Homeland Security database leaks employee information

 Articles of Interest, Crimes & Criminal Activity (Organized Crime, Narcotics, Predators, Cyber Crime, Cyber Stalking, UnSolved), Firearms, Weapons & Personal Safety, Law Enforcement, National security, Terrorism, Cyber Terrorism & Related Crimes, Social Media, Technology & Digital Security  Comments Off
May 282013
 

Homeland Security database leaks employee information


PC World
by Ellen Messmer
May 26, 2013

Homeland Security database leaks employee information

Homeland Security database leaks employee information

 

The Department of Homeland Security (DHS) said lat week it has notified employees and others with DHS clearance to be on alert for potential fraud due to a vulnerability discovered in software used by a vendor to process personally identifiable information (PII) for background investigations. The software hole in had been there since July 2009.

“During the week of May 20, 2013, DHS is alerting employees of the potential vulnerability and outlining ways that they can protect themselves, including requesting fraud alerts and credit reports,” the DHS said in its statement “Privacy Response to Potential PII Incident.” DHS says a vulnerability in software that an unnamed vendor uses to maintain a database of background investigations had a hole in it that left open to potential unauthorized access information that includes name, Social Security number, and date of birth.

DHS says the software vulnerability has now been fixed and there’s no evidence that this PII released to DHS clearances has been stolen from the vendor-maintained database. (See also “Ten Best Practices to Prevent Data and Privacy Breaches.”)

* Follow-up resources offered

DHS has set up a call center to address any employee concerns related to the notifications and is advising affected individuals concerned about potential fraud to consider taking certain measures, such as letting potential creditors know to contact them before opening a new account in their name. DHS also listed the three credit reporting firms, Equifax, Experian, and TransUnion, saying an individual can place a fraud alert.

DHS also indicated it’s in a legal confrontation with the unnamed vendor with this background investigations database and has raised a “stop work request” while engaging with the “vendor’s leadership to pursue all costs incurred mitigating the damages.” DHS is in talks with this unspecified vendor on “notification requirements for current contractors, inactive applicants and former employees and contractors.”

DHS was alerted by a law enforcement partner of the potential vulnerability, and says it took immediate steps to address the problem with the vendor. Though DHS does not know that PII related to this security hole has been stolen, it’s investigating the matter.

Employees who submitted background investigation information, and individuals who received a DHS clearance between July 2009 and May 2013, primarily for positions at the DHS headquarters, Customs and Border Protection (CBP), and Immigration and Customs Enforcement, may be affected.

* Spreading word to former contacts

DHS also says it is making “every possible effort” to reach out to former employees, applicants, former contractors, and “similar individuals who received a DHS clearance that may be impacted.”

In its privacy notification alert, DHS sought to address concerns, such as whether employees should alert the contacts they provided for the background investigation. DHS says it has no reason to believe that kind of step is needed.

As to whether DHS will continue to work with the unnamed vendor whose software had the security hole, the Department indicated the CBP has put the brakes on work at this time while DHS is “evaluating all legal options.”

 

Direct Link:  http://www.pcworld.com/article/2039752/homeland-security-database-leaks-employee-information.html

Bank security weaknesses led to cyber looting of $45M from ATMs

 Articles of Interest, Crimes & Criminal Activity (Organized Crime, Narcotics, Predators, Cyber Crime, Cyber Stalking, UnSolved), National security, Terrorism, Cyber Terrorism & Related Crimes, Science & Related Space Technology, Technology & Digital Security  Comments Off
May 242013
 

Bank security weaknesses led to cyber looting of $45M from ATMs

Indicted cyber thieves used pre-paid debit cards, maniulated bank accounts to withdraw huge sums from ATMs around the world


Computer World
by Jaikumar Vijayan
May 10, 2013

Bank security weaknesses led to cyber looting of $45M from ATMs

Bank security weaknesses led to cyber looting of $45M from ATMs

 

Computerworld –

Alberto Yusi Lajud Pena, found dead in the Dominican Republic two weeks ago, was the leader of the New York cell of an international gang of cyber thieves that authorities allege stole a staggering $45 million from ATM machines around the world.

One startling aspect of the case, sure to be closely reviewed by banks worldwide, is that Pena and his cohorts pull off the theft quickly using just 17 prepaid debit cards.

Federal prosecutors in New York on Thursday handed down indictments against Pena and seven other individuals on cyber hacking charges related to the theft. The defendants allegedly formed a New York-based cell of an international group that hacked into global financial institutions to access prepaid debit card data that they later used to steal money from ATM machines.

