort at trying to make human-network linkages of people in power, whether they be in Congress or the executive branch.”

China’s aggressive effort

 

[waltky]

Cops playin' catch-up to cyber criminals...

Local police grapple with response to cybercrimes
Apr 13,`13 WASHINGTON (AP) -- If a purse with $900 is stolen, the victim probably would call the police. If a computer hacker steals $900 from that same person's bank account, what then? Call the police? Could they even help?

As it is now, local police don't have widespread know-how to investigate cybercrimes. They rely heavily on the expertise of the federal government, which focuses on large, often international cybercrimes. What's missing is the first response role, typically the preserve of local police departments that respond to calls for help from individuals and communities. Obama administration officials have said that cyberterrorism is the leading worldwide threat to national security. So far, the discussion about such threats and security has focused on breaking classified foreign government codes, monitoring overseas communications and protecting the U.S. from devastating attacks that could jeopardize massive amounts of data and valuable corporate trade secrets.

It's been about businesses protecting their networks and individuals using the Internet safely, for instance, by choosing smart passwords. But when one person hacks into someone else's computer to access a bank account, credit cards or even email, the crime fighting path is uncertain. "I am not sure who owns cybercrime at the local level. And that is a problem," said Chuck Wexler, executive director of the Police Executive Research Forum. Local police departments are looking to boost their expertise so they can respond to cybercrimes and cyberthreats that are expected to only get worse.

The hypothetical victim who had $900 stolen from the bank account should call the police, and the police should document the theft in a report, said Darrel Stephens, executive director of the Major City Chiefs Association, which represents police chiefs in major U.S. metropolitan areas. "What they can do after that gets very complicated," Stephens said.

For instance, police departments work within jurisdictions, but cybercrime knows no boundaries. "The victim may live in one place, their bank is in another jurisdiction and the person that committed the theft could be anywhere in the world," Stephens said. Then there's the matter of determining who the victim is. Most banks and credit card companies typically replace the accountholder's stolen funds, he said, which makes the banks and credit companies the victims of the theft. "Most local police do not have the capacity to investigate these cases even if they have jurisdiction," Stephens said.

MORE

 

[editec]

Hey guys,

I have to write a paper on Tom Donilon (National Security Advisor) and about his views on "cybercrime" and "illicit arms trafficking". Thus, I tried looking for information that reveals his opinion and solutions on these topics.
Unfortunately, I could not find any.

Do you know what his views are on these topics and where I can find information?

Thank you!

Greetings,
Ferrari

I start here

And while perusing those links I'd be looking for additional references and links that expand on the topics you are interested in researching.

Good luck!

 

[waltky]

Big ol' bank cyber heist in London...

UK police: Cyber crooks could have stolen millions
Sep 13,`13 -- A daring attempt to graft a rogue piece of hardware onto a computer at a London branch of Spanish bank Santander could have drained millions from its coffers, police said Friday, an indication of the potential for electronic crime to tear huge chunks off financial institutions' balance sheets.

London police and Santander said in a joint statement that 12 suspects were arrested Thursday following an attempt by a bogus maintenance engineer to install a keyboard-video-mouse - a device typically used to control several computers at once - onto one of the bank's computers at a branch located in a south London shopping center. Few other technical details were released, but the statement said that the hardware would have allowed the transmission of the entire computer's desktop and "allowed the suspects to take control of the bank's computer remotely."

Writing on the blog of Internet security firm Sophos, John Hawes said it wasn't clear how much damage the would-be robbers might have done "even with access to a workstation." "If the systems were well controlled, secured and monitored, there should still have been plenty of obstacles to overcome before they could find their way into sensitive parts of the network, and move virtual cash out of the bank's systems," he said.

Police said they took the attempted robbery very seriously. In their statement, Det. Insp. Mark Raymond described it as a "sophisticated plot that could have led to the loss of a very large amount of money from the bank." The force put the potential losses in the millions of pounds - although it stressed that no money was ever withdrawn. It's not clear from the statement whether the person masquerading as an engineer was arrested at the scene. Police said that all but one of the 12 suspects, ranging in age from 23 to 50, were apprehended in the same west London neighborhood.

