Willie Sutton 2.0

Not to celebrate crime, but this global tech enabled heist that milked $ 45 million from ATMs in 26 countries is well - nothing if not innovative, Graph shows withdrawals of one of the "foot soldiers". The masterminds - and presumably the tech geniuses - are still at large.

"The process started when hackers used complicated computer tricks to breach the networks of two credit card processors that handle transactions for prepaid debit cards, according to authorities.

These cards are generally used by employers to pay employees or by charitable groups to distribute disaster assistance, authorities said. The accounts accessed by the cards are loaded with a specified amount of cash — but the hackers tweaked the virtual security protocols to drastically hike the limits or to do away with them entirely.

From there, the hackers sent the stolen information and PINs to the foot soldiers. The cashers took the information and encoded it onto useless plastic cards — anything with a magnetic stripe, like an old bank card or a gift card sold by a retailer. Next came the flash-mob part of the process, as the “cashers” descended on ATMs according to an intricate plan and used the wired cards to withdraw as much money as they could carry.

All the while, according to authorities, the hackers and brains behind the operation were monitoring each henchman’s take through computer networks. Cash crews in the two heists cleaned out ATMs in countries including Russia, Japan, Egypt, Romania, Britain, Sri Lanka, Canada and Colombia — 26 nations in all."

 

 

 

The tricky rules of cyberwar

Michael Schmitt, lead author of a new NATO manual, talks to New Scientist (sub needed) how international law applies to cyberattacks and when an armed response is legitimate

“We were researching military cyber operations and cyberlaw in 1995, ran a major conference in 1998, and published a book in 2000 to get international legal debate going. But then 9/11 happened, and everyone forgot about cyberlaw. Suddenly, we were concerned only with counterterrorism law: could we cross borders to go after terrorists? Is it lawful to conduct attacks in Afghanistan? That focus continued until 2007 when the cyberattacks on Estonia, a NATO member, brought down its computer networks. That was a big wake-up call.”

“Although it is sometimes hard to apply the existing law, it generally works. The US government has said cyberspace is the "fifth dimension" of warfare after land, sea, air and space, but in consultation with computer scientists and electronics engineers, we rejected that notion. In any cyberattack there will be tangible objects involved – someone will be at a computer, electrons will course through servers and so forth. So laws governing the use of objects in territories are sufficient.”

Logo of NATO Cooperative Cyber Defence Centre of Excellence in Tallinn, Estonia.

Upgrading Mall surveillance

Some of the surveillance tech upgrades at 1.4 m sq foot mall in NJ:

• Existing NTSC cameras were re-homed and encoded by both internal encoder cards in selected servers and Axis H.264 blade servers. New outdoor NTSC cameras were encoded at the closest IDF with external H.264 encoders. The remaining cameras are IP, configured as both VGA and megapixel HD cameras depending on placement, located throughout the facility. As wiring was a major cost, MTS relied heavily on dual sensor Mobotix IP cameras. In many cases, one Mobotix dome camera with two lenses (like in photo below) essentially did the work of two cameras, thus drastically reducing the wiring and licensing costs.
• A Pivot3 RAIGE storage subsystem was configured as a network-attached storage array and is used for secondary storage. The NAS is configured as a RAID 6e platform, with 96 TB of storage, fully managed through an SNMP platform at MTS. On a typical day, over 2 TB of video are written to disk.
• Remote access is achieved through a dedicated Apache Tomcat webserver with an ISS webview module that provides full functionality through web browser access.
• Finally, MTS designed and built a command center for 24/7 operations that includes multiple large screen displays, an interactive map that allows users to choose camera views based on a map model of the mall, and a dedicated system for the production of optical disk evidence

Business Solutions Magazine

Photo Credit

The Big Data of SIRF

SIRF, for stolen identity refund fraud, is a symptom of our growing digital society. It involves filing electronically via software like TurboTax, fradulent returns on behalf on stolen identities, then using IRS issued debit cards for the refunds to minimize the audit trail.

How big is the problem? Saville  quotes Acting IRS Commissioner Steven T. Miller:

“In fiscal 2012, we prevented the issuance of more than $20 billion in refunds that were fraudulent, up from $14 billion the year before,” 

“We stopped, before any refund, 5 million suspicious returns this past year, and for the 2013 tax season we’re making dramatic improvements so that we can do an even better job of stopping identity thieves in their tracks.”

“The IP PIN is a unique identifier that shows that a particular taxpayer is the rightful filer of the return,” 

In 2012 the IRS issued 250,000 IP PINs, and for this filing season in 2013 the IRS has issued 770,000 IP PINs.

As this investigation from Tampa shows, It's taken the IRS a while to get organized but you can imagine the Big Data analytics that are going into crawling credit history databases for identity verification, fraud pattern recognition across tens of millions of returns and then audit trails through the banking and payments networks.

Photo Credit

Israel's Army of Cyber Kids

“We are bolstering our ability to deal with these threats via the Israel National Cyber Bureau (INCB) that we established,” (PM Netanyahu) added.