Pena and his co-conspirators are accused of withdrawing about $2.8 million from ATMs in NYC on two separate occasions.

 In the first operation last Dec. 22, the gang withdrew $400,000 in 750 fraudulent transactions at 140 ATM locations in the city in just two hours and 25 minutes. In February, the gang withdrew close to $2.4 million in 3,000 ATM transactions in the NYC area over a 10-hour period.

Details of the operation contained in court documents provide a fascinating look both at the sophisticated methods used by the hackers, and the vulnerabilities in the banking system that allowed it to happen.

The thefts began with an extensive intrusion last December into the network of an Indian credit card processing company that handles MasterCard and Visa prepaid debit cards.

Such cards are typically loaded with a finite amount of funds and are often used by employers in lieu of paychecks and by charitable organizations to distribute emergency assistance, according to a statement by the U.S. Department of Justice.

The hackers broke into the card processing company, manipulated account balances and eliminated withdrawal limits on each of five prepaid MasterCard debit cards issued by the National Bank of Ras Al-Khaimah in the United Arab Emirates.

Such manipulation of debit card information is referred to as “unlimited operation” in the cyber underworld and requires a very high degree of technical sophistication, according to the indictment. When successful, even a small number of compromised cards can lead to a “tremendous financial loss the victim financial institution,” the indictment said.

The compromised account numbers, together with PINs needed to initiate withdrawals, were distributed to cell ‘managers’ like Pena in different parts of the world. The stolen account numbers were used to encode magnetic stripes on the back plastic cards such as gift cards and hotel key cards and later used to initiate the fraudulent withdrawals.

The first operation, in Dec. 2012, resulted in close to $5 million being withdrawn from ATM machines around the world in about 5,700 transactions. The hackers who had broken into the card processor network used their access to monitor the withdrawals to ensure they were not shortchanged.

In February, the group pulled off the same caper, but this time by breaking into a U.S.-based credit card processor that handles MasterCard and Visa prepaid debit card transactions.

In this instance, the hackers manipulated account balances and removed withdrawal limits on 12 prepaid debit cards issued by the Bank of Muscat in Oman. The compromised account numbers were distributed to gang members in 24 countries and used to create spoofed debit cards that were used to withdraw $40 million from ATM machines.

Members of Pena’s gang were identified and nabbed from surveillance tapes provided by financial institutions and by owners of the ATM machines that were robbed.

The thefts highlight continuing vulnerabilities in the payment industry said Jim Stickley, chief technology officer at TraceSecurity Inc., a Baton Rogue, La.-based company risk and compliance management vendor with several banking customers.

Stickley said that no mechanisms appear to have existed to prevent the same debit card numbers from being used over and over again to complete thousands of transactions in different countries in a very short period of time.

“It’s surprising that even some level of analytics wasn’t used,” to spot and prevent fraudulent transactions, he said. “When they were hitting 3,000 ATMs around the world at the same time, you’d think there’d be some analytics” to detect it, he said.

 It’s likely that the banks did not have monitoring systems in place to track prepaid debit cards. There’s little chance that the bacnk would know who purchased such cards. There’s little risk to the bank with such cards, because they have already been paid for, Stickley said.

“They probably treated it somewhat differently because there is no way they can call somebody to tell them they are shutting it down,” he said. “I can see how they might have never imagined a situation where someone would use the cards in this manner.”

Avivah Litan an analyst with Gartner, added that the theft “could have been prevented with simple steps like privileged user monitoring and alerts when account limits are raised in this manner.” Accounts limits had to be raised substantially for the crooks to get so much money she said.

Strengthening authorization on raising account limits is one way to mitigate such issues she said.

Banks, for example, can enforce dual authorization whenever someone wants to raise accounts limits in the manner that needed to have been done in this case, she said.

PIN and Chip cards could also have prevented the heist, she said. Chip-and-PIN systems use smartcards that have embedded microprocessors (or chips) rather than magnetic stripes to store cardholder data.

To use the cards at an ATM machine a cardholder needs to have the original and personal identification number. “There simply wasn’t enough attention paid to simple controls that should have been put on these systems,” Litan said

“The only good news here is that consumers weren’t hurt. The bad news is that the payment industry still has not learned its lesson,” she said. “The industry needs to implement a major change in the way cardholders are authenticated, either using chip and PIN, biometrics, or something else much stronger than a PIN.”

