Used to tag research entries

Wells Fargo fined $185 million, and fires over 5,300 staffers for insider scam

Check out this article by  for SC Magazine (September 08, 2016)

Doug writes:  “Acting in most cases without any authority from the account holders, Wells Fargo workers opened an estimated 1.5 million deposit accounts and applied for roughly 565,000 credit card accounts, according to the Consumer Financial Protection Bureau (CFPB). Once the accounts were opened the employees transferred money to temporarily fund the new accounts which allowed them to meet sales goals and earn extra compensation.”

Wow. If you knew the pressure bank employees are under (draconian pressure really), you may not be surprised. To meet sales goals and garner incentives, staffers created accounts and transferred funds from real accounts to fill the fakes. This, over a five-year period. Over 5,000 people were fired, according to CNNMoney.

“In many cases bank customers were charged fines for insufficient funds and overdraft fees on accounts that they did not know existed in their names. The unauthorized credit cards also cost customers through finance and interest charges,” Doug reports.

Remember this article when you read my novel, High-Rise Crew: Financial Insiders, next year, because this is just the start.

Nuclear Threat Initiative (NTI)

Felony count for being an IT idiot? Could happen

What if your employer could get you thrown in jail on felony charges for violating their internal IT policies and procedures? If a test case currently being heard in Texas leads to conviction and is upheld, that may be the case.

An angry employee, frustrated apparently when fellow employees were laid off, deleted some backup files. He argues that the material was available elsewhere. Maybe, but assume that he really was malcontent and malicious. A case like this should end with a lot of finger pointing, name calling, lawyer fees and a civil lawsuit. I don’t think anyone predicted a felony count for violating the Computer Fraud and Abuse Act, (CFAA). But that’s where the case currently sits, which is what grabbed the attention of Andy Greenberg Security and Wired.

If this unusual legal strategy works, IT admins should beware. Today if you screw up you probably get fired. Get discovered doing something intentionally malicious you are going to get sued for damages. A potential felony charge means up to ten years in prison and $250,000 in fines. That’s three or four years salary for many low-level IT admins, and a decade out of the business. To put it bluntly, an idiot who deletes the wrong files could potentially be charged with a felony. Game changer.

Read the full article …

Even in Russia, the damage from cybercrime far outweighs the act.

(June 3) – TASS, Russian News Agency reports – Russian Prime Minister Dmitry Medvedev estimates ‘Cybercrime global losses in banking sector (are) estimated at $500 billion rubles ($7.6 billion US).’ But TASS goes on to report that the “… ‘damage’ from (transnational) cybercrimes is closer to $3 trillion rubles or six times as high, this according to the Russian Foreign Ministry.

TASS goes on to say that: “… 92% of companies in 2015 faced real cyber attacks, but only 50% were able to assess the damage to the business.” The implication is clear. Business owners seriously underestimate loss associated with cybercrime.

Read the full article here:

South Korea, THAAD, and the China Problem

Will South Korea deploy THAAD – and if so, how will China respond?

By Phillip Shrank – May 30, 2016

Photo at right, courtesy of US Missile Defense Agency

The Diplomat has posted an article on the missile defense system being discussed for installation in South Korea. It is one of the many answers to North Korean aggressiveness and seemingly intractable advances in the nuclear community.

“… the United States and South Korea see THAAD (Terminal High Altitude Area Defense) deployment as an apparatus securing peace and keeping South Korean democracy strong. China (and Russia) see it as a threat to the current balance of power. In essence, the problem we see simmering in East Asia is similar to the problem currently boiling in Eastern Europe.”

There are fine lines between projecting power and kicking a hornets nest. Shrank concludes that cooler heads will prevail, but all agree there are limits to how far any one player should go at the crossroads of multiple international military giants.

LinkedIn hacked again – this time 117 million of us are exposed

Tripwire has posted an article on LinkedIn’s technical troubles in there State of Security section. Hackers took down LinkedIn in 2012. It was a big deal then because they stole account credentials for 6.5 million users. The theft could easily have been prevented by simply salting the checksums but it was not.

Now, four years later, a hacker calling himself ‘Peace’ is offering credentials from 167 million LinkedIn accounts. Out of that number, he’s already cracked 117 million user passwords. At least some of the credentials have been verified, making this one of the largest hacks in recent history.

But will you hear about it on the news? Probably not. Attacks are so common now that few media outlets even investigate them. As a novelist I can’t help but wonder where this all leads.

Read the full article: ‘117 million LinkedIn email addresses and passwords put up for sale’ by Graham Cluley, here:

Fire Eye Report shows unacceptable breach levels across industries.

In their report titled Maginot Revisited: More Real-World Results from Real-World Tests, FireEye, Inc. brings the reader’s attention to firewall breaches at levels that should concern all of us. New approaches are called for to protect against evermore sophisticated malware and the skills of advanced persistent threat actors. In too many cases business and institutional entities are failing.

The executive summary reports that, “Across all industry segments, 96 percent of systems were breached on average. And 27 percent of those breaches involved advanced malware. Given the widespread failings of conventional security deployments, organizations must consider a new approach to securing their IT assets.”

As a novelist I exploit these same vulnerabilities in my work (not literally) in part for entertainment value, but also to raise awareness. FireEye, among other solution providers, may have answers.

Download the report – for your organization, here:

India’s missile program could nuclearize the Indian Ocean

I wrote a novel many years ago, never totally finished, wherein events here in the US were triggered by conflict between India and Pakistan. I’ve followed developments ever since.

At the heart of this new round of contention and potential arms escalation, nuclear powered submarines and the development of tactics nuclear arms.

Sartaj Aziz, adviser to prime minister on foreign affairs said, “These two developments are part of the massive conventional nuclear and missile development programmes being pursued by India, which are now leading to nuclearisation of Indian Ocean,” he said, adding Pakistan will take “all necessary measures” to augment its defence capabilities.

(Pakistan PTI, Islamabad | Updated: May 20, 2016 01:32 IST).

Russia strengthens banking system security standards

I read all the time how hackers from former Eastern Block countries and China are raising hell the bane of security systems worldwide. That may be an overstatement. But if it is true, how about the people who live there?

Security Magazine – UK reports as follows:  “According to official statistics from the Russian Central Bank, last year the number of cyber-attacks in the Russian banking sphere increased by 30 percent, compared to 2014, with up to 64,000 cases reported, however, according to the Russian Ministry of Internal Affairs, the real figure is about ten times higher than the figures provided by the Central Bank.”

Security standards are being revamped. A lot of that going on.

Read the full article here:

Security ramping up for the cloud

Interview with Brian Dye, vice president Intel Security conducted at RSA 2016