Updates from March, 2016 Toggle Comment Threads | Keyboard Shortcuts

  • jkabtech 4:11 am on March 31, 2016 Permalink |
    Tags: , , Sextortionist, slammer, ,   

    Sextortionist government worker gets nearly 5 years in the slammer 

    A former US Embassy worker who sextorted, phished, broke into email accounts, stole explicit images and cyberstalked hundreds of women around the world from his London office has been sentenced to nearly 5 years in jail.

    Michael C. Ford, of Atlanta, pleaded guilty in December to nine counts of cyberstalking, seven counts of computer hacking to extort, and one count of wire fraud.

    He ran his predatory scams from his official, government-issued computer for more than two years, posing as a member of the fictional Google “Account Deletion Team.”

    He used aliases including “David Anderson” and “John Parsons”, telling victims that their email accounts would be deleted if they didn’t respond.

    Once he’d gained access to their Gmail accounts, he used the details to hijack at least 450 Google, Facebook, Twitter and iCloud profiles belonging to 200 individuals. He ransacked their personal information and photos, then he’d start extorting them.

    His preferred prey was young females, some of whom were students at US colleges and universities, with a particular focus on members of sororities and aspiring models.

    Having stolen photos and personally identifying information (PII) that included their home and work addresses, school and employment information, and names and contact information of family members, Ford went on to demand more sexually explicit material and personal information, emailing victims the photos he’d stolen and threatening to publish them if they didn’t give him what he demanded.

    Specifically, Ford demanded that his victims record and send to him videos of “sexy girls” undressing in changing rooms at pools, gyms and clothing stores.

    He was a busy guy.

    Ars Technica’s Cyrus Farivar posted a sentencing memorandum filed by prosecutors prior to the sentencing hearing on Monday.

    In it, they expressed shock at the scale of Ford’s activities:

    The sheer number of phishing emails that Ford sent is astounding.

    According to the memorandum, on one day alone – 8 April, 2015 – Ford sent phishing emails to about 800 unique email addresses.

    That’s not all. On the same date, he sent 180 followups to targets who hadn’t yet responded to his original email, plus 15 emails to potential targets who’d provided the wrong passwords.

    Jamie Perry, a prosecutor, wrote this in the filing:

    Considering Ford’s daily volume, repeated over the course of several months, the number of Ford’s potential phishing victims is staggering.

     
  • jkabtech 12:29 pm on March 30, 2016 Permalink |
    Tags: Cartwright, InternetInfographic   

    The Dark Side of the Internet|Infographic by Cartwright King 

    111

    2222

    Sorry, I could not read the content fromt this page.

    View the original article here

     
  • jkabtech 8:15 pm on March 29, 2016 Permalink |
    Tags: , ,   

    Uber’s offering you $10K to hack its software 

    Wednesday, 23 Mar 2016 | 6:40 AM ETCNBC.com

    U.S. ride-hailing app Uber is offering hackers up to $10,000 to hack its system to uncover flaws, the company said on Tuesday.

    Uber has released a “treasure map” of its software infrastructure, highlighting what each part does and the potential security vulnerabilities present.

    The idea of asking friendly, so-called White Hat hackers to test your system for a reward is not new. Several companies including Facebook, which pays hackers at least $500 to trace bugs, and Google, which offers a maximum prize pot of $20,000, have these so-called “bug bounty” programs.

    While, the idea has not always been a comfortable one for many organizations, Uber’s launch of its own prize program highlights the growing acceptance of the method amid an increasingly dangerous threat of hacking.

    “Even with a team of highly-qualified and well trained security experts, you need to be constantly on the look-out for ways to improve,” Joe Sullivan, chief security officer at Uber, said in a blog post.

    “This bug bounty program will help ensure that our code is as secure as possible.”

    Uber will offer payouts of up to $10,000 for what it deems “critical issues”.

    The first reward program season will begin on May 1 and last 90 days. Once a hacker finds a bug, they need to report it to Uber and wait for it to be verified as a genuine issue before they are paid.

    If a hacker finds a fifth issue within the 90 day sessions they will get a bonus payout. This will be 10 percent of the average payouts for all the other issues found in that session. Uber also said that it will publicly disclose and highlight the highest-quality submissions.

    Uber also revealed that it launched a private beta bug bounty program for over 200 security researchers last year and they found nearly 100 bugs, all of which were fixed.


    SHOW COMMENTS Please add a username to view or add commentsPublic Username for Commenting

    View the original article here

     
  • jkabtech 5:14 pm on March 29, 2016 Permalink |
    Tags: , , helped   

    How a hacker’s typo helped stop a $1B bank heist 

    A spelling mistake in an online bank transfer instruction helped prevent a nearly $1 billion heist last month involving the Bangladesh central bank and the New York Fed, banking officials said.

    Unknown hackers still managed to get away with about $80 million, one of the largest known bank thefts in history.

    The hackers breached Bangladesh Bank’s systems last month and stole its credentials for payment transfers, two senior Bangladesh Bank officials said.

    Commuters pass by the front of the Bangladesh central bank building Commuters pass by the front of the Bangladesh central bank building

    They then bombarded the Federal Reserve Bank of New York with nearly three dozen requests to move money from the Bangladesh bank’s account there to entities in the Philippines and Sri Lanka, the officials said.

    Four requests to transfer a total of about $81 million to the Philippines went through, but a fifth, for $20 million, to a Sri Lankan non-profit organisation got held up because the hackers misspelled the name of the NGO.

    The full name of the non-profit could not be learned. But one of the officials said the hackers misspelled “foundation” in the NGO’s name as “fandation”, prompting a routing bank, Deutsche Bank, to seek clarification from the Bangladesh central bank, which stopped the transaction.

    Deutsche Bank declined to comment.

    At the same time the unusually high number of payment instructions and the transfer requests to private entities — as opposed to other banks — made the Fed suspicious, which also alerted the Bangladeshis, the officials said.

    The details of how the hacking came to light and was stopped before it did more damage have not been previously reported. Bangladesh Bank has billions of dollars in a current account with the Fed, which it uses for international settlements.

    The transactions that got stopped totaled between $850 million and $870 million, one of the officials said.

