Recent Bank System Hacking Illuminates Security Shortfalls

Earlier this month, Bank of America, JP Morgan Chase, and Wells Fargo all reported major cyber attacks. The bank hacks, thought to sourced to Iran, were first realized mid September, although reportedly could be part of a broader campaign dating as far back as last year, according to Reuters.

The high-profile hacks initially affected the sites of both Chase and Bank of America, causing surges in traffic that resulted in Web site disruptions and outages.

Wells Fargo was the latest financial institution to report a massive cyber attacks, which affected more than 21 million online customers and 8.5 million mobile bankers.

All of cases, the targeted banks were pummeled with Distributed Denial of Service (DDoS) attacks, which bombard a network with more traffic than it can handle, causing it to stop functioning and shut down.

Reasons for the attacks are, at this point, speculative, although theories range from retaliation by Islamic extremists for a U.S.-made anti-Muslim film, to state sponsored retaliation for tighter U.S. imposed economic sanctions on Iran.

Wells Fargo was the latest financial institution to report a massive cyber attacks, which affected more than 21 million online customers and 8.5 million mobile bankers.

All of cases, the targeted banks were pummeled with Distributed Denial of Service (DDoS) attacks, which bombard a network with more traffic than it can handle, causing it to stop functioning and shut down.

Reasons for the attacks are, at this point, speculative, although theories range from retaliation by Islamic extremists for a U.S.-made anti-Muslim film, to state sponsored retaliation for tighter U.S. imposed economic sanctions on Iran.

But who is responsible might not be as ascertainable as how this problem can be addressed when–not if–it happens again.

Banks get hacked, and hacked with regularity, because, as the age-old joke makes clear, that’s where the money is. But the fact that banks are being easily targeted en mass undermine perceptions of them as being more secure than other market verticals. It also suggests that the financial services industry still has a long ways to go in terms of effective cybersecurity.

But security holes, illuminated by the spate of recent hacks, also means that there are still lots of opportunities for the channel. As such, partners will almost certainly be required to step up their game in financial services markets in the near future now that the industry is in the public spotlight.

Financial services and banking institutions are among the most heavily regulated in terms of cybersecurity, subjected to a plethora of regulatory compliance audits under the Sarbanes-Oxley Act, the Gramm-Leach-Bliley Act (GLBA), and the Bank Secrecy Act, as well as a slew of state cybersecurity regulations and data breach laws.

Historically, partners have gained entry into these markets by offering solutions and related services that play to these compliance mandates. And those solutions, which range from standard firewalls and antivirus to more complex data protection and encryption products, are still undeniably necessary.

From at

U.S. cyber chief: “Hackers shifting from ‘disruption’ to ‘destruction”

Hackers are stepping up the intensity of their attacks, moving from “disruption” to “destruction” of key computer systems, the top US cyber-defense official said Monday.

General Keith Alexander, who is director of the National Security Agency and commander of the US Cyber Command, told a Washington forum that the new tactics could move beyond mere annoyances and begin causing severe economic damage.

“We are seeing the threat grow from exploitation to disruption to destruction,” he told the group at the Woodrow Wilson Center.

He argued that these attacks could impact organizations ranging from stock markets to power grid operators — “all of that is in the realm of the possible.”

These types of destructive attacks can wipe out data, which could bankrupt a company or disable the control systems operating key infrastructure.

More from

Hackers share security tips with the public

In an effort to fight increased cyber-surveillance by authorities, more hackers and security experts are sharing their tips to online security with the public.

According to Russia Today, there has been an increase in “cryptoparties,” gatherings where newcomers can learn how to shield their online usage from detection, through programs like the Tor Project, which developers say protects internet users from “traffic analysis,” a process used to deduce who someone is communicating with on public networks.

Also among the programs being used is CryptoCat. The difference between this program and online messaging services like Facebook chat and Google Talk, said its’ creator, Nadim Kobeissi, is that the messages users send in the latter aren’t private — they go back to their respective hosts, and can easily be intercepted by either them or government forces.

More from at

Illegal data collection a ‘violation of everybody’s Constitutional rights

Bill Binney believes he helped create a monster.

Sitting in the innocuous surroundings of an Olive Garden in the Baltimore suburbs, the former senior National Security Agency (NSA) official even believes he owes the whole American people an apology.

Binney, a tall, professorial man in his late 60s, led the development of a secret software code he now believes is illegally collecting huge amounts of information on his fellow citizens. For the staunch Republican, who worked for 32 years at the NSA, it is a civil liberties nightmare come true.

So Binney has started speaking out as an NSA whistleblower – an act that has earned him an armed FBI raid on his home. “What’s happening is a violation of the constitutional rights of everybody in the country. That’s pretty straightforward. I could not be associated with it,” he told the Guardian.

Binney, a career NSA employee who first volunteered for the army in the mid-1960s, has now become a high-profile thorn in the side of NSA chiefs when they deny the programme’s existence.

At a hacking conference this summer in Las Vegas, NSA director General Keith Alexander said the NSA “absolutely” did not keep files on Americans.

“Anyone who would tell you that we’re keeping files or dossiers on the American people knows that’s not true,” the NSA chief told an audience of computer and security experts. But Binney himself was at the same conference and publicly accused Alexander of playing a “word game”.

“Once the software takes in data, it will build profiles on everyone in that data,” he told a convention panel there.

More at

White House Pursuing Cybersecurity

The White House is putting together an executive order, to be issued by President Obama, that would create a new “interagency Cybersecurity Council,” under the umbrella of the Department of Homeland Security, The Washington Post reported Friday.

The order, which is currently in its draft stages at 4-pages long and could take months to be finished, according to the Post, would also administer new voluntary standards of cyber protection measures to private companies, namely, those in charge of national infrastructure deemed critical — think power plants, water treatment facilities, railroads and telecommunications networks. Right now, there are few federal mechanisms to force companies to create and maintain their own cyber security measures.

The order is being contemplated following Congress’s vote in early August not to move forward with leading cybersecurity legislation that would have set up a similar system. The bill’s failure was cheered by Web freedom and user advocates, who feared it could lead to privacy intrusions.

From at

The Upside? of Big Data Big Brother

An article on the Big, but “quiet giant” of the multi-billion dollar database marketing industry in the New York Times describes the unknown company and its 23,000 computer servers chugging away in Conway, Arkansas.

Few have heard of Acxiom Corporation, but its database contains information about 500 million active consumers behavior, both offline and online. It’s been doing this for over 40 years, but the implications of big data when leveraged for consumer profiling and targeted marketing are just now coming under scrutiny by media and the larger public.

Besides the discovery of a company other than Facebook or Google that is in possession of a massive consumer data reservoir, this article points to a truly positive outcome when these data are leveraged.

We all know the scenario described by the New York Times: we’re looking for a printer and low and behold, the next day while scanning the sports page, the printer is pictured to our right, perhaps, now with a more competitive price, an all-to-tempting shipping fee, etc… Ultimately, we give in (or, increasingly, one could argue, as we grow more aware, more hypersensitive to every bite of data that comes to taint our banners and sidebars, we ignore it).

But what happens next in this story is actually quite revealing about the tremendous potential of ubiquitous computing consumerism and its impacts when this big data is leveraged for good. When we give in to the printer, we see an advertisement that a local school might need the one it’s replacing.

“But the multichannel system of Acxiom and its online partners is just revving up. Later, it sends him coupons for ink and paper, to be redeemed via his cellphone, and a personalized snail-mail postcard suggesting that he donate his old printer to a nearby school,” the New York Times said. This is hardly highly customized redistribution.

But you can see the potential, for say, geographic profiling to actually link this person to a school who needs a printer. Perhaps aspirational, but this could be a positive spin on big data.

What if, the next time we shop for a new skirt, the old one (we don’t kneed) finds an owner at the local salvation army where women are seeking second-hand wares for new jobs? What if, the next time, instead of sending out printer to a landfill, we ship our printer to someone who could use it, motivated in part by an all-to-tempting shipping deal appearing the second time while reading ESPN over breakfast.

While we can attack the negatives of big data, we should be examining the amazing opportunities – even when they are early orchestrated by the quiet giants in Arkansas. The burden might shift ever so slightly then to the discerning consumer, whose data can be leveraged for good.

Facebook’s Data Science Team

Facebook denizens now occupy a digital content the size of the third largest country in the world – a whopping 900 million. Although some speculate that many of these sites go unused, the numbers are still daunting when you consider Facebook’s proximity to data and now, since the introduction of time lines, our chronologed history: graduations, weddings and baby photos, family trips, and retirement.

Surprisingly, Facebook has yet to do all that much with the data it has. This is discussed in an article by MIT which looks at the cultural cul-de-sac embedded in Facebook’s headquarters, an academic research group headed by Cameron Marlow. “The group Marlow runs has escaped the public attention that dogs Facebook’s founders and the more headline-grabbing features of its business. Known internally as the Data Science Team, it is a kind of Bell Labs for the social-networking age,” MIT writer Tom Simonite says. This Facebook research group, which is expected to double in size to 24 members by the end of this year, is privy not just to our time lines, but also data about users age, gender, email and even (if users choose) about their relationship status, all at the moment of sign-up.

MIT reports that in the last five months, “Facebook catalogued more than five billion instances of people listening to songs online.” Imagine what one could do with this data alone? Given the demands of going public, Facebook will have to make better, more creative use of our data, maybe, say compare a break-up followed with a slew of sad songs – a time when, at least, I have always been susceptible to retail therapy.

Why not? Other researchon sentiment analysis of twitter text and packet-data revealing a window into depressive behavior, points to a growing preoccupation with not just our data, but our psychological states. In addition to targeting products based on our mood, some researchers suggest we could use this data to report back to us about our mood.

With big data comes big responsibility “…Marlow is confident that exploring this resource will revolutionize the scientific understanding of why people behave as they do.” It’s also a way to make money and satisfy the growing number of disgruntled Facebook investors.