by Micheal Delamere | Jun 15, 2014 | Cyber Threats, Data Breaches
The basement-dwelling teenager poring over lines of scrolling code as he rips through the security of a government or corporate server is a popular trope in Hollywood movies. Although this widespread image of the hacker isn’t accurate, the threat of cyberattacks against government networks is very much a real-world concern.
In order to be more prepared for cybersecurity breaches, agencies should consider a comprehensive penetration test – ethical hacking with the goal of attacking or bypassing the established security mechanisms of an agency’s systems, and using the same tactics as a malicious intruder.
Penetration testing can be conducted by way of a cyberattack or by exploiting a physical vulnerability of an organization.
After gaining access to a system, the penetration testers will report back with detailed information about what vulnerabilities were exploited, how they were able to breach the system, what level of data was accessed and how to prevent future exploitation. The following is a compilation of the six most common vulnerabilities found during penetration tests:
Read More
by Micheal Delamere | Jun 14, 2014 | Crime, Cyber Threats
Washington made clear this week that China is America’s biggest cyber nemesis, at least in terms of the theft of U.S. intellectual property. So who’s next? Not Russia, nor North Korea, according to former Defense Secretary Robert Gates. It’s France — one of America’s closest allies
“There are probably a dozen or 15 countries that steal our technology in this way,” Gates said in an interview the Council on Foreign Relations posted online Thursday. “In terms of the most capable, next to the Chinese, are the French — and they’ve been doing it a long time.”
Gates, who was also director of the Central Intelligence Agency in the first Bush administration, said that when he talks to business audiences, he asks, “How many of you go to Paris on business?’ Hands go up. ‘How many of you take your laptops?’ Hands go up. ‘How many of you take your laptops to dinner?’ Not very many hands.”
“For years,” Gates said, “French intelligence services have been breaking into the hotel rooms of American businessmen and surreptitiously downloading their laptops if they felt those laptops had technological information or competitive information that would be useful for French companies.
by Micheal Delamere | Jun 8, 2014 | Crime, Cyber Threats, Data Breaches
By taking a swing at a social network account and successfully hijacking it, a cybercriminal opens the door to plenty more potential victims.
Facebook is the main target in such cases because it is so good a platform for sharing information, which allows bad actors to lure a lot of users.
Malware, spam and phishing links directing users to pages serving carefully planted threats are easily distributed from a stolen Facebook account.
As noted by Nadezhda Demidova, Web Content Analyst at Kaspersky Lab, criminals can use the account for financial gains, “such as extorting money from the hijacked account’s friends. The fraudster can send messages asking people to send money for help.”
Other reasons are the collection of information for launching targeted phishing attacks and even selling the account to other criminals.
Getting their hands on a social network account is done through various methods, ranging from fake notifications, emails sent from a compromised address of a friend and forum messages to banners on third-party resources.
In all these cases, the victim can be attracted to phishing pages where they are asked to log into a fake social network; the details are then sent to the attacker. A compromised Facebook account can also be used to direct the friends of the owner to malicious pages.
by Micheal Delamere | May 22, 2014 | Crime
Forget everything you think you know about crime. In the next 20 years, “traditional” crime as we know it today will be largely replaced by cyber-crime. In fact, this is already happening. Take bank robberies: According to the American Bankers Association, bank robberies are being steadily replaced by ATM-skimming and other ‘cyber-heists.’ FBI statistics show bank robberies are down 60% since their peak in 1991, and they plummeted another 23% just between 2011 and 2012. Other crimes are also following suit. Car thieves around the country are now using ‘mysterious gadgets’ to remotely unlock car doors without having to jimmy the lock or smash the window. Burglars have been robbing hotel rooms using a keyless door hacking tool that was first revealed at the Black Hat hacking conference. It’s time for people to stop thinking of cyber-crime as something that only happens on a computer. With the rise of ‘smart’ devices and the Internet of Things (IoT), the maturation of the online black market as a multi-billion dollar industry and the widespread commercial and recreational markets for do-it-yourself hacking tools, cyber attacks will become far more invasive, dangerous and even physical.