Direct Link:  http://www.computerworld.com/s/article/9239104/Bank_security_weaknesses_led_to_cyber_looting_of_45M_from_ATMs?taxonomyId=82&pageNumber=1

Europol Warns Organized Cybercrime Is Booming

 Articles of Interest, Crimes & Criminal Activity (Organized Crime, Narcotics, Predators, Cyber Crime, Cyber Stalking, UnSolved), National security, Terrorism, Cyber Terrorism & Related Crimes, Science & Related Space Technology, Social Media, Technology & Digital Security  Comments Off
May 202013
 

Europol Warns Organized Cybercrime Is Booming

There may be a recession in Europe, but business is booming for cyber-criminals.

Security Week
by Famidan Y. Rashid
March 19, 2013

Europol Warns Organized Cybercrime Is Booming

Europol Warns Organized Cybercrime Is Booming

 

There are an estimated 3,600 organized crime groups currently operating in Europe, the European Union law enforcement agency Europol said in its 2013 EU Serious and Organised Crime Threat Assessment study released Tuesday. While international drug trafficking remained the most active organized crime activity in the EU, cybercrime is a growing crime area as criminals take advantage of the Internet to “generate illicit profits at low risk,” the study found.

Organized Cybercrime

Criminals are relying on the increasingly interconnected world to form a networked community of heterogeneous, international groups, Europol said. These individuals groups are no longer defined by their nationality, geographic region, or type of criminal activity. Organized crime can now operate on an international basis, “with a business-like focus on maximizing profit and minimizing risk,” said Rob Wainwright, director of Europol.

“A new breed of organized crime groups is emerging in Europe, capable of operating in multiple countries and criminal sectors,” said Wainwright.

The volume of cybercrime activity, such as phishing and click fraud scams, is expected to increase, according to Europol. The increase “will closely mirror the growth of the attack surface, as the Internet becomes even more essential to everyday life,” the report warned.

Thanks to the Internet, organized crime groups are able to access a large pool of victims, obscure their activities, and carry out a wide range of activities within a shorter period of time and on a larger scale, Europol found. Fraud, particularly online fraud, is an especially lucrative business for criminals. Fraud causes losses of billions of Euros per year in the EU, the report found.

Europol also said criminal groups are using online scams to fund traditionally offline crime, such as child exploitation rings.

“Cybercrime in the form of large scale data breaches, online frauds and child sexual exploitation poses an ever increasing threat to the EU, while profit-driven cybercrime is becoming an enabler for other criminal activity,” according to the report.

As more users shift to using mobile devices as their primary way of going online, criminals will increasingly target those devices. “Malware affecting these devices has already been seen, although mobile botnets have not yet been fully realized,” Europol warned.

Cybercrime is booming due to a lack of security awareness among European organizations and users, Europol said. For example, people and organizations “expose” themselves as targets by making their data freely available on social networking sites.

Organizations also have not fixed ongoing security flaws in their infrastructure, giving the criminals easy access. Security remains a “concern and challenge” as organizations outsource administrative, maintenance and development tasks, and effective prevention measures are still relatively expensive to deploy.

The report identified crime areas including illegal immigration, human trafficking, counterfeiting, cybercrime, drug trafficking, and money laundering, within the EU. The report also highlighted illicit waste trafficking and energy fraud as emerging threats.

The information in the 2013 SOCTA report is based on intelligence collected from various law enforcement databases, other information provided by the government, and Europol’s own extensive collection of data. The Council of Justice and Home Affairs Ministers are expected to use the report’s findings and recommendations to define priorities for the next four years.

Direct Link:  http://www.securityweek.com/europol-warns-organized-cybercrime-booming

CISPA cybersecurity bill backers hope second time’s a charm

 Articles of Interest, Crimes & Criminal Activity (Organized Crime, Narcotics, Predators, Cyber Crime, Cyber Stalking, UnSolved), Law Enforcement, National security, Terrorism, Cyber Terrorism & Related Crimes, Social Media, Technology & Digital Security  Comments Off
May 172013
 

CISPA cybersecurity bill backers hope second time’s a charm

NBC News
by Alina Selyukh & Deborah Charles (Reuters)
May 16, 2013

 

CISPA cybersecurity bill backers hope second time's a charm

CISPA cybersecurity bill backers hope second time’s a charm

 

WASHINGTON (Reuters) –

Six months after a U.S. cybersecurity bill died in the Senate, some Obama administration officials and lawmakers are optimistic they can get a new law passed amid heightened public awareness of hacking attacks and cyber espionage.

With top intelligence officials warning that cyber attacks have replaced terrorism as the leading threat against the United States, the White House and lawmakers have spent months discussing how to improve the flow of information between the government and the private sector.