    Last year, Russian computer security company Kaspersky Lab said a multinational gang of cybercriminals had stolen as much as $1 billion from as many as 100 financial institutions around the world in about two years.

    SHOW COMMENTS Please add a username to view or add commentsPublic Username for Commenting

    View the original article here

     
  • jkabtech 12:41 pm on March 29, 2016 Permalink |
    Tags: , ,   

    ‘Pay me or I’ll delete’! Cyber ransom on the rise 

    Bob Woods, special to CNBC.com Wednesday, 17 Feb 2016 | 10:12 AM ETCNBC.com

    Extortion, one of the oldest tricks in the criminal bag, is wreaking havoc in the brave new digital world — and generating lots of money for cyber crooks.

    Ransomware, as this latest wrinkle in malicious software, or malware, is known, stealthily infects a desktop or laptop computer, sometimes locking up the machine, but more often encrypting data and files, rendering them unusable. Then an ominous message from the attacker pops up, demanding a ransom be paid in order to unlock the computer or decrypt the data.

    The latest notable casualty is a Hollywood-area hospital that had its internal hospital computer system shut down by hackers who demanded $3.7 million in ransom this week.

    Participants at a hacking conference. Participants at a hacking conference.

    Conceivably, every business and consumer using the Internet is a potential target for ransomware perpetrators, although small and medium-size businesses (SMBs) have become particularly easy marks.

    “SMBs are incredibly vulnerable to these types of attacks,” warned Ed Cabrera, vice president of cybersecurity strategy at Trend Micro, an IT security company in Irving, Texas, adding that large companies’ IT departments usually invest in robust cybersecurity programs. “I’d say the threat level is critical. Small businesses lack the resources, the security and the multi-layer defense programs to help protect themselves. And it’s only escalating.”

    Early versions of ransomware have lurked for more than a decade, but the latest ones are increasingly sophisticated, as are the cyber crime gangs that assiduously update their malignant programs and find novel ways to elude cybersecurity experts and law enforcement.

    “Never before in the history of humankind have people across the world been subjected to extortion on a massive scale as they are today,” stated The Evolution of Ransomware, a 2015 report from Mountain View, California-based cybersecurity firm Symantec.

    While ransomware is a global menace, the Symantec report said, the U.S. is the primary bull’s eye.

    “This is a business, and it’s all about making money,” said Dmitriy Ayrapetov, director of product management at Dell SonicWALL, the Round Rock, Texas-based computer company’s network cybersecurity division.

    Just how much these nefarious businesses are making is tough to peg. Ransom demands have reportedly been for as much as $50,000, yet the average paid is $300, and nearly 3 percent of the victims agree to pony up, according to Ayrapetov. With the cyber criminals hitting millions of users, the FBI reports.

    Originally, cash cards and wire transfers were the currency of choice, but because cash can be traced, bitcoin is now the favored tender, exchanged over Tor and other anonymous online networks. “It’s the perfect payment method,” said Kevin Haley, director at Symantec Security Response. Many victims are unfamiliar with digital currencies including bitcoin, but like any diligent web enterprise, “these guys will walk the uninitiated through the process,” Haley said. “This gives you an idea of the operations and how successful they are. They have people in technical support, for God’s sake.”

    How they propagate their pernicious payloads reveals the technological state of this dark art. One pathway is through Internet browsers running versions of Java, Flash, Shockwave and other ubiquitous software and plug-ins that haven’t been updated with the latest security patches. Ransomware creators are constantly embedding advertising, pornography, shopping and other highly trafficked online networks with their handiwork, which is programmed to ferret out those browser vulnerabilities and infect computers when the end-users click on activating links.

    The other common entry point is through spam emails that contain an attachment including ransomware. The email is disguised to look like it’s from a package delivery service, such as a bank, the IRS, an employment agency or even the FBI, and prompts the recipient to download the attachment, thus unleashing the ransomware.

    The urgent ransom notes that appear are basically intended to freak out the victim to pay up or else. For example, a screen purportedly from the FBI, including its official logo, alerts the victim that suspicious downloads — of porn, copyrighted music or other illicit material — have been detected. Another ruse is that a user account needs to be updated by clicking on a link, or that tax returns aren’t complete. The attacker threatens that unless the ransom is paid, typically within a couple of days, the encrypted files will be forever lost and legal action may follow. Payment instructions follow.

    Then comes the decision of whether to pay the extortionist or not.

    “Never before in the history of humankind have people across the world been subjected to extortion on a massive scale as they are today.” -The Evolution of Ransomware, Symantec report

    “If you’re a small business, all of a sudden all your data is encrypted and you can’t recover customer information, contracts, legal documents and other vital material,” Ayrapetov said. “Is it worth being able to continue running your business for just $200?” Considering that the National Cyber Security Alliance has estimated that 60 percent of small businesses hit by cyber attacks end up going out of business, it’s a difficult call.

    Those who do pay, however, most often can recover their data. “They stick to their word,” Ayrapetov said of the hackers, “because they want the business to be a sustainable model.”

    Indeed, the ransomware business is expanding beyond computers to target smart phones, tablets and potentially anything connected to the burgeoning Internet of Things. “Imagine your watch, your router, almost any device that has an operating system — your smart television, cable box, car, doors, thermostat,” Haley said, also imagining the ransom threat. “You can heat up your house, but it will cost you a bitcoin.”

    So how can individuals and SMBs protect themselves from ransomware? “The No. 1 thing is to make backups” of critical files, said Nate Villeneuve, a principle threat intelligence analyst at FireEye, a cybersecurity firm in Milpitas, California. Beware, however, that any servers, hard drives or other backup sources connected to a network will probably be infected, too. It may be wise, therefore, to back up onto a separate source or a cloud storage service.

    “Also, keep operating systems, browsers and plug-ins, especially Flash and Java, up to date,” Villeneuve said. In other words, when you see those update notices pop up on your screen, do as they say. Off-the-shelf antivirus software adds another layer of protection, and FireEye, Symantec, Trend Micro, Dell and other cybersecurity vendors offer solutions for SMBs.