The scale of the potential theft is another reminder of the huge amounts that can be stolen by tech-savvy criminals. U.S. investigators say that one gang operating across 27 countries recently managed to steal $45 million in two separate sprees after compromising payment systems used by two Middle Eastern banks. The suspects in the latest heist remain in custody. Police said searches were being carried out in six different locations in the greater London area. Santander said none of its staff were involved in the attempted heist.

Source

See also:

Finn hacker steals personal info in cyber strike
Sep 13,`13 -- Helsinki Police say they detained a hacker last weekend suspected of accessing thousands of usernames and passwords of visitors to more than 300 websites.

Police spokesman Jukkapekka Risu said officers arrested an unnamed local man, who allegedly acknowledged his actions. Officers are analyzing his confiscated computers. They declined to give more details.

The Finnish Communications Regulatory Authority warned Friday that the suspect might have accessed "usernames and passwords of hundreds of thousands of Finns," mostly from chat forums, adding that the attacks were not aimed at banks.

Erkki Mustonen from global computer security company F-Secure Corp. said it was one of the biggest hacker attacks in the Nordic country to date and could have been prompted by a desire for the hacker to demonstrate his skills.

Source

 

[waltky]

FBI on the trail of cybertheft gang...

FBI Seeks Romanian Cyber Theft Ring
October 25, 2013 ~ The FBI is looking for a Romanian national who led a band of cyber fraudsters that bilked unsuspecting Americans of millions of dollars on eBay and other sites.

Nicolae Popescu and six others are charged in the scheme, in which they advertised cars, motorcycles, boats, and other high-value items – generally priced in the $10,000 to $45,000 range – that did not actually exist using websites like eBay, Cars.com, AutoTrader.com and CycleTrader.com. The FBI says the ring pulled in over $3 million. “As alleged, the defendants infiltrated the cyber marketplace with advertisements for high-value items that didn’t exist,” said FBI Assistant Director in Charge Venizelos. “They siphoned funds from victims to fuel their greedy desires and created false identities, fake websites and counterfeit certificates of title in order to make the scheme more convincing.”

One of the largest ever cyber attacks is slowing global internet services after an organization blocking "spam" content became a target.

On Thursday, the FBI announced it had issued “wanted” posters and Interpol red notices for the group, which it called “masters of illusion.” Popescu, 33, had openly said he was “beyond the reach” of the FBI. “Using forged documents and phony websites, for years Popescu and his criminal syndicate reached across the ocean to pick the pockets of hard working Americans looking to purchase cars,” said United States Attorney Lynch. “They thought their distance would insulate them from law enforcement scrutiny. They were wrong.”

After the 'sellers' reached an agreement with the victim buyers, they would often email them invoices purporting to be from Amazon Payments, PayPal, or other online payment services, with instructions to transfer the money to the U.S. bank accounts used by the defendants. Romania is considered to be a hotbed of cybercrime.

FBI Seeks Romanian Cyber Theft Ring

 

[waltky]

Cybercriminal gets 20 years...

Man gets 20 years for role in cybercrime syndicate
May 16,`14 -- A Phoenix man has been sentenced to 20 years in federal prison for his role in what authorities say is an unprecedented criminal case involving an international cybercrime syndicate with hundreds of thousands of U.S. victims.

A federal judge in Las Vegas imposed the sentence Thursday on David Camez, 22, who already is serving a seven-year term in Arizona for similar crimes. Camez, who was convicted of racketeering charges late last year, is the first of 55 members of the Las Vegas-based "Carder.su" syndicate to go to trial. They were charged in four separate indictments in 2012. About 20 defendants have pleaded guilty. Of the handful who have been sentenced so far, all have drawn only two years in prison. Two dozen defendants, including the group's Russian leaders Roman Zolotarev and Konstantin Lopatin, are still at large, authorities said.

The case marks the first time the Justice Department has used federal racketeering statutes to go after a cybercrime syndicate, the Las Vegas Review-Journal reported ( Phoenix man gets 20 years in prison in federal cybercrime case | Las Vegas Review-Journal ). "As shown in this case, cybercrime has grown into an industry and is rapidly overtaking traditional crime, such as bank robbery," Nevada U.S. Attorney Daniel Bogden said. "Cybercrime was once viewed as the crime wave of the future, but in reality that threat is here now." The syndicate is accused of victimizing hundreds of thousands of Americans and several financial institutions, and of committing more than $50 million worth of financial fraud.