A second go-around for the Cyber Intelligence Sharing and Protection Act (CISPA) was approved by the Republican-controlled House of Representatives in a bipartisan vote on April 18, though the White House has again threatened to veto the bill unless more protections for privacy and civil liberties are added.

Still, senior Obama administration officials say behind-the-scenes talks with lawmakers this time around are constant, more serious and more productive.

“I actually think that the outlook is significantly better than it was last year,” the White House cybersecurity policy coordinator, Michael Daniel, told the Reuters Cybersecurity Summit in Washington this week. “What has impressed me has been the willingness of everybody involved to actually continue having those discussions and to continue that extensive level of dialogue trying to find some solutions.”

While Daniel cautioned that it is never easy to get the divided House and Senate to agree to anything, he predicted that final cyber legislation might be seen by the fall.

“A lot of us are concerned about getting a good piece of cybersecurity legislation before something really bad happens. As a general rule, legislation that is produced immediately after a crisis is not as good as the stuff that can be done when it’s more thought-out,” he said.

Last year, the Senate failed to pass a comprehensive cybersecurity bill that combined information-sharing provisions similar to those in the current CISPA with voluntary cybersecurity standards for businesses that control critical U.S. infrastructure.

Since then, President Barack Obama has signed an executive order that directs government officials to set voluntary standards to reduce cybersecurity risk and offer incentives to private companies to adopt them.

A series of high-profile cyber attacks — such as repeated disruptions of the online banking sites of major U.S. banks, or markets plunging on a fake message on the AP Twitter feed about a White House bombing that never happened — have built momentum behind cyber legislation.

* Separate bills

The Senate does not plan to vote on CISPA, but is expected instead to take up its own cyber-related bills. On Wednesday, Senate Intelligence Committee Chairman Dianne Feinstein, a California Democrat, said her panel was drafting a version of an information-sharing bill.

Congressional aides said staff and lawmakers from both sides of the aisle are constantly meeting on the issue. One Senate aide said it was a collaborative process to agree on multiple key elements to make the overall law stronger.

Representative Mike Rogers, chairman of the House intelligence committee and CISPA co-author, said key senators including Feinstein were “completely all in” on the need to pass a cybersecurity law. The Michigan Republican predicted that House and Senate lawmakers could work out an agreement on at least an information-sharing bill.

“I think we’re finally coming to the consensus here that hey, let’s pass what we can pass and take another bite. This isn’t the end-all cure-all,” Rogers told the summit.

He said a meeting was scheduled this week — with more to come — between the House and the Senate to discuss in detail the elements of cyber legislation and see where compromise could be reached, without starting completely from scratch.

Rogers predicted that if a bill could pass through both houses of Congress, Obama would sign it despite the veto threat.

* Urgent need

Top administration officials have underscored the urgent need for laws that would complement Obama’s executive order and help ensure the government and the private sector are on the same page when it comes to threats posed to critical U.S. infrastructure.

Homeland Security Secretary Janet Napolitano said many lawmakers received classified briefings last year on cyber threats, and better education on cyber risks means “we’re starting from a much better base” on legislation.

“There’s a lot of work going on behind the scenes,” Napolitano told the summit. “There are many fewer concerns than there were last time around.”

But officials acknowledge that hurdles remain. For example, some senators, like Homeland Security Committee Chairman Tom Carper, prefer a more comprehensive bill.

“While information sharing is an important part of our efforts, it is only one of many elements needed to properly bolster our cyber defenses,” Carper, a Delaware Democrat, said in a statement.

Other issues he says he would like to address in legislation include protections for critical infrastructure, security of federal agency networks, cyber workforce development and notification of data breaches.

Some private industry security experts were skeptical about the prospects for broad legislation, as well as the effectiveness of such laws in preventing cyber attacks. Shane Shook, chief knowledge officer at cybersecurity services company Cylance Inc, suggested the private sector should organize information sharing itself.

“Comprehensive legislation is never going to happen that can be effective over all 18 sectors,” Shook told the summit.

Ira Winkler, president of the Information Systems Security Association, said he was skeptical that any meaningful legislation would pass this year, barring a major cyber attack that damaged U.S. infrastructure.

“We hear about wake-up calls, but people keep hitting the snooze button,” he said.


— Additional reporting by Andrea Shalal-Esa and Thomas Ferraro

Direct Link:  http://www.nbcnews.com/technology/cispa-cybersecurity-bill-backers-hope-second-times-charm-1C9948195#cispa-cybersecurity-bill-backers-hope-second-times-charm-1C9948195

 Older Entries