    Experts urge everyone to be extra vigilant for spam, even if it looks legitimate, and to never download an unknown file. Many companies run drills, sending employees fake emails to see how many get fooled. “Use it as a teaching moment, not ashaming moment,” Haley said.

    Meanwhile, the FBI, other law enforcement agencies and cybersecurity vendors are collaborating in the hunt for ever-evolving ransomware and “the bad guys” who scramble to stay one step ahead of the cyber cops. It’s a perpetual cat-and-mouse game, but Ayrapetov, for one, is optimistic that ransomware’s days are numbered, with a caveat: “In about two years, it will probably be difficult enough for the malware writers that they’ll start looking for something new.”

    — By Bob Woods, special to CNBC.com

    SHOW COMMENTS Please add a username to view or add commentsPublic Username for Commenting

    View the original article here

     
  • jkabtech 9:05 am on March 29, 2016 Permalink |
    Tags: adblocker, , builtin,   

    Web browser Opera adds built-in ad-blocker 

    Friday, 11 Mar 2016 | 7:50 AM ETCNBC.com

    Software company Opera has introduced a built-in ad-blocking feature into its internet browser, which will allow users to surf the web without seeing ads, in the process depriving websites of revenue.

    Opera announced the feature this week and said the tool would allow users to choose whether or not to block ads from a particular website while browsing the internet.

    The company claims that using the ad blocker on its browser will load web pages on average 90 percent faster than using Internet Explorer and 45 percent faster than using Google Chrome with an ad-blocker extension.

    Security

    Around 5 percent of internet browsing is performed using Opera, according to web analytics service StatCounter. In comparison, Google Chrome is the most used browser, accounting for 45 percent of activity.

    In a blog post, the company explained its reasons for introducing the tool was to improve the consumer experience and send a message to advertisers that internet ads are too large and intrusive.

    “Today, bloated online ads use more download bandwidth than ever, causing webpages to load more slowly, at times covering the content that you’re trying to see or trying to trick you into clicking ‘fake download buttons’,” wrote Krystian Kolondra, senior vice president of global engineering for Opera, in the blog post .

    “Another rising concern is privacy and tracking of your online behavior.”

    While ad-free browsing may be faster and more convenient for web users, websites end up paying a price. Ad-blocking cost digital publishers an estimated $22 billion in revenue in 2015, with around 198 million global people using the software, according to a report by PageFair and Adobe.

    In response to the rise of ad-blocking, the New York Times began trialling a system this week that detected visitors to the news site using an ad-blocker and asked them to purchase a subscription or “whitelist” the site (make it exempt from the ad-blocker).

    Opera follows Samsung and mobile phone company Three in implementing ad-blocking services. Previously, internet users had to download and install ad-blocking software.

    According to Eleni Marouli, senior analyst at IHS Technology, there is a trend of telecom companies trying to be included in the mobile advertising ecosystem.

    “Telcos have traditionally been just data ‘pipes’ which provided the infrastructure for mobile internet and hence mobile advertising,” she said in a report. “They have attempted to monetise content through advertising, but have made little progress in claiming significant market share.

    “The ad blocking announcement (by Three) is a plea to companies like Facebook and Google to include Three and other mobile operators in the mobile advertising value chain.”

    Follow CNBC International on Twitter and Facebook.

    SHOW COMMENTS Please add a username to view or add commentsPublic Username for Commenting

    View the original article here

     
  • jkabtech 5:30 am on March 29, 2016 Permalink |
    Tags: , , , , Lahore, , stumbles   

    Facebook stumbles with ‘Safety Check’ after Lahore blast 

    Facebook apologized to users on the other side of the world from Sunday’s suicide bombing in Pakistan who received computer-addressed notices asking if they were safe.

    Facebook users as far away as New York and Virginia showed notifications they received on social media site Twitter.

    “Unfortunately, many people not affected by the crisis received a notification asking if they were okay,” Facebook said in a post on its site. “This kind of bug is counter to the product’s intent… We apologize to anyone who mistakenly received the notification.”

    Some of the notices went out as text messages to mobile phones and asked, “Are you affected by the explosion?” without giving any indication of where, or how close, the recipients were to danger.

    Pakistani security officials collect evidence at the cordoned-off site of the March 27 suicide bombing, in Lahore on March 28, 2016. Pakistani security officials collect evidence at the cordoned-off site of the March 27 suicide bombing, in Lahore on March 28, 2016.

    More common notices displayed on computer screens and mobile devices said the explosion was in Lahore. The blast by a suicide bomber at a park killed at least 65 people, mostly women and children.

    The flawed notices were the latest stumble in Facebook’s evolving “Safety Check” practice of prompting users to quickly let their friends know they are okay after being in the vicinity of a tragedy.

    In November, hours after blasts in Nigeria, Facebook activated Safety Check after criticism that it was being selective about deploying it. A few days before those blasts, Facebook had used it after gun and bomb attacks in Paris but not after suicide bombings in Beirut.

    Facebook previously had used the feature after natural disasters, but not bombings or attacks.

    Follow CNBC International on Twitter and Facebook.

    SHOW COMMENTS Please add a username to view or add commentsPublic Username for Commenting

    View the original article here

     
  • jkabtech 1:20 am on March 29, 2016 Permalink |
    Tags: , , , ,   

    Report: 1.5 million Verizon customers hacked 

    Thursday, 24 Mar 2016 | 4:22 PM ETCNBC.com

    A pedestrian talks on his cell phone while walking past the Verizon Communications Inc. headquarters in New York. Andrew Harrer | Bloomberg | Getty ImagesA pedestrian talks on his cell phone while walking past the Verizon Communications Inc. headquarters in New York.

    More than 1.5 million Verizon Enterprise customers had their contact information leaked on an underground cybercrime forum this week, according to cybersecurity blogger Brian Krebs.

    A security vulnerability, now fixed, provided an opening for the attacker, the business-to-business arm of the mobile and telecom giant told KrebsoOnSecurity. The breach involved basic contact information, not propriety network information, the company told Krebs.

    Prices of the customer data ranged from $10,000 to $100,000, Krebs reported.

    Verizon, used by almost all Fortune 500 companies, is widely known for its cybersecurity prowess, and releases an annual report on avoiding cyberthreats, Krebs wrote.