The new program, known as “Magshimim Le’umit,” is three years long and is aimed at outstanding pupils aged 16-18 from the periphery.

“To the outstanding pupils that are studying in the special program, I say: ‘You are the future interceptors for the State of Israel.’ We are one of the world’s leaders in the field of cybernetics, and we must maintain this position. Therefore, we will continue to cultivate the generation of the future,” the prime minister declared.

Jerusalem Post

Evolving security beyond anti-virus

“Rather than using a blacklist to block known threats—the conventional method employed by antivirus software—FireEye works by assuming everything is suspect and testing programs in a safe “sandbox” before allowing them to run on a machine. In November, the CEO of the major security vendor McAfee left to join FireEye, which claims that nearly 30 percent of Fortune 500 companies are its customers and has raised more than $100 million in venture capital funds.

FireEye is far from the only startup gaining traction as malware becomes more targeted and as the latest methods of the most sophisticated hackers become more quickly democratized and disseminated.”

MIT Technology Review

Free eBook download from FireEye

The Pesky Password Problem

One day we may no longer have to jump through all these hoops to protect ourselves. Everyone seems to be interested in solving the password mess, from Google to the National Institute of Standards and Technology, which is offering $10 million in grants for developers to come up with alternatives to password authentication. Even Ford (yes, the car company) is working on it, with a Chrome extension that automatically logs you in to sites when your phone is near your computer and backs out when you leave. If all else fails, there's potential in our brains: Researchers are working on training systems that teach humans to store random 30-character passwords in their subconscious. Now that's a smart password manager.

Popular Mechanics

The Polygrapher’s Algorithm

Bachenko is the co-founder of Deception Discovery Technologies, a company that takes transcripts of interviews and flags them for suspicious statements.

“We were interested in deceptive language and whether there could be a way to program a computer to be able to detect language in an interview or a deposition or testimony,” she says.

Over the years, data from cognitive science and criminal psychology have identified aberrations in the speech of people who are motivated to deceive. But the methods of this research have left something to be desired. Most of the work has been done in a laboratory setting, asking student participants to fabricate stories that contradict their own convictions.

While these experiments have opened new avenues of inquiry, Bachenko felt that in their premise they lacked the stress of a real-world situation. No one stood to really lose anything, and there was no saying how this would change the language the students were using.

“The work that had been done so far was coming up short,” says Bachenko.

With the help of Eileen Fitzpatrick, the chairwoman of the linguistics department at Montclair State University in New Jersey, she turned to a new source of data. Together, they compiled speech samples using public records—depositions from criminal trials, police interrogations, interviews before Congress—and performed painstaking background work to fact check every statement contained in them.

Txchnologist

Photo Credit

The Interrogation Bot

Just three sensors tell the Embodied Avatar kiosk everything it needs to know about whether someone is telling the truth. An infrared camera records eye movement and pupil dilation at up to 250 frames per second—the stress of lying tends to cause the pupils to dilate. A high-definition video camera captures fidgets such as shrugging, nodding, and scratching, which tend to increase during a deceptive statement. And a microphone collects vocal data, because lies often come with minute changes in pitch. Future versions of the machine might go even further—a weight-sensing platform could measure leg and foot shifts or toe scrunches, and a 3-D camera could track the movements of a person’s entire body.

Wired

What your hotel knows about you

Prying is the new pampering. The payoff, hospitality executives say, is the ability to tailor service to a guest without the guest’s initiating any requests herself. Under the old model, a guest would have to volunteer that she loves tennis and might enjoy a lesson. Now, ideally, she need no longer say a thing; the staff has already sussed her out and booked a nine o’clock with the pro. As for that quaint “pre-arrival questionnaire” they used to send to incoming guests? Nearly obsolete, except at the most traditional properties. Who has the time to fill one out? Besides, for many of us, our identities, preferences, and proclivities are already posted online, and ripe for the culling.

For hotel companies, social media has essentially become a sanctioned form of eavesdropping. “Hotels have trained their staff to be intense listeners and mine information about their guests. This gives them a whole new realm in which to listen,” says Niki Leondakis, CEO of Commune Hotels & Resorts (formerly the president and COO of Kimpton Hotels & Restaurants). And listen they do. At One&Only Resorts, reservation teams look up incoming guests on Twitter, work-related sites, and blogs, then draw up detailed profiles (photos included) to distribute to top-level managers. The St. Regis Bora Bora Resort, meanwhile, Googles every guest two weeks prior to arrival. “We actually create a little story about them—just a paragraph or so—and share that with the heads of each department at our daily NDA [next-day arrivals] meeting,” says general manager Michael Schoonewagen. (You didn’t know they had a little story about you, did you?) It’s not rocket science, Schoonewagen adds, and it doesn’t cost them a thing. “The first page of Google results is usually sufficient. We’re not digging into every last detail of someone’s life—we just want a picture of who they are.”

Travel & Lesiure