Hackers try to steal $45m from Russia’s central bank
Regulator buries
disclosure in 70-page report on risks to financial system
Hackers attempted to steal Rbs2.87bn ($45m) from Russian
central bank correspondent accounts earlier in 2016, the country’s regulator
said on Friday.
The Bank of Russia managed to prevent the theft of
Rbs1.67bn by freezing accounts it said the hackers had opened to siphon away
the stolen money and by blocking correspondent accounts, the regulator said.
The disclosure was buried in a 70-page twice-yearly report
on risks to the Russian financial system that the central bank released on
Friday. The report did not say when the
attempted theft took place or whether the remainder of the funds under threat
had been stolen.
Were they unable to justify spending to prevent the breach? “If you don't have time (budget) to do it
right, when will you have time (money) to do it over?” John Wooden
Marie Weidmayer reports:
MSU will spend an estimated $2.9
million on identity theft protection in the wake of the data breach that exposed university records of
about 400,000 people.
According to a statement from
MSU President Lou Anna K. Simon, MSU will provide credit monitoring and
identity theft protection free of charge to everyone affected.
“We have a reserve fund that we
have set aside that is used to pay deductibles for insurance claims and general
liability claims and the money will come from that reserve fund,” university
spokesperson Jason Cody said.
Read more on The
State News.
Automating hacking.
What. You thought hackers couldn’t
use technology to make their jobs easier?
Press Trust of India reports:
It may take as little as six
seconds for hackers to guess your credit or debit card number, expiry date and
security code, say scientists who were able to circumvent all security features
meant to protect online payments from fraud.
Exposing the flaws in the VISA
payment system, researchers from Newcastle University in the UK, found neither
the network nor the banks were able to detect attackers making multiple,
invalid attempts to get payment card data.
By automatically and
systematically generating different variations of the cards security data and
firing it at multiple websites, within seconds hackers are able to get a ‘hit’
and verify all the necessary security data.
Read more on NDTV.
Check!
Check if you were hit by the massive 'Avalanche' cybercrime
ring
The U.S. government has posted links for free scanning
programs so companies and individuals can check their computers to make sure
they weren't victims of a massive, international cyber criminal operation that
was taken down Thursday after a four-year investigation.
… The U.S. Computer
Emergency Readiness Team (US_CERT) has posted links to five
scanners on its site. Europol
has also posted a list of sites in multiple languages for potentially
infected users. The malware only
affects systems running the Microsoft Windows operating system, according to
US-CERT.
The Department of Homeland Security’s National
Cybersecurity and Communications Integration Center, which includes US-CERT,
will be providing victim notification to stakeholders, including Internet
Service Providers, DHS said in a statement.
We have the data, let’s SWAT these people!
Todd Heywood reports:
Lansing Mayor Virg Bernero’s
proposal aimed at regulating homegrown marijuana raises legal concerns and may
even be unconstitutional, critics say.
The ordinance the mayor has
called for would require the city-owned Lansing Board of Water & Light to monitor customers’ monthly electrical usage and report
those using more than 5,000 kilowatts a month to enforcement agencies.
Read more on Lansing
CityPulse.
See? Trump is good
for business!
After Trump’s Win, Secure Messaging App Signal’s Downloads
Increase 400%
… “There has never
been a single event that has resulted in this kind of sustained, day-over-day
increase,” Moxie Marlinspike, the founder of Open Whisper Systems, the software
nonprofit behind Signal, told BuzzFeed News. Marlinspike interpreted the jump as a reaction
to Trump’s win, and anxiety over the future of US surveillance.
No Internet, no problem?
That must be why old-fashioned print newspapers don’t see the harm.
Marcia Coyle reports:
The Detroit Free Press is asking
the U.S. Supreme Court to reverse a court decision that restricts public access
to the mug shots of federal criminal defendants.
Booking photos provide an
“important window” into the government’s exercise of its police powers, the
media outlet said
in its petition in Detroit Free Press v. U.S. Department
of Justice.
The U.S. Court of Appeals for the
Sixth Circuit in
July ruled that Congress intended to exempt mug shots from
disclosure under the Freedom of Information Act because of “possible
embarrassment and the existence of the
internet.”
Read more on National
Law Journal.
My Governance students have a hard time believing this.
Who's responsible for data compliance? 25% of executives
don't know
… According to the
2016 State of Compliance survey conducted by data management and integration
provider Liaison
Technologies, one-quarter of top executives are unclear who in their organization
is responsible for compliance. [They are. Bob] And nearly half (47 percent) of respondents to
the survey of 479 senior and C-level executives said they don't know which
compliance standards apply to their organizations. [Their
lawyers do. Bob]
… See the
infographic below to learn more about the state of compliance.
(Related) Maybe they should not be concerned?
Kevin M. McGinty of Mintz Levin writes:
An attempt to impose liability on
corporate officers and directors for data breach-related losses has once again
failed. On November 30, 2016, a federal
judge in Atlanta issued a 30 page decision dismissing a shareholder derivative
action arising out of the September 2014 theft of customer credit card data
from point-of-sale terminals in Home Depot stores. The dismissal of the Home Depot derivative
action follows earlier dismissals of derivative actions arising from data
breaches perpetrated against Wyndham and Target.
Read more on National
Law Review.