    Verizon told CNBC that impacted Verizon Enterprise customers are being notified, and no data about consumer customers was involved.

    For the full story, read more at KrebsOnSecurity.com.

    — CNBC’s Ryan Ruggiero contributed to this report.

    SHOW COMMENTS Please add a username to view or add commentsPublic Username for Commenting

    View the original article here

     
  • jkabtech 9:16 pm on March 28, 2016 Permalink |
    Tags: , , ,   

    Tax scammers new target? Your medical records 

    Friday, 11 Mar 2016 | 9:30 AM ETCNBC.com

    Cybercriminals increasingly are using stolen medical records for other types of identity theft beyond health-care fraud, including filing fraudulent tax returns.

    Last year, almost 100 million health-care records were compromised, making them a hacker’s No. 1 target, according to a report by IBM. Now, hackers have realized “you can use those profiles for normal fraud stuff,” wrote one seller of medical records on a website shown to CNBC by IBM.

    Hackers sell the medical records to other criminals on the so-called dark Web, a portion of the Internet not indexed by search engines. In order to access these websites, you need to download a special browser.

    More than 30 breaches of health-care data involving 500 or more people have already been reported in 2016, according to the U.S. Department of Health and Human Services’ Office for Civil Rights.

    Read MoreAs health data breaches increase, what do you have to lose?

    545861843 Tek Images | Science Photo Library | Getty Images

    Along with that bounty of personal information compromised by hackers in health-care breaches, experts expect a similar increase in tax fraud this year, possibly rising to as much as $21 billion, according to the IRS.

    In fact, the agency has suspended processing of 4.8 million suspicious returns so far this year, worth $11.8 billion, the IRS said in an email to CNBC. Among that number are 1.4 million returns with confirmed identity theft, totaling $8.7 billion.

    Some fraudulent returns do get through. The Government Accountability Office found that in 2013, the IRS paid out $5.8 billion in tax refunds where the victim’s identity was stolen.

    Read MoreTax-refund fraud to hit $21 billion, and there’s little the IRS can do

    The fake tax returns are part of how cybercriminals cash in on big breaches. They work like organized crime rings, with “specialists” for each part of the attack.

    “You have experts in different fields. There are those who are great at obtaining information. And then there are other guys, who will buy this data and use it to commit fraud,” said Etay Maor, an executive security advisor at IBM Security.

    Health-care records fetch higher prices, as much as 60 times that of stolen credit card data, because they contain much more information a cybercriminal can use.

    “Criminals want what they refer to as fulls, full information about their victim. Name, birth date, Social Security number, address, anything they can learn about their victim. All that information is in your health-care records,” said Maor.

    Part of the reason for the higher prices is that while credit card numbers can change, your Social Security number generally stays the same.

    “As long as entities use Social Security numbers to authenticate you, the criminals will have a record that is never-ending,” said Maor.

    Read MoreBe prepared: It’s tax-return fraud season

    While a Social Security number can be purchased on the dark Web for around $15, medical records fetch at least $60 per record because of that additional information, such as addresses, phone numbers and employment history. That in turn allows criminals to file fake tax returns.

    Surprisingly, the dark Web is actually easy to use, with websites resembling those of popular e-commerce sites.

    “It’s exactly like going on a store for criminals. Criminals actually take the time to write reviews about their fellow peers and how good the information they sold was,” Maor said.

    To protect yourself, Maor said avoid giving out your Social Security number, even to your doctor.

    “Every time you give information to any entity, you’re actually exposing yourself in one way or another. If your doctor asks you for your Social Security number you should not be afraid to ask why. Why do need that information to take care of me?” Maor said.

    Read MoreE-filing taxes? Watch out for fraud.

    In most cases, health-care providers do not need your Social Security number. If the doctor insists on having it, Maor suggests you ask for a changeable PIN as a substitute to authenticate you.

    Experts also advise you file your tax returns as soon as you can. Filing earlier gives criminals less time to file a fake return in your name.

    Security experts also say if you have been a victim of a health-care breach you should monitor your brokerage, bank and credit card accounts for any unusual activity.

    You should also let the three major credit reporting companies — Equifax, Experian and TransUnion — know so they can place fraud alerts on your account.

    In addition, you should take advantage of free credit monitoring that may be offered to victims of breaches.

    SHOW COMMENTS Please add a username to view or add commentsPublic Username for Commenting

    View the original article here

     
  • jkabtech 12:54 am on March 24, 2016 Permalink |
    Tags: , , , ,   

    Ex-FBI official: IRS is a favorite hacking target 

    Wednesday, 10 Feb 2016 | 4:27 PM ETCNBC.com

    An automated attack on the IRS’ computer systems in January used stolen personal data to create fake logins through the agency’s Electronic Filing PIN service.

    About 464,000 Social Security numbers were used in the attack on the IRS.gov system, the agency said late Tuesday, and 101,000 of those numbers allowed the attackers to get at an E-file PIN. The PIN can be used to electronically file a tax return.

    “No personal taxpayer data was compromised or disclosed by IRS systems,” the IRS said in a statement Tuesday. “The IRS also is taking immediate steps to notify affected taxpayers by mail that their personal information was used in an attempt to access the IRS application. The IRS is also protecting their accounts by marking them to protect against tax-related identity theft.”

    The IRS also said that the attack was not related to an outage of its computer systems that hampered its ability to process tax returns last week.

    “The IRS and taxpayer data is the gold standard. It’s the treasure trove of information that they’re looking for. They can do a lot with it,” said former FBI Assistant Director Chris Swecker on CNBC’s “Power Lunch” on Wednesday.

    Though the culprit behind the attack has not yet been confirmed, the IRS is “the favorite target” of Russian criminal organizations, which were involved in previous IRS hacking attacks, Swecker added.

    Hackers in 2015 were able to access tax information for what may have been as many 338,000 victims through the IRS’ Get Transcript system, the IRS previously reported. That system allows taxpayers to pull up returns and filings from years past.

    “Taxpayer data or taxpayer returns have so much information that not only can they file false tax returns and get refunds, they can also sell that data on the black market and make an additional profit,” he said.