by Micheal Delamere | May 12, 2014 | Security for Employees, Surveillance & Security
Of the various and sundry perks commonly afforded executives, none seems to draw the ire of some, or appear any more ostentatious to others, than the executive driver. We need only look back to 2009 when former U.S. Senator Tom Daschle was forced to withdraw his name from consideration for the cabinet-level post of Secretary of Health and Human Services to find an example of this. Forced to withdraw from the process when it came to light that he had failed to properly report taxable income, the alleged oversight was viewed by many as particularly egregious once it became clear that the lion’s share of the unpaid taxes was related to a car and driver provided by a private equity fund that he was acting as a consultant to. Failing to pay taxes on such a luxurious perk was simply too large a hurdle for the former Senator to overcome.
While the executive driver may be a symbol of corporate excess to some, from a business perspective it may be more practical than most other forms of non-wage compensation. In fact, when viewed through the lens of corporate governance, providing an appropriately trained executive driver may just be elevated from something that is an attractive perk to a prerequisite for decreasing risk, increasing efficiency, fulfilling fiduciary responsibilities, and addressing the duty of care issues.
Read More
by Micheal Delamere | May 12, 2014 | Data Breaches
Consumers rank data breaches and poor customer service high in their effects on brand perception.
Data breaches can have as much impact as poor customer service in their effects on brand reputation, according to a study published Wednesday.
The new survey, “The Aftermath of a Mega Data Breach: Consumer Sentiment,” was conducted by the Ponemon Institute and sponsored by Experian’s Data Breach Resolution unit. It asked more than 700 consumers about their attitudes toward a company’s brand, and their willingness to buy in the wake of specific events.
According to the study, the three occurrences that have the greatest impact on brand reputation are data breaches, poor customer service, and environmental disasters. These incidents were selected ahead of publicized lawsuits, government fines, and labor or union disputes.
Breaches also have a major impact on customer fears about identity theft, the survey says. Prior to having their personal information lost or stolen, 24 percent of respondents said they were extremely or very concerned about becoming a victim of identity theft. Following the data breach, this concern increased to 45 percent, Ponemon says. Almost half of the respondents feel their identity is at risk for years or forever.
Read More
by Micheal Delamere | Apr 20, 2014 | Foreign Bribery
WASHINGTON (Reuters) – U.S. government agencies that have been probing banks’ hiring of children of powerful Chinese officials are expanding existing investigations in other industries across Asia to include hiring practices, four people familiar with the matter said.
The Justice Department and the Securities and Exchange Commission have been asking global companies in a range of industries including oil and gas, telecommunications, and consumer products for information about their hiring practices to determine if they could amount to bribery, these people said.
On Wednesday, mobile chipmaker Qualcomm Inc said it could face civil action from U.S. authorities over alleged bribery of officials associated with state-owned companies in China. It also said it found instances in which “special hiring consideration” was given to people associated with state-owned companies or agencies in China.
Qualcomm declined to comment on Friday. The Justice Department and SEC declined to comment on whether they have expanded their probes.
Some of the new inquiries have zeroed in on hires in China, South Korea and southeast Asia, including Singapore, two of the people familiar with the probes said.
It was not clear how many companies were involved in the expanded probes and the people, who declined to be named because details of the investigations are not public, did not name specific firms.
Hiring issues have become a focus in bribery probes as a matter of course, sources said. That reflects a change in the wake of the investigation into whether JPMorgan hired children of China’s state-owned company executives with the express purpose of winning underwriting and other business, they added.
If employees were hired at the direction of an official at a state-run company who was in a position to grant a U.S.-linked company business, the American firm could run afoul of the Foreign Corrupt Practices Act (FCPA), a 1970s law that bars bribes to officials of foreign governments, for instance.
Read More