Prosecutors say its scheme revolved largely around the buying and selling of pilfered debit and credit card information on an Internet site called Carder.su. The secretive criminal organization had more than 7,800 members worldwide. Camez became involved at the age of 17. "Camez was a member of a vast criminal organization that facilitated rampant cyberfraud throughout the world," said David O'Neil, acting assistant attorney general of the Justice Department's Criminal Division. "This organization is the new face of organized crime - a highly structured cyber network operated like a business to commit fraud on a global scale." Michael Adams, a Secret Service agent who infiltrated the crime ring, testified Thursday that federal agents recovered 210,000 stolen credit and debit account numbers in raids.

Camez, whose online nicknames were "Bad Man" and "Doctorsex," had nearly 2,000 compromised account numbers in his possession, Adams said. He also was ordered to share in restitution of nearly $51 million. During sentencing, U.S. District Judge Andrew Gordon said he had sympathy for the victims because he also has experienced identity theft. "You appear to be a pretty smart guy," Gordon told Camez. "It's a shame you used your talents in a bad way. Your history tells me I need to protect the public from you."

AP Newswire | Stars and Stripes

 

[waltky]

The hackers are winning...

Public-private survey finds cybercrime on the rise
May 28,`14 -- The hackers are winning, according to a survey of 500 executives of U.S. businesses, law enforcement services and government agencies released Wednesday.

The 12th annual survey of cybercrime trends found that online attackers determined to break into computers, steal information and interfere with business are more technologically advanced than those trying to stop them. The survey was co-sponsored by San Jose, California-based business consulting firm PwC, the U.S. Secret Service, the CERT Division of Carnegie Mellon University's Software Engineering Institute and CSO security news magazine.

Three out of four respondents said they had detected a security breach in the past year, and the average number of security intrusions was 135 per organization, the survey found. "Despite substantial investments in cybersecurity technologies, cyber criminals continue to find ways to circumvent these technologies in order to obtain sensitive information that they can monetize," Ed Lowery, who heads the U.S. Secret Service's criminal investigative division, said in a written statement.

Lowery said companies and the government need to take "a radically different approach to cybersecurity," which goes beyond antivirus software, training employees, working closely with contractors and setting up tighter processes. The top five cyberattack methods reported in the survey were malware, phishing, network interruption, spyware and denial-of-service attacks. And 28 percent of respondents said the attackers were insiders, either contractors or current and former employees or service providers, according to the survey.

AP Newswire | Stars and Stripes

 

[waltky]

possum was playin' onna computer an' he spilled alla ones an' zeros onna floor...

Cyber crime costs global economy $445 billion a year: report
9 June`14 - Cyber crime costs the global economy about $445 billion every year, with the damage to business from the theft of intellectual property exceeding the $160 billion loss to individuals from hacking, according to research published on Monday.

The report from the Center for Strategic and International Studies (CSIS) said cyber crime was a growth industry that damaged trade, competitiveness and innovation.

A conservative estimate would be $375 billion in losses, while the maximum could be as much as $575 billion, said the study, sponsored by security software company McAfee. "Cyber crime is a tax on innovation and slows the pace of global innovation by reducing the rate of return to innovators and investors," Jim Lewis of CSIS said in a statement. "For developed countries, cyber crime has serious implications for employment."

The world's biggest economies bore the brunt of the losses, the research found, with the toll on the United States, China, Japan and Germany reaching $200 billion a year in total. Losses connected to personal information, such as stolen credit card data, was put at up to $150 billion. About 40 million people in the United States, roughly 15 percent of the population, has had personal information stolen by hackers, it said, while high-profile breaches affected 54 million people in Turkey, 16 million in Germany and more than 20 million in China.

McAfee, owned by Intel Corp, said improved international collaboration was beginning to show results in reducing cyber crime, for example in the takedown last week of a crime ring that infected hundreds of thousands of computers known by the name of its master software, Gameover Zeus.

Cyber crime costs global economy $445 billion a year: report

 

[waltky]

New wrinkle in online theft...

Cyber criminals 'posing as CEOs to con staff into transferring them money'
Oct 2, 2015 - Cyber criminals are posing as CEOs of companies and conning lower-ranking staff into transferring large sums of money to them, Europol has warned in a major review of online threats.

The European Union's law enforcement agency said fraudsters were emailing, or even phoning, employees with access to company funds and instructing them to carry out their urgent demands. Subsidiaries of multinationals are being targeted in this new area of cyber crime, as staff in regional offices often do not know senior management in holding companies "and may be fearful of losing their job if they do not obey", the report warns.

The Internet Organised Crime Threat Crime Assessment 2015 (iOCTA), a wide-ranging review of developing online criminal threats on issues from child abuse to e‑fraud, also said the rise in non-card transactions had encouraged an "arms race" between cyber criminal entrepreneurs devising new attack methods, and the card industry as it develops counter-measures to protect customers and businesses.

The most recent figures available showed there were 1.44bn in fraudulent transactions in 2013 - a rise of 8 per cent on the previous year. The report also warned that cyber crime is becoming increasingly hostile and that cyber security is lagging behind. "Instead of subterfuge and covertness, there is a growing trend of aggression in many cyber attacks, and in particular the use of extortion, whether it is through sexual extortion, ransomware or Distributed Denial of Service [DDoS] attacks," it said.

MORE

See also:

Cyber extortion: New crime on the block
Sep 21, 2015: When a managing director of a popular ice cream manufacturing company in the city opened his computer recently to access his company's database, he saw a message that startled him. "Pay $1,000 to get your data back and do the payment in Bitcoins."

The perplexed MD tried to refresh and restart the machine, but the message kept repeating. Most of the company data had been encrypted, cutting off his access to it. In short, the database had been hacked and the hackers were demanding money to decrypt the data. The new trend of 'cyber extortion' has the cyber crime wing of the Hyderabad police on tenterhooks. "An incident of data being kept hostage was first reported a year ago. At that time, we did not take it seriously. But when another victim came with a similar complaint in late July, we realised that it's a new modus operandi," assistant commissioner of police (Cyber Crimes) B Anuradha told TOI. "The victims could not access their data as it was controlled by the hackers," she explained.

It was found that hackers were penetrating the weak security systems of several companies and demanding payment in Bitcoins, which the police are now terming as the hawala system of cyber space. Also in the recesses of the world wide web are several rogue websites that are putting up for sale the confidential information belonging to individuals. The information sold can range from email IDs to Aadhaar and bank account numbers. "The personal information of people is getting leaked by unscrupulous employees of banks, who are approached unofficially by those looking for prospective customers. Data sharing is invaluable for improving businesses. But in several cases, the information is put up for sale for a few lakhs of rupees and is bought by organised gangs indulging in various kinds of frauds," a cyber police officer said.

By feeding the data into the easily-available 'brute force' software tools, fraudsters generate various possible passwords against an email id or bank accounts in under a minute. Once the accounts are hacked, financial fraud like illegal money transfer is readily done. One of the most common frauds being committed by hackers is to misguide business partners by sending emails from similar looking email ids and asking them to transfer money to new accounts.

MORE

Related:

Indian scientists develop algorithm to prevent cybercrime
Sep 14, 2015 | WASHINGTON: Indian researchers have developed a new keystroke algorithm that can use unique human typing patterns to make online authentication processes more secure, reliable and cheap.

The new method developed by researchers at the Department of Computer Science and Engineering, Jeppiaar Engineering College, Chennai, hopes to alleviate some of the common issues for internet users including loss of password, growing prowess of hackers, and easy access to methods such as phishing and usage of bots.

Like fingerprint scans, retina scans and facial recognition, keystroke dynamics are a biometric -- they measure a unique human characteristic. "As the typing pattern varies from person to person, this can be used as a suitable method for the authentication process more effective than others," researchers J Visumathia and P Jesu Jayarin wrote in the Journal of Applied Security Research. "The information needed for the process is using the various software systems already present in the computer, leading to a decrease in costs," researchers said.

The new keystroke template algorithm combines measures from existing models to increase precision. To test their algorithm, the researchers built a programme that users could log into using passwords of varying length. While entering their credentials, keystroke dynamics were recorded. Results indicate that their algorithm was successful in decreasing login errors and making improper authentication very unlikely, thus advancing keystroke dynamics analysis as a viable e-security measure.

MORE

 

[waltky]

Healthcare providers gettin' hit by cybertheft...

US healthcare providers risk $305 bn revenue loss to cyber theft
Wednesday 14th October, 2015 - US healthcare providers who fail to make cyber security a strategic priority over the next five years, face the risk of putting $305 billion of cumulative lifetime patient revenue under threat, a study by global management consulting company Accenture has revealed.

The significant increase in adoption and use of electronic medical records (EMRs) and other healthcare technology has created a wealth of electronic information that includes patient data such as dates of birth, home addresses, social security records, insurance details and medical data. This treasure trove of information is increasingly being targeted by cyber attackers, states the report, titled 'The $300 billion attack: The revenue risk and human impact of healthcare provider cyber security inaction', released Wednesday. Buttressing its point, study points out that in 2014, nearly 1.6 million people had their medical information stolen from healthcare providers, according to the US Department of Health and Human Services Office for Civil Rights. Accenture analysis predicts more than 25 million peopleor approximately one in 13 patients will have their medical and/ or personal information stolen from their healthcare provider's digitized records between 2015 and 2019. In many cases, the patient's response could be to walk away from the healthcare provider that failed to protect his/her data.

Based on medical identity theft information by the Ponemon Institute, Accenture has calculated the number of affected patients who would become victims of medical identity theft and quantified the patient revenue that would be put at risk. "What most health systems don't realize is that many patients will suffer personal financial loss as a result of cyberattacks on medical information," said Dr. Kaveh Safavi, managing director of Accenture's global healthcare business, in a press release. "If healthcare providers are complacent to safeguarding personal information, they'll risk losing substantial revenues and patients as a result of medical identity theft." Unlike credit card identity theft, where the card provider generally has a legal responsibility for account holders' losses above $50, victims of medical identity theft often have no automatic right to recover their losses. Accenture projects that of the patients likely to be affected by healthcare-provider data breaches over the next five years, 25% of patients or 6 million people will subsequently become victims of medical identity theft.

Accenture analysis shows that healthcare providers are at risk of losing $305 billion in cumulative lifetime patient revenue over the next five years due to patients switching providers because of medical identity theft. Applying this methodology to recent healthcare provider data breaches, Accenture estimates that each provider organization lost an average of $113 million of lifetime patient revenue for every data breach it suffered in 2014. In addition, one in six or 16% of the affected patients or 4 million people could be victimized and have to pay out-of-pocket costs totaling almost $56 billion over the same time period, the statement said. Addressing cyber security proactively can improve a provider's ability to thwart attacks by an average of 53%, Accenture research shows. Yet, according to the report, there is a significant gap in how well prepared they are to deal with such inevitabilities.

US healthcare providers risk 305 bn revenue loss to cyber theft

 

[waltky]

Granny keeps her credit card in her sock so the password don't get stole...

US Says Ukrainian Led Ring That Stole Online Bank Info
October 20, 2015 — A Ukrainian man pleaded not guilty Monday to charges he orchestrated a scheme to steal individual computer users' online bank information and sell it on the black market.

Sergey Vovnenko, who allegedly used aliases like "Darklife" and "Centurion," was charged in April in a six-count indictment that was unsealed last week. He had been living recently in Naples, Italy before his arrest this month.

Federal prosecutors in Newark allege that Vovnenko and co-conspirators hacked into the computers of an unnamed global financial institution with offices in New Jersey. They allegedly stole user names and passwords for bank accounts and other online services from individual users, then used online forums to sell the information.

They also allegedly used it to illegally access and withdraw money from bank accounts. The indictment didn't estimate how much money the co-conspirators stole. Vovnenko is charged with wire fraud conspiracy, unauthorized computer access and aggravated identity theft. He is being held without bail.

US Says Ukrainian Led Ring That Stole Online Bank Info

 

[waltky]

House of cards comes tumblin' down...

U.S. charges three in huge cyberfraud targeting JPMorgan, others
Tue Nov 10, 2015 - U.S. prosecutors on Tuesday unveiled criminal charges against three men accused of running a sprawling computer hacking and fraud scheme that included a huge attack against JPMorgan Chase & Co and generated hundreds of millions of dollars of illegal profit.

Gery Shalon, Joshua Samuel Aaron and Ziv Orenstein, all from Israel, were charged in a 23-count indictment with alleged crimes targeting 12 companies, including nine financial services companies and media outlets including The Wall Street Journal. Prosecutors said the enterprise dated from 2007, and caused the exposure of personal information belonging to more than 100 million people. "By any measure, the data breaches at these firms were breathtaking in scope and in size," and signal a "brave new world of hacking for profit," U.S. Attorney Preet Bharara said at a press conference in Manhattan.

A chart is seen as Preet Bharara, U.S. Attorney for the Southern District of New York, speaks during a news conference New York​

The alleged enterprise included pumping up stock prices, online casinos, payment processing for criminals, an illegal bitcoin exchange, and the laundering of money through at least 75 shell companies and accounts around the world. Tuesday's charges expand a case first announced in July, and according to U.S. Attorney General Loretta Lynch target "one of the largest thefts of financial-related data in history." The charges are also the first tied to the JPMorgan attack, which prosecutors said involved the stealing of records belonging to more than 83 million customers, the largest theft of customer data from a U.S. financial institution.

Ziv Orenstein (C), who is accused by U.S. authorities of engaging in a stock manipulation scheme involving U.S. penny stocks, arrives at a courtroom at the Jerusalem Magistrates Court​

Authorities said Shalon and Aaron executed that hacking, using a computer server in Egypt that they had rented under an alias that Shalon often used. A separate indictment unveiled in Atlanta against Shalon, Aaron and an unnamed defendant said the brokerages E*Trade Financial Corp and Scotttrade Inc were also targets, and personal information of more than 10 million customers was compromised. TD Ameritrade Holding Corp and News Corp's Dow Jones unit, which publishes The Wall Street Journal, said they were also targets. Fidelity Investments was also a target, a person familiar with the matter said.

MORE[/quoted]

 

[whitehall]

The federal police (ATF) engaged in illicit arms trafficking under Obama's watch. Operation Fast/Furious shipped about 3,000 well oiled and functional weapons to drug cartels in Mexico and then ...whoops...lost track of them. At least one American Border Patrol Officer was murdered and perhaps hundreds of innocent Mexican civilians were killed with the weapons a U.S. Government police agency supplied to criminals and so far nobody was arrested or even fired.

 

[waltky]

Cyberfraud through email wire-transfer scams costs businesses billions...

Cyber fraudsters reap $2.3 billion through email wire-transfer scams
Thu Apr 7, 2016 - Businesses have lost billions of dollars to fast-growing scams where fraudsters impersonate company executives in emails that order staff to transfer to accounts controlled by criminals, according to the U.S. Federal Bureau of Investigation.

Losses from these scams, which are known as "business email compromise," totaled more than $2.3 billion from October 2013 through February of this year, the FBI said in an alert issued this week, citing reports to law enforcement agencies around the globe. The cases involved some 17,642 businesses of all sizes scattered across at least 79 countries, according to the FBI alert posted on the website of the agency's Phoenix bureau.

Law enforcement and cyber security experts have been warning that business email compromise was on the rise, but the extent of losses has not previously been disclosed. Cyber security experts say they expect losses to grow as the high profits will attract more criminals. "It's a low-risk, high-reward crime. It's going to continue to get worse before it gets better," said Tom Brown, a former federal prosecutor in Manhattan.

The FBI's alert said that fraudsters go to great lengths to spoof company email accounts and use other methods to trick employees into believing that they are receiving money-transfer requests from CEOs, corporate attorneys or trusted vendors. "They research employees who manage money and use language specific to the company they are targeting, then they request a wire fraud transfer using dollar amounts that lend legitimacy," the alert said. It said they often target businesses that work with foreign suppliers or regularly perform wire transfers. The size of the losses vary widely from case to case.

MORE