    Using publicly available data to authenticate taxpayers is one of the main problems with the current system, Swecker noted. People oftentimes use questions that can be answered by looking at their Facebook or LinkedIn pages, which are easily accessible to hackers.

    “This is what organized crime looks like in the year 2016. These are the most profitable, most capable criminals in the world and we’ve got to do a better job of keeping them out.”

    — NBC News contributed to this report.

    SHOW COMMENTS Please add a username to view or add commentsPublic Username for Commenting

    View the original article here

     
  • jkabtech 11:26 pm on March 20, 2016 Permalink |
    Tags: alarm, , , trips   

    Typo trips the alarm in $101M cyber bank heist 

    Kara Scannell and Victor Mallet Friday, 11 Mar 2016 | 1:33 AM ETFinancial Times

    A $101 million cyber heist has left central bank officials from Bangladesh to New York arguing over what may be one of the largest and most audacious bank raids in history.

    Hackers allegedly breached the Bangladesh central bank’s security system and then masqueraded as Bangladeshi officials to submit a series of requests for the New York Federal Reserve to transfer large tranches of money from its account there.

    Bangladesh Bank told the Financial Times last night that a total of $101 million was wrongly transmitted, of which $20 million went to a Sri Lankan bank. It was this last payment that raised suspicions over the authenticity of the transfers.

    “The Sri Lankan bank did not disburse it immediately and we could recover the full amount. The remaining $81m was transmitted to a few accounts of a Philippine bank,” the central bank said. Anti-money laundering authorities in the Philippines were co-operating with Bangladesh and had already frozen the relevant bank accounts, it added.

    More from FT.com

    Health care sector warned against hack attacks
    One in four companies hit by cyber attack
    How companies are hit by email scams

    An experienced cyber expert, who had worked at the World Bank and is currently employed as an “IT governance specialist” on a Bangladesh Bank project, was investigating the case with his forensic team, the central bank said. “We have confidence the stolen funds will be recovered in full.”

    Central banks are ripe targets for criminal groups given the potential windfall they can make if just one of their attempts succeeds.

    While the money may ultimately be recovered there is a growing dispute over who is to blame for allowing the transfers.

    Abul Maal Abdul Muhith, Bangladesh’s finance minister, told reporters in Dhaka this week that his government was considering filing a case against the New York Fed and that he was also surprised by the failure of his own country’s central bank to report the crime.

    He said that the Fed officials “cannot avoid their responsibility in any way”, and added that he first learned of the scam from press reports. “Bangladesh Bank authorities did not inform [us] of the matter,” he said.

    A spokesperson for the NY Fed said, however, that its systems were not hacked and the transfers were made after it followed protocol.

    “To date, there is no evidence of any attempt to penetrate Federal Reserve systems in connection with the payments in question, and there is no evidence that any Fed systems were compromised.”

    The Fed spokesperson added, “The payment instructions in question were fully authenticated by the SWIFT messaging system in accordance with standard authentication protocols. The Fed has been working with the central bank since the incident occurred, and will continue to provide assistance as appropriate.”

    Other transfers were reportedly attempted, but were ultimately stopped before $1bn could be stolen from the account.

    Bangladesh banking officials told Reuters that the cyber criminals were ultimately stopped when they made a spelling mistake in one of their transfer instructions. The hackers misspelled the name of a Sri Lankan non-governmental organisation, writing “foundation” as “fandation”. That prompted a routing bank to query the transaction and led to the crime being stopped, Reuters reported.

    Criminal organisations have made a business of “spoofing” email accounts and impersonating individuals, company executives and others into transferring money offshore. Cyber criminals have targeted the US financial sector in the past.

    JPMorgan Chase was hacked in 2014 and last year US authorities announced charges against several individuals who were allegedly involved in a securities fraud scheme. US prosecutors have also charged a UK citizen for hacking into the Federal Reserve and stealing sensitive personal information and other US government agencies. Those charges are still pending.

    SHOW COMMENTS Please add a username to view or add commentsPublic Username for Commenting

    View the original article here

     
  • jkabtech 3:17 pm on March 20, 2016 Permalink |
    Tags: , arguing, consequences, terrible   

    DOJ arguing for ‘terrible consequences’: Apple 

    Monday, 14 Mar 2016 | 12:48 PM ET

    Apple counsel Ted Boutrous told CNBC on Monday that Justice Department lawyers “got a little bit carried away” with their rhetoric in the latest court filing in the tech giant’s legal battle against the government over encryption.

    “There is a disconnect between the rhetoric in the Justice brief and what we have heard from [FBI Director James] Comey and President Obama,” Boutrous said. “The lawyers who filed the brief got a little bit carried away with their rhetoric,” he told CNBC.

    Boutrous said Apple will shortly respond to the government on why the Justice Department arguments are wrong and “would have terrible consequences” for national security and citizens. Ultimately, though, Apple does not believe the right forum for this battle is the courts.

    “This is a policy issue … the American people have to resolve,” Boutrous said. “It’s for Congress to resolve,” he added.

    Last week, Apple senior vice president and general counsel Bruce Sewell said in a call with reporters that the DOJ has become “so desperate” that it has “thrown all decorum to the wind.” He added, “The tone of the brief reads like an indictment.”

    Boutrous said it would be a mistake to think the issue is just about Apple vs. the government. He said there is a cavalcade of tech companies and civil liberties groups and a family member of a victim of San Bernardino who filed court briefs supporting Apple’s position.

    “This case … will set a precedent. … It will be used around the country and world to unlock phones,” Boutrous said. “It’s a big issue that goes far beyond Apple and affects all tech companies and all citizens who use these devices, and that will be front and center when we argue in court,” the Apple lawyer said.

    “It’s a big issue that goes far beyond Apple and affects all tech companies and all citizens who use these devices, and that will be front and center when we argue in court.” -Ted Boutrous, Apple counsel

    Boutrous noted that comments from President Obama and others in government in the past have not been nearly as extreme as the Justice legal brief. Boutrous said that people who interpret President Obama’s comments as supporting a back door to encryption are ignoring many previous comments from advisors to the president, including the Secretary of Defense and a commission on technology that Obama appointed in 2013. “They are all strongly supportive of encryption and against back doors that would make us all vulnerable,” Boutrous said.