(Related)
From an editorial in the Tampa Bay Times:
In a four-month investigation,
Tampa TV station WTVT-Fox 13 found that the DHSMV sells private driver records
in bulk to more than 75 companies, despite federal and state laws deeming the
information confidential. The federal
Driver Privacy Protection Act, passed in 1994, says state motor vehicle
agencies cannot disclose personal information “without the express consent of
the person to whom such information applies.” Florida passed its own law a few years later. Personal information is defined as
photographs, Social Security numbers, driver identification numbers, names, addresses,
phone numbers, and medical or disability information. There are exceptions for government agencies
carrying out official functions, private investigators, research activities and
statistical reports, and some private businesses as long as the information is
only used for verification purposes. Bulk distribution of personal information for
marketing or solicitation is permitted only with the individual’s
express consent.
Fox 13 found that the DHSMV sells
personal information about Florida’s 15.5 million licensed drivers and 18
million registered vehicles to private vendors, including two major data
brokers. The state claims it vets the companies to ensure they are entitled to the
information under one of the law’s exemptions — but that vetting is limited to
checking that the companies have business registration in Florida,
the department told Fox 13. What’s more,
the state has no way to keep the information from being handed off or resold to
third parties.
Read the full editorial on the Tampa
Bay Times. Given that Florida is a
veritable hotbed of identity theft, you’d think the state and legislature would
be looking to crack down on the sale of personal information that can be used
to support an identity theft scheme.
We were discussing this yesterday in my Software
Architecture class. (By the way, they
see voice commands (Siri, OK Google, Alexa, etc.) as the next wave of
disruption.
Warding Off the Threat of Disruption
How quickly do companies need to respond to innovations
that could upend their markets? In “Keep
Calm and Manage Disruption,” an article in the spring 2016 issue of MIT
Sloan Management Review, Joshua S. Gans argued that companies may have
more time than is commonly believed.
… That advice
didn’t satisfy at least one reader. Daniel
Cohen, vice president of business operations and strategy at Adobe Systems
Inc., a software company based in San Jose, California, wrote to explain why he
thinks companies need to move swiftly to avert disruption before it affects
their performance. What follows is
Cohen’s perspective, Gans’ response — and an informative dialogue about the
importance of monitoring disruption in markets related to one’s own.
Social Media as a targeting tool. Predator drones do not need to read the
encrypted messages.
ISIS tells members to stay off messaging apps
The Islamic State in Iraq and Syria (ISIS) is encouraging
its members to avoid using encrypted messaging apps like WhatsApp and Telegram
out of fear that U.S.-led coalitions are using their data to locate and target
commanders, according to Reuters.
… Al-Naba has also
called for members to turn off their phones before entering ISIS bases.
"Switch off your phone after you finish your
communication and beware of the greatest disobedience of all — switching it on
when you are in one of the offices," it said. "As long as it has power, the phone is
spying on you."
Will this allow Samsung to become “The First National Bank
of the Exploding Smartphone?”
Regulator Will Start Issuing Bank Charters for Fintech Firms
Firms offering online loans, smartphone payments and other
financial-technology products would get new flexibility to expand and further
shake up the U.S. banking industry under a proposed new federal policy.
A top regulator said Friday that his agency would for the
first time start granting banking licenses to “fintech” firms, giving them
greater freedom to operate across the country without seeking state-by-state
permission or joining with brick-and-mortar banks.
The move could open the door to more competition between
the old and new financial firms, and provide a bigger opening for some large tech companies to consider new ways to
offer digital payments or other services.
… Today, virtually
all technology companies join with banks in some fashion to access the payment
system or make loans.
With a charter, fintech upstarts could possibly move to
become independent from banking partners.
Perspective.
How Much You Should Be Charging for Your Freelancing Gigs
(Infographic)
… Accounting
software Freshbooks
surveyed 2,000 of its customers to come up with median rates for six
industries.
Check out the company’s infographic below to make sure
you’re charging what you’re worth.
For my Statistics class: How to be wrong with confidence!
How Much The Polls Missed By In Every State
… The national
polls are ultimately going to be off by only about 2 percentage points, which
is not out of the ordinary historically
speaking. State polls however,
missed by wider margins. In 41 of the 50
states, the average of the polls underestimated Donald Trump’s margin of
victory. But they weren’t wrong by the
same magnitude or in the same direction in every state.
Enough to make you a buyer?
$49 Windows tablets, $1,000 PC discounts, and 50% off Xbox
games highlight Microsoft deals
This has become an “I hate Trump” rant. I’ll skip that part.
Hack Education Weekly News
… Via
The Chronicle of Higher Education: “In a report released on Wednesday, the
U.S. Government Accountability Office said the federal government would forgive
at least $108 billion of student debt in the coming years, an
amount higher than expected.” More via
NPR and Inside
Higher Ed. [Bad loans of taxpayer money? Bob]
… Colorado Heights
University will close, according
to The Chronicle of Higher Education, after losing recognition by its
accreditor.
… Via
PRI: “Job retraining classes are offered to Rust
Belt workers, but many don’t want them.”
… Common Sense
Media looks
at education applications’ use of encryption. “Our findings indicate that a significant
number of vendors do not provide even basic support for encryption. While 52 percent of the 1,221 login URLs we
surveyed require encryption, 25 percent do not support encryption at all, and
an additional 20 percent do not require an encrypted connection.”