    “President Obama is someone who will listen to both sides of a dialogue and that’s what we want here — is a dialogue and a conversation — as President Obama put it awhile back about these important issues,” the Apple lawyer said.

    Boutrous told CNBC in an earlier February interview that “the director of the FBI, James Comey, has said this is one of the hardest issues he’s ever faced in government.”

    Last Friday, President Obama spoke at the SXSW conference in Austin and said that while recognizing the rights of citizens, there will be some constraints imposed by the government in order to make sure “we are safe and secure and living in a civilized society.”

    President Obama said the encryption issue won’t be settled with an “absolutist view,” but he also said we are living in a world that is equivalent to all citizens “walking around with the equivalent of a Swiss bank account in our pockets.”

    Apple counsel Boutrous told CNBC: “The government is often confronted with competing interests. Our Constitution creates limits.” He added, “Here we are, talking about privacy and compelling speech … ordering Apple to go and write software and create a new operating system that the company thinks is dangerous.”

    Boutrous also said the government has already been given access to information in the San Bernardino case and Apple cooperated immediately with the investigation. “It’s not like there’s a vacuum of information. But we have a system that protects the individual rights of citizens, privacy and the like. We also respect the needs of law enforcement. And the issue is how do we reconcile those competing interests. It’s not an issue that the court can resolve. It’s for the Congress,” he said.


    SHOW COMMENTS Please add a username to view or add commentsPublic Username for Commenting

    View the original article here

     
  • jkabtech 11:42 am on March 20, 2016 Permalink |
    Tags: , , , WhatsApps   

    WhatsApp’s privacy now in government’s crosshairs 

    Saturday, 12 Mar 2016 | 2:38 PM ETThe New York Times

    Whatsapp app

    WASHINGTON — While the Justice Department wages a public fight with Apple over access to a locked iPhone, government officials are privately debating how to resolve a prolonged standoff with another technology company, WhatsApp, over access to its popular instant messaging application, officials and others involved in the case said.

    No decision has been made, but a court fight with WhatsApp, the world’s largest mobile messaging service, would open a new front in the Obama administration’s dispute with Silicon Valley over encryption, security and privacy.

    WhatsApp, which is owned by Facebook, allows customers to send messages and make phone calls over the Internet. In the last year, the company has been adding encryption to those conversations, making it impossible for the Justice Department to read or eavesdrop, even with a judge’s wiretap order.

    Read MoreSome San Bernardino kin side with govt vs. Apple

    As recently as this past week, officials said, the Justice Department was discussing how to proceed in a continuing criminal investigation in which a federal judge had approved a wiretap, but investigators were stymied by WhatsApp’s encryption.

    The Justice Department and WhatsApp declined to comment. The government officials and others who discussed the dispute did so on condition of anonymity because the wiretap order and all the information associated with it were under seal. The nature of the case was not clear, except that officials said it was not a terrorism investigation. The location of the investigation was also unclear.

    To understand the battle lines, consider this imperfect analogy from the predigital world: If the Apple dispute is akin to whether the F.B.I. can unlock your front door and search your house, the issue with WhatsApp is whether it can listen to your phone calls. In the era of encryption, neither question has a clear answer.

    Some investigators view the WhatsApp issue as even more significant than the one over locked phones because it goes to the heart of the future of wiretapping. They say the Justice Department should ask a judge to force WhatsApp to help the government get information that has been encrypted. Others are reluctant to escalate the dispute, particularly with senators saying they will soon introduce legislation to help the government get data in a format it can read.

    More from The New York Times:

    Amid Bluster and Bragging, Trump Yearned to Gain Stature
    Where Some See Conservation, Others See U.S. Land Grab
    A Low Down Payment, No Insurance Required

    Whether the WhatsApp dispute ends in a court fight that sets precedents, many law enforcement officials and security experts say that such a case may be inevitable because the nation’s wiretapping laws were last updated a generation ago, when people communicated by landline telephones that were easy to tap.

    “The F.B.I. and the Justice Department are just choosing the exact circumstance to pick the fight that looks the best for them,” said Peter Eckersley, the chief computer scientist at the Electronic Frontier Foundation, a nonprofit group that focuses on digital rights. “They’re waiting for the case that makes the demand look reasonable.”

    A senior law enforcement official disputed the notion that the government was angling for the perfect case and that a court fight was inevitable.

    This is not the first time that the government’s wiretaps have been thwarted by encryption. And WhatsApp is not the only company to clash with the government over the issue. But with a billion users and a particularly strong international customer base, it is by far the largest.

    Last year, a dispute with Apple over encrypted iMessages in an investigation of guns and drugs, for instance, nearly led to a court showdown in Maryland. In that case, as in others, the company helped the government where it was able to, and the Justice Department backed down.

    Jan Koum, WhatsApp’s founder, who was born in Ukraine, has talked about his family members’lfears that the government was eavesdropping on their phone calls. In the company’s early years, WhatsApp had the ability to read messages as they passed through its servers. That meant it could comply with government wiretap orders.

    But in late 2014, the company said that it would begin adding sophisticated encoding, known as end-to-end encryption, to its systems. Only the intended recipients would be able to read the messages.

    “WhatsApp cannot provide information we do not have,” the company said this month when Brazilian police arrested a Facebook executive after the company failed to turn over information about a customer who was the subject of a drug trafficking investigation.

    The iPhone case, which revolves around whether Apple can be forced to help the F.B.I. unlock a phone used by one of the killers in last year’s San Bernardino, Calif., massacre, has received worldwide attention for the precedent it might set. But to many in law enforcement, disputes like the one with WhatsApp are of far greater concern.

    For more than a half-century, the Justice Department has relied on wiretaps as a fundamental crime-fighting tool. To some in law enforcement, if companies like WhatsApp, Signal and Telegram can design unbreakable encryption, then the future of wiretapping is in doubt.

    “You’re getting useless data,” said Joseph DeMarco, a former federal prosecutor who now represents law enforcement agencies that filed briefs supporting the Justice Department in its fight with Apple. “The only way to make this not gibberish is if the company helps.”

    “As we know from intercepted prisoner wiretaps,” he added, “criminals think that advanced encryption is great.”

    Businesses, customers and the United States government also rely on strong encryption to help protect information from hackers, identity thieves and foreign cyberattacks. That is why, in 2013, a White House report said the government should “not in any way subvert, undermine, weaken, or make vulnerable generally available commercial encryption.”

    In a twist, the government helped develop the technology behind WhatsApp’s encryption. To promote civil rights in countries with repressive governments, the Open Technology Fund, which promotes open societies by supporting technology that allows people to communicate without the fear of surveillance, provided $2.2 million to help develop Open Whisper Systems, the encryption backbone behind WhatsApp.

    Because of such support for encryption, Obama administration officials disagree over how far they should push companies to accommodate the requests of law enforcement. Senior leaders at the Justice Department and the F.B.I. have held out hope that Congress will settle the matter by updating the wiretap laws to address new technology. But the White House has declined to push for such legislation. Josh Earnest, the White House spokesman, said on Friday that he was skeptical “of Congress’s ability to handle such a complicated policy area.”

    James B. Comey, the F.B.I. director, told Congress this month that strong encryption was “vital” and acknowledged that “there are undoubtedly international implications” for the United States to try to break encryption, especially for wiretaps, as in the WhatsApp case. But he has called for technology companies and the government to find a middle ground that allows for strong encryption but accommodates law enforcement efforts. President Obama echoed those remarks on Friday, saying technology executives who were “absolutist” on the issue were wrong.

    Those who support digital privacy fear that if the Justice Department succeeds in forcing Apple to help break into the iPhone in the San Bernardino case, the government’s next move will be to force companies like WhatsApp to rewrite their software to remove encryption from the accounts of certain customers. “That would be like going to nuclear war with Silicon Valley,” said Chris Soghoian, a technology analyst with the American Civil Liberties Union.

    That view is one reason government officials have been hesitant to rush to court in the WhatsApp case and others like it. The legal and policy implications are great. While no immediate resolution is in sight, more and more companies offer encryption. And technology analysts say that WhatsApp’s yearlong effort to add encryption to all one billion of its customer accounts is nearly complete.

    Eric Lichtblau contributed reporting from Washington and Katie Benner from San Francisco.

    SHOW COMMENTS Please add a username to view or add commentsPublic Username for Commenting

    View the original article here

     
  • jkabtech 7:32 am on March 20, 2016 Permalink |
    Tags: , automakers, , , ,   

    FBI warns automakers, owners about hacking risks 

    Friday, 18 Mar 2016 | 6:22 AM ETReuters

    The FBI and U.S. National Highway Traffic Safety Administration (NHTSA) issued a bulletin Thursday warning that motor vehicles are “increasingly vulnerable” to hacking.

    “The FBI and NHTSA are warning the general public and manufacturers — of vehicles, vehicle components, and aftermarket devices — to maintain awareness of potential issues and cybersecurity threats related to connected vehicle technologies in modern vehicles,” the agencies said in the bulletin.

    In July 2015, Fiat Chrysler Automobiles recalled 1.4 million U.S. vehicles to install software after a magazine report raised concerns about hacking, the first action of its kind for the auto industry.

    Also last year, General Motors issued a security update for a smartphone app that could have allowed a hacker to take control of some functions of a plug-in hybrid electric Chevrolet Volt, like starting the engine and unlocking the doors.

    In January 2015, BMW said it had fixed a security flaw that could have allowed up to 2.2 million vehicles to have doors remotely opened by hackers.

    “While not all hacking incidents may result in a risk to safety – such as an attacker taking control of a vehicle — it is important that consumers take appropriate steps to minimize risk,” the FBI bulletin said Thursday.

    NHTSA Administrator Mark Rosekind told reporters in July 2015 that automakers must move fast to address hacking issues.

    The Fiat Chrysler recall came after Wired magazine reported hackers could remotely take control of some functions of a 2014 Jeep Cherokee, including steering, transmission and brakes. NHTSA has said there has never been a real-world example of a hacker taking control of a vehicle.

    Two major U.S. auto trade associations — the Alliance of Automobile Manufacturers and Association of Global Automakers — ate last year opened an Information Sharing and Analysis Center. The groups share cyber-threat information and potential vulnerabilities in vehicles.

    The FBI bulletin Thursday warned that criminals could exploit online vehicle software updates by sending fake “e-mail messages to vehicle owners who are looking to obtain legitimate software updates. Instead, the recipients could be tricked into clicking links to malicious Web sites or opening attachments containing malicious software.”

    SHOW COMMENTS Please add a username to view or add commentsPublic Username for Commenting

    View the original article here

     
  • jkabtech 3:28 am on March 20, 2016 Permalink |
    Tags: , , ,   

    News sites hit by malicious ad attack: Report 

    Wednesday, 16 Mar 2016 | 8:57 AM ETCNBC.com

    Several leading news websites have been affected by malicious adverts which have caused some users to be infected by ransomware, according to the BBC.

    The U.K. broadcaster reported that its own website had been targeted. It also reported that sites including MSN, the New York Times, AOL and Newsweek had been effected. MSN and Newsweek were not immediately available for comment when contacted by CNBC.

    A spokesperson for the NYT told CNBC that it was still investigating whether it was affected and said the software was impacting ads from third parties that were beyond their control. AOL declined to comment.

    Hacker hacking

    Ransomware is a type of malware – or malicious software – that has become increasingly common. It steals your files and data, encrypts it, and then asks you to pay money to get it back.

    The BBC added, citing security researchers, that the malicious ads had been sent to the sites via four separate ad networks. It added that the attack was aimed mainly at people browsing these sites in the U.S.

    Click here to read the full report on the BBC’s website.

    —CNBC’s Arjun Kharpal contributed to this article.

    SHOW COMMENTS Please add a username to view or add commentsPublic Username for Commenting

    View the original article here

     
  • jkabtech 11:05 am on March 14, 2016 Permalink |
    Tags: Bestselling, , , , Visualistan,   

    The Bestselling Mobile Phones Of The Last 20 Years | infographic by Visualistan 

    584e0392f05e02ac42d6e1dbf151af81

    The Bestselling Mobile Phones of the Last 20 Years #Infographic

    Sorry, I could not read the content fromt this page.

    View the original article here

     
  • jkabtech 6:55 am on March 14, 2016 Permalink |
    Tags: Amazing, , LiveScience, Rocked, , ,   

    12 Amazing Women Who Totally Rocked at Science | Infographic by LiveScience 

    czc

    womenRock_infoGraphic

    Sorry, I could not read the content fromt this page.

    View the original article here

     
  • jkabtech 2:51 am on March 14, 2016 Permalink |
    Tags: Alabama, , Birmingham, , , ,   

    The Future of Mobile Application | Infographic by University of Alabama at Birmingham 

    1111

    2222

    Sorry, I could not read the content fromt this page.

    View the original article here

     
  • jkabtech 9:47 am on March 13, 2016 Permalink |
    Tags: , ,   

    Beware this phishing email tax scam from ‘the boss’ 

    Wednesday, 9 Mar 2016 | 8:54 AM ETUSA Today

    W-2 wage and tax statement forms. Andrew Harrer | Bloomberg | Getty ImagesW-2 wage and tax statement forms.

    Get an e-mail from a big boss at your company and when she says hop-to-it, well, you make sure you jump on the spot.

    We can picture all too well our own version of Miranda in The Devil Wears Prada issuing some detailed demand and crisply concluding: “That’s all.”

    So I guess it should be no surprise that the scammers are now spoofing e-mails pretending to be the CEO or some other top executive at the company and demanding a long list of W-2 files via PDF format. Immediately. As in yesterday. Seriously.

    The phishing scheme involving W-2s isn’t exactly a new trick. But it can be brand new to someone who never ran into it in the past.

    The thing is, we can never, ever forget that fake tax returns are now a huge operation for criminal activity. Tax refund fraud losses are estimated to reach $21 billion by 2016, according to the Treasury Inspector General for Tax Administration, which provides independent oversight of the IRS.

    Yes, some stressed-out employees in HR and elsewhere have already been tricked into doing this very dumb thing involving W-2 forms.

    Watchdog KrebsOnSecurity reported in February that spoofing e-mails were cropping up this tax season with requests for W-2 form information.

    One clue of a fraud: The phishers used someone’s GoDaddy e-mail server and the return address was not associated with the company.

    The IRS reported that this latest scheme is part of a surge of phishing e-mails seen this year. It has already claimed some victims, the IRS said, as payroll and human resources offices mistakenly e-mail payroll data, including W-2 forms that contain Social Security numbers and other personally identifiable information.

    All that information, of course, makes it super easy to create a fake tax return to cook up an over-the-top refund for the crooks.

    It’s not the CEO that’s sending that e-mail; it’s a cyber crook.

    The Evening Post Industries, which owns The Post and Courier in Charleston, S.C., as well as other properties, told its employees that it was a victim of the e-mail spoofing on Feb. 26.

    Yes, someone believed that a fake e-mail actually was from the CEO, who somehow wanted a summary of all 2015 employee W-2 information.

    “We are working diligently to investigate this occurrence,” said John Barnwell, president and CEO of Evening Post Industries in an e-mail response to the Free Press.

    “We will provide free credit monitoring and identity restoration services for every employee affected.”

    Some details that could be in a phishing e-mail, according to the IRS:

    “Kindly send me the individual 2015 W-2 (PDF) and earnings summary of all W-2 of our company staff for a quick review.” “Can you send me the updated list of employees with full details (Name, Social Security Number, Date of Birth, Home, Address, Salary).””I want you to send me the list of W-2 copy of employees wage and tax statement for 2015, I need them in PDF file type, you can send it as an attachment. Kindly prepare the lists and email them to me asap.”

    Adam Levin, chairman and founder of Identity Theft 911 and author of Swiped, said that W-2 information offers key data for sophisticated criminals who are crafting fraudulent tax returns.

    “It’s a goldmine for the bad guys with taxes,” Levin said.

    As with other successful phishing attempts, there is a level of plausibility here, too. The top executive might need, maybe, some payroll data at some point. The e-mail could even look authentic and even have the correct name of the company’s CEO or executive.

    Levin noted that fraudsters use other e-mail attempts too to convince everyday consumers that they might have a refund waiting or need to fix a tax problem.

    I received an e-mail in late February that clearly was a scam involving a “Tax Refund Notification” — reportedly from the Australian Government or My.Gov. “To access your tax refund, please click here.” Do not do it.

    The IRS noted in one of its alerts this year that the IRS does not initiate contact with taxpayers by e-mail to request personal or financial information. No text messages, no messages sent via Facebook.

    Levin said consumers need to remember that some major data breaches — such as those at Anthem, Premera, and Excellus Blue Cross Blue Shield — have put more than 100 million Social Security numbers at risk.

    On top of that, people have engaged in so much oversharing in social media that some pieces of information that can be used in hacking, such as someone’s high school or maiden name, are put in play as well.

    “It’s going to continue to grow and grow,” Levin warned.

    SHOW COMMENTS Please add a username to view or add commentsPublic Username for Commenting

    View the original article here

     
  • jkabtech 9:39 pm on March 12, 2016 Permalink |
    Tags: , , , ebooks, rejects, Supreme   

    Supreme Court rejects Apple e-books appeal 

    Monday, 7 Mar 2016 | 10:04 AM ETReuters

    The U.S. Supreme Court Building in Washington. The U.S. Supreme Court Building in Washington.

    The U.S. Supreme Court on Monday declined to hear Apple’s challenge to an appellate court decision that it conspired with five publishers to increase e-book prices, meaning it will have to pay $450 million as part of a settlement.

    The court’s decision not to hear the case leaves in place a June 2015 ruling by the New York-based 2nd U.S. Circuit Court of Appeals that favored the U.S. Department of Justice and found Apple liable for engaging in a conspiracy that violated federal antitrust laws.

    SHOW COMMENTS Please add a username to view or add commentsPublic Username for Commenting

    View the original article here

     
c
Compose new post
j
Next post/Next comment
k
Previous post/Previous comment
r
Reply
e
Edit
o
Show/Hide comments
t
Go to top
l
Go to login
h
Show/Hide help
shift + esc
Cancel
%d bloggers like this: