STE WILLIAMS

Lille, 13th November, 2013 – Pioneering standard-setter, Natural Security has today announced the launch and newly elected governing board of the world’s first open Alliance dedicated to secure transactions based on wireless and biometrics.

The Natural Security Alliance is comprised of some of the most influential companies in world from the retail, banking, payment provider, and IT Communities. All Alliance members share a strategic commitment to delivering mission-critical authentication and payment solutions based on biometric technology.

The Natural Security Alliance manages, maintains and enhances the Natural Security strong authentication specifications which uniquely combine wireless technology, a personal device and biometrics. The Alliance is already a success with the initial founding Board, Sponsor and Community level members: AS 24 (TOTAL group), Banque Accord, BizRaiser, BNP Paribas, Carrefour Banque, CITC-EuraRFID, Intervale, Concert International, Crdit Agricole, Crdit Mutuel Arkea, Dictao, Elitt, Galitt, Groupe Auchan, Groupement des cartes bancaires CB, ID3, Ingenico, Leroy Merlin, Mastercard, Oberthur Technologies, Paycert, PW Consultants, Sesame Touch, Six Payment Services, Swiss Capital International Group, Trust Designer, UINT, UL.

Cedric Hozanne, CEO of the Natural Security Alliance, commented on the launch, “The Natural Security Standard was developed in response to the authentication method required by the banks, retailers and manufacturers we were working with. We’ve invested a lot of time, effort and care into developing a truly unique authentication method that solves many modern issues relating to privacy, convenience and universality, including conducting the world’s first consumer trial of this technology.”

“To encourage and support widespread adoption of this method, we believe that the specifications need to be shared with industry stakeholders and development continued based on their requirements and input. Creating an open Alliance is now the perfect way for us to build an ecosystem that can achieve this.”

The Natural Security Alliance is open to all entities with an interest in strong authentication, such as banks, card schemes, retailers, manufacturers, testing and certification bodies.

Newly elected Natural Security Alliance Chairman, Jean-Pierre Viboud commented, “The Alliance was formed to provide a collaborative space for all professionals who are interested in biometrics and new payment systems to share and develop ideas for an open standard. We believe that this information sharing and access to the specifications is one of the main benefits for our members. As chairman my role is to ensure that the Alliance continues to grow and that we achieve, and continue working towards achieving, our missions. Ultimately, we hope that our standards and specifications will be used by everyone developing and using biometric systems for payment, logical access or IT access around the world.”

The Natural Security open Alliance has six main goals:

To gather members from all areas of the payments ecosystem (i.e. banks, merchants, manufacturers, integrators)

To evangelize educate the wider payments and consumer communities on the standard and other areas relating to authentication

To promote and encourage the development of products using the standard

To license manufacturers of products that use the standard

To drive evolution of the specifications to fill requirements of the market

To build an interoperability strategy including tests and certification processes for the standard

The first working-groups will be announced shortly, and topics will include EMV-based face-to-face payments and cash withdrawals, online authentication and mobile wallet for face-to-face payments.

The Natural Security open Alliance welcomes entities from all organisations interested in developing and using the standard and offers three levels of membership, Board, Sponsor and Community. To find out more about the Alliance, please visit www.naturalsecurityalliance.org.

ENDS

About Natural Security Alliance

The Natural Security Alliance is a global community of preeminent companies dedicated to accelerating the adoption and ongoing development of Natural Security Technology based solutions. The Natural Security Alliance is comprised of some of the most influential companies in world from the retail, banking, payment provider, and IT Communities. All Alliance members share a strategic commitment to delivering mission-critical authentication and payment solutions based on biometric technology. Visit www.naturalsecurityalliance.org for more information.

Article source: http://www.darkreading.com/intrusion-prevention/major-banks-card-schemes-retailers-and-v/240163902

Tenable Network Security, Inc., the leader in real-time vulnerability management, today announced that Amazon Web Services (AWS) customers can now leverage Nessus to scan, audit, and monitor software vulnerabilities on all of their Amazon Machine Images (AMI). Together, the collaboration between Tenable and AWS provides added security through unparalleled vulnerability, configuration and patch assessment- for enterprise customers looking to build, operate or maintain their applications in the AWS cloud.

With AWS’ shared responsibility security model, the company guarantees that its underlying cloud infrastructure is secure, reliable and flexible; while customers take responsibility for the security of their own AMI virtual appliance (guest OS and application). Tenable’s Nessus vulnerability scanner provides these customers with the ability to efficiently and effectively improve their protection efforts by securing the AMI virtual appliance throughout the software development, deployment and production lifecycle:

Development: scan AMI after each software build to ensure secure coding

Staging: scan AMI before deploying into production

Production: monitor AMI in a live AWS environment for the latest software threats and vulnerabilities

Equipped with plugins/checks specifically designed to detect vulnerabilities within AMIs, Nessus securely transmits scan results back to the Tenable SecurityCentertrade management console for analysis alongside on-premises scan results. With this integration, Tenable customers gain peace of mind knowing that critical IT applications are secure whether hosted on premises or in the AWS cloud.

“We use Tenable’s Nessus to secure our AMI before publishing to the AWS Marketplace,” said Kartik Trivedi, CEO of Symosis Security. “AWS provides our company with a secure, scalable cloud infrastructure, but we needed to ensure that our AWS image is securely developed and maintained. Nessus provides us that peace of mind.”

“We’re excited to welcome Tenable into the AWS Marketplace today,” said Terry Hanold, Vice President, Cloud Commerce, AWS. “With the addition of Tenable, AWS Marketplace customers are offered even further choice in security solutions to build on the AWS platform.”

Available now as a Nessus Virtual Scanner Appliance within the AWS Marketplace (https://aws.amazon.com/marketplace/pp/B00G9A5MS0), Tenable users can roll out new Nessus AMI instances under the company’s BYOL (Bring Your Own License) model. Because Nessus is available in the AWS Marketplace as a pre-built virtual appliance, users can deploy new Nessus instances quickly and easily. Once the AWS customer has purchased Nessus directly from Tenable (https://store.tenable.com) or a certified reseller, the customer will automatically receive an activation code to register and use the Nessus vulnerability scanner.

About Tenable Network Security

Tenable Network Security is relied upon by more than 20,000 organizations, including the entire U.S. Department of Defense and many of the world’s largest companies and governments, to stay ahead of emerging vulnerabilities, threats and compliance-related risks. Its solutions continue to set the standard to identify vulnerabilities, prevent attacks and comply with a multitude of regulatory requirements. For more information, please visit www.tenable.com.

Forward-Looking Statements

This announcement contains forward-looking statements within the meaning of Section 27A of the Securities Act of 1933 and Section 21E of the Securities Exchange Act of 1934. Actual results may differ significantly from management’s expectations. These forward-looking statements involve risks and uncertainties that include, among others, risks related to competition, management of growth, new products, services and technologies, potential fluctuations in operating results, international expansion, outcomes of legal proceedings and claims, fulfillment and data center optimization, seasonality, commercial agreements, acquisitions and strategic transactions, foreign exchange rates, system interruption, inventory, government regulation and taxation, payments and fraud. More information about factors that potentially could affect Amazon.com’s financial results is included in Amazon.com’s filings with the Securities and Exchange Commission, including its most recent Annual Report on Form 10-K and subsequent filings.

Article source: http://www.darkreading.com/applications/tenable-joins-aws-marketplace-to-provide/240163903

Tags: Adobe, AES, anonymous, arrest, breach, bust, chet chat, ECB, hackerphobia, Hackers, Microsoft, openssh, Patch Tuesday, singapore, sophos security, sscc

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/U2DDv-Tj0OE/

A US court has turned the tables on child abusers who use technology to share images of the abuse.

Specifically, a federal district judge in the US state of Vermont on Friday ruled that putting data up on a peer-to-peer (P2P) file-sharing network means you’ve made it publicly available and can’t then turn around and claim it was private.

The case involves three men charged with possessing child pornography who had filed a motion to suppress the evidence collected from their computer systems, saying that the files were private and the searches violated their Fourth Amendment rights against unreasonable search.

As Computerworld’s Jaikumar Vijayan reports, District Court Judge Christina Reiss wrote in a decision released on Friday that the defendants had essentially given up privacy claims by making the data publicly available on the internet over a P2P network.

The three defendants – Derek Thomas, Douglas Neale and Stephan Leikert – had earlier this year asked that the evidence be suppressed, claiming it had been obtained illegally.

The men contended that law enforcement’s use of the automated P2P search tool that collected information on private files held on their computers constituted a warrantless search.

Police used information about the files to obtain probable cause warrants. The defendants were later charged with possession of child pornography.

To collect the information, investigators used a software suite known as the Child Protection System that automatically searches P2P networks for query terms commonly used with child abuse content.

The police didn’t need to access the files, per se.

As Vijayan explains it, if a query-hit message indicated that it had found a file matching the query term, the application recorded the IP address, the files’ hash values, the actual file names, date and time of response, and other computer details.

The hit message identified the files on a particular computer that matched the query terms and were available for download by other users on the same P2P network.

The searches found that the three defendants’ computers contained files with digital signatures that exactly matched files that were known to contain images depicting child abuse.

When rejecting the defendants’ motion to suppress evidence collected in this manner, Judge Reiss noted that the police’s automated search hadn’t opened or downloaded anything.

All the tool did was to point out files that the defendants themselves had made publicly available for download via a P2P network.

She wrote:

The evidence overwhelmingly demonstrates that the only information accessed was made publicly available by the IP address or the software it was using. Accordingly, either intentionally or inadvertently, through the use of peer-to-peer file sharing software, Defendants exposed to the public the information they now claim was private.

The court’s finding that privacy can’t be expected when using a P2P network is nothing new; it only reiterates what many other courts have found, as a search on the legal blog FourthAmendment clearly shows.

The case in question was originally highlighted on the site, which is kept by John Wesley Hall, a criminal defense lawyer.

When I asked him about this finding, he said that it’s “the same as probably 50 other cases.”

He continued:

The only thing that’s surprising to me is that people still raise that issue. It’s a settled issue beyond peradventure as far as I’m concerned.

But while the P2P privacy ruling isn’t ground-breaking, the increasingly sophisticated use of internet technologies to catch child predators is at the very least ground-altering.

As pointed out in a recent University of Massachusetts/Amherst research paper on measuring and analysing child porn on P2P networks, such networks are the most popular mechanism for acquiring and distributing such imagery.

It’s a relief to find that the courts aren’t allowing child predators to hide their P2P tracks behind claims of Fourth Amendment violations.

Likewise, it’s encouraging that researchers are using sophisticated animation technologies to create a predator-detection tool such as Sweetie, the lifelike character used to seed 19 public online chat forums with convincing live-action motion that allowed researchers to identify 1,000 child webcam sex tourists.

Child predators are sophisticated users of technology. It’s enabled them to carry out their abuse to a disheartening degree.

Now, thanks to the use of technologies to ferret them out, and thanks to the courts refusing to let P2P technology be used as a smokescreen, we can hope that the tide is turning.

Follow @LisaVaas

Follow @NakedSecurity

Image of silence courtesy of Shutterstock.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/F4aSPRWQzks/

Thousands of people across Europe and, more specifically, in Northern Ireland have had their credit card and personal details stolen after a company which runs reward schemes was hacked.

Investigators have discovered that more than 376,000 people have had their details pilfered after Loyaltybuild’s data centre in County Clare, Ireland was breached. It is believed that a further 150,000 potential client records may also have been compromised.

Of this figure some 70,000 or so were SuperValu customers and over 8000 were clients of AXA Leisure Break.

SuperValu is now contacting its customers to advise them that there is a “high risk” that an unauthorised third party has accessed details of cards used to pay for Getaway Breaks between January 2011 and February 2012.

The company said that the Getaway Breaks booking system has now been suspended until further notice. The company also emphasised that only data collected through Loyaltybuild was at risk and that other SuperValu customers would not be affected.

AXA said it will be contacting all of its customers whose data may be at risk and will advise them to check their credit card statements for any unauthorised activity.

It is not just credit card data that has been stolen though – Ireland’s Office of the Data Protection Commissioner (ODPC) has revealed that over one million people have had their personal data taken too:

The inspection team also confirmed that name, address, phone number and email address of 1.12m clients were also taken. The initial indications are that these breaches were an external criminal act.

In a statement on its website Loyaltybuild said on Monday that it had been the victim of “a sophisticated criminal attack” and that it had informed the relevant authorities.

Loyaltybuild went on to say that:

We are working around the clock with our security experts to get to the bottom of this and to further enhance our security in order to protect our valued customers, who are of paramount importance to us.

The breach was originally discovered on October 25 – over two weeks before they disclosed the breach – which does make you wonder just how important it really feels its customers are.

The Irish Times said this morning that the stolen financial information was stored in an unencrypted format, along with the 3-digit CSV numbers found on the back of all credit cards.

Oh dear.

Ireland’s Data protection Commissioner, Billy Hawkes, told RTE’s Morning Ireland program that:

It’s important that the customers affected actually look and check with their financial institutions, identify if there are any transactions they didn’t authorise.

The Commissioner also told the program that his team will continue to investigate the breach in order to discover the full extent of the stolen data and may need to call upon the services of Interpol to aid in the investigation.

One area which they continue to examine is the possibility that passwords may have also been compromised. Given that many people still recycle passwords, all Loyaltybuild customers should change theirs immediately, irrespective of the ODPC’s subsequent findings.

It’s another reminder to us all to not use the same password on multiple sites.

Loyaltybuild customers should also be extra vigilant in respect of any emails they receive in the coming weeks – there is a possibility that whoever has this customer data could use it to execute a targeted phishing campaign.

If you are concerned you may have been affected by this breach, you can contact SuperValu on 0870 178 2002 and AXA on 0870 162 0053.

Follow @Security_FAQs
Follow @NakedSecurity

Image of hacking sign courtesy of Shutterstock.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/KGBc4lk-kR4/

5 ways to reduce advertising network latency

At least 3,000 SAP systems are directly exposed to the internet, providing direct access to core corporate systems for potential attackers, according to a penetration-testing firm.

Rapid7, the firm behind the Metasploit penetration-testing tool, carried out the scanning exercise in the wake of the discovery of a banking Trojan that had been modified to look for SAP GUI installations, a worrying sign that SAP system hacking is moving towards into mainstream cybercrime.

Once the domain of a few isolated APT attacks, SAP appears to be in the crosshairs of hackers that know just how much sensitive data enterprise resource planning (ERP) systems house, including financial, customer, employee and production records. SAP’s tens of thousands of customers may see an increase of attacks and their customers face the threat of data theft, fraud and sabotage.

“This trend is not really surprising, given that financial, customer, employee and production data reside in a company’s enterprise resource planning (ERP) systems — and they are juicy targets for all sorts of malicious hackers,” writes Christian Kirsch, product marketing manager for Metasploit at Rapid7, in a blog post.

Too big to fail

He adds: “What’s worse, these systems have often organically grown over decades and are so complex that few people understand their organisation’s entire ecosystem, let alone some of SAP’s protocols and components that are not publicly documented.”

Kirsch goes on to list a range of criminal scams that might be possible after hacking into vulnerable SAP installs. “Organised cyber-crime often looks for credit card numbers contained in business transaction data, which they use to conduct fraudulent transactions. They can extract social security numbers in an employee database to conduct identity theft. By changing the payee account details in the system, they can redirect funds into their own accounts and go home with a hefty paycheck,” Kirsch warns.

“State-sponsored hacking groups regularly break into enterprises for purposes of industrial espionage,” he adds. ERP systems provide them with a wealth of data to pass on to their domestic industry – as well as a chance to sabotage production flows and financial data. As a result, mergers and acquisitions may fall through or foreign competitors may get a head start on copying the latest technology.”

5,000 SAP routers publicly exposed on the internet

SAP security specialists ERPScan, the firm that discovered the SAP-probing variant of the Shiz Trojan, reckons 3,400 SAP systems are exposed online (the difference in figures is because Rapid7 is only looking at web-based systems, according to ERPScan). However this isn’t even the worst of the problem with insecure ERP systems.

“What is more critical is that almost 5,000 SAP routers are published on the internet and 85 per cent of them are vulnerable to remote code execution,” Alexander Polyakov, CTO and co-founder of ERPScan, told El Reg.

“Thousands of other services are also exposed – at least 10,000 were found during some scans but it’s very hard to calculate the full number,” he added.

The latest annual survey (PDF) into the state of SAP security by ERPScan found that the most popular release SAP release is still NetWeaver 7.0, which was released in 2005 but still commands 35 per cent of the market. The general state of SAP security is getting worse, ERPScan concludes.

“Old issues are being patched, but a lot of new systems have vulnerabilities. SAP acquires new companies and invents new technologies faster than researchers analyse them,” according to the ERP security specialists.

Separately, Rapid7 has released a research paper on conducting penetration tests on SAP systems. The research report gives an overview of key SAP components, explores how consultants can map out the system before an attack, and gives step-by-step examples on how to exploit vulnerabilities and brute-force logins.

These methods have been implemented and published in the form of more than 50 modules for Metasploit, Rapid7’s open-source penetration-testing software. The modules enable organisations to test whether their own systems could be penetrated by an attacker.

The research paper, SAP Penetration Testing Using Metasploit – How to Protect Sensitive ERP Data, can be found here (free but registration required).

We invited SAP to comment on Rapid7 and ERPScan’s assessments of the general state of corporate security tied to running and maintaining its software. The software giant has been in touch to say it is reviewing the reports. We’ll update as and when we hear more. ®

Free Regcast : Managing Multi-Vendor Devices with System Centre 2012

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/11/13/sap_insecurity/

5 ways to reduce advertising network latency

The mystery malware inadvertently brought into space by scientists which then infected the International Space Station has been identified as a gaming Trojan.

The historical infection actually happened five years ago in 2008 but was propelled back into the news again last week as the result of a recent speech by Eugene Kaspersky, boss of Russian antivirus firm Kaspersky Lab.

Speaking the members of the Australian media during a presentation at the Canberra Press Club, Kaspersky said that malware was everywhere and that even Windows machines used by scientists on the International Space Station had been affected with malware.

Virus and Trojans on computers on the orbital platform have continued to prove an occasional problem, according to Kaspersky, who explained that malware pathogens hitched a ride on removable media carried up onto the space station by astronauts.

Kaspersky said: “Scientists, from time to time, they are coming to space with USBs which are infected. I’m not kidding. I was talking to a Russian space guys and they said from time to time there are virus epidemics in the space station.”

The remarks are recorded (shortly after the 18-minute mark) in a video of the presentation put together by SC Magazine (below).

Kaspersky didn’t identify the malware at the time, and the listening press pack didn’t ask, but he has since identified the malware as Gammima-AG, a Trojan designed to steal online gaming passwords. The Russian antivirus boss referred to earlier reports of the incident – which caused no damage or disruption but illustrates the point that Windows systems everywhere are wide open to infection. It also highlights how USB sticks can easily spread digital nasties.

During the same speech in Australia, Kaspersky separately revealed that Stuxnet had infected the internal network of a Russian nuclear plant after causing chaos in Iran’s nuclear enrichment programme, something that unlike the ISS infection does represent new information.

Kaspersky said he heard about the infection from a “friend of mine” at the unnamed nuclear plant. “[The staff] sent a message their nuclear plant network which was disconnected from the internet… was badly infected by Stuxnet,” Kaspersky said.

The malware apparently reached the air-gapped network of the nuke plant via, stop us if you’ve guessed this already, an infected USB stick. Neither independent experts nor Kaspersky suggest the malware did any particular harm but the spread of such a notorious pathogen is none the less noteworthy.

Stuxnet

Stuxnet famously hobbled high-speed centrifuges at Iran’s uranium enrichment facility at Natanz in 2009 and 2010 after infecting computers connected to SCADA industrial control systems at the plant. Stuxnet was reportedly developed as part of a wider US-Israeli information warfare effort, codenamed Operation Olympic Games, that began under the presidency of George W Bush.

The worm was detected after it escaped onto the internet, and was first described by Belarussian firm VirusBlokAda in June 2010. Subsequent analysis revealed that although Stuxnet spread indiscriminately across Windows systems, its malware payload only came into play in screwing up the operation of industrial control systems from Siemens. Additionally, it only activated when the kit was being used to control high-speed equipment such as Iran’s nuke purifying centrifuges. Nothing would happen to the same type of kit within a milk-bottling factory or an escalator control mechanism that became infected.

Kaspersky never said that Stuxnet infected the ISS, a point he has since been obliged to re-emphasise (here and here) following misleading reports by some media outlets. He said that the space station has a SCADA system but it is controlled and managed by a Linux-based systems.

Re-bootnote

Back in May we reported how the ISS crew would soon be trading in their old Windows XP laptops for Debian-powered systems. The ISS has over 140 laptops on board, around 80 of which are working at any one time, many of which are connected to the space station’s Operations Local Area Network (Ops LAN).

United Space Alliance (USA), the Earth-based contractor which maintains Ops LAN, is migrating the systems away from Windows XP (which is due to go into retirement next May) to one that gave it greater control and offered greater stability.

The move to Linux vastly reduces the possibility of future malware infection even thought it might cause headaches in finding open-source builds of current Windows-based scientific applications, among other issues.

Free Regcast : Managing Multi-Vendor Devices with System Centre 2012

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/11/13/space_station_malware_not_stuxnet/

While business cloud providers generally offer services more securely than an average company can deploy in-house, such services still represent a significant vulnerability that needs to be managed by the business, say security experts.

The dangers are not due, necessarily, to vulnerabilities in the provider’s service or network, but in the service’s ubiquity and the lack of visibility that companies have into their workers’ usage of the service, says Assaf Rappaport, co-founder and CEO of cloud-security startup Adallom. An employee, for example, could go home and sign into a company’s cloud service from a family computer. If that computer is infected, then attackers have access to valuable business data.

This happened to one client, Rappaport says, and the result was the loss of its company’s entire customer database.

“If I am the attacker, I am not going to breach the cloud service’s back-end,” he says. “I’m going to look at the weakest link, which is your users, because the easiest way to steal your data is to go through the front gate.”

Cloud services are quickly being adopted by companies — many times without official support — and accessed by employees on a variety of personal devices that may not be secure. The average company has about 550 cloud services being used by employees, many of which are high-risk consumer services that do not have adequate security controls, according to data from Skyhigh Networks, a cloud-security provider. Software development, marketing, and productivity services are the least mature, according to a separate study by Netskope, a cloud-service risk management firm.

“I think cloud services expose a very big vulnerability,” says Krishna Narayanaswamy, chief scientist at Netskope. “Companies are not aware of what their employees are using or how they are using it. It is a vector that is not covered by any existing technologies.”

The major threat for companies using the cloud is the loss of user credentials. Attackers do not have to compromise the cloud provider to get access to a business’ data because the providers do not typically check for what device or network a request originates, says Adallom’s Rappaport.

“The most simple attacks that we saw a decade ago are the most effective in the SaaS world,” he says. “If I have your credentials to Salesforce or Office365, then it is not relevant what endpoint and what network you are coming from.”

[Scoring services seek to measure the security of almost every step of the business supply chain, from suppliers and transactions to applications and services. See Security Ratings Proliferate As Firms Seek Better Intel.]

Yet another threat is a compromised device. Because employees are increasingly bringing their personal devices into the workplace, or doing work from shared devices at home, companies are hard-pressed to secure the endpoints. Instead, they need to assess their use of cloud services to gain visibility into what is being used by employees.

Companies have to determine what cloud services employees are using, says John Howie, chief operating officer for the Cloud Security Alliance. Increasingly, third-party providers are offering reverse-proxy services to monitor employee usage of the cloud, but even offering incentives for employees to identify the cloud services they are using can improve visibility.

“If they don’t know what data has been out of their control, it may require breach notification, and for that reason, some companies think ignorance is a better position to be in rather than knowing what is going on,” Howie says. “And that is very scary.”

Work with your employees who are using cloud services and get them to clean out their personal services of any corporate data, he says.

The vulnerability posed by cloud services needs to be managed, but the situation is not all that new, he adds. In the past, companies had to deal with business groups setting up their own servers and other hardware to offer their own collaboration services or file server, he says.

“Any business group could buy a server, stick it under someone’s desk, and throw content on there,” Howie says. “It the same thing today, except the business group is going to the cloud.”

Yet companies also have to audit their users’ usage of the cloud. Large companies can audit their own cloud usage and analyze the logs of users’ activity, but a more common approach will likely be to use a third-party provider to log and analyze activity. A number of reverse proxy services, including Skyhigh Networks and Adallom’s beta service, will allow companies to alert on anomalous activity.

“If an employee who normally downloads information on 10 clients a day is suddenly downloading 500 clients a day, then there is a problem,” says Rajiv Gupta, co-founder and CEO of Skyhigh Networks.

While adding on auditing capabilities gives companies a more standard approach to assessing and analyzing their cloud usage, Gupta expects many providers of cloud business solutions to expose more security information to their customers. One reason: Scoring the trust level of the cloud service will give companies a metric on which to compete on their efforts, he says.

“What we expect that — over time, as we show them the problems — they will work with us to reduce the risk to their customers,” Gupta says. “It’s better for them and better for the industry.”

Have a comment on this story? Please click “Add Your Comment” below. If you’d like to contact Dark Reading’s editors directly, send us a message.

Article source: http://www.darkreading.com/vulnerability/services-offer-visibility-into-cloud-bli/240163866

BROOKLYN, NY – Earlier today, Evan Jose Pea pleaded guilty to participating in two worldwide cyberattacks that inflicted $45 million in losses on the global financial system in a matter of hours. Pea’s plea followed two other guilty pleas in this case entered by defendants Emir Yasser Yeje and Elvis Rafael Rodriguez in October 2013. These three defendants were members of the New York-based cell of an international cybercrime organization that used sophisticated intrusion techniques to hack into the systems of global financial institutions, steal prepaid debit card data, and eliminate withdrawal limits. The stolen card data was then instantly disseminated worldwide and used in making fraudulent ATM withdrawals on a massive scale across the globe. The New York cell in which Pena, Yeje, and Rodriguez participated withdrew almost $2.8 million in a matter of hours.

The pleas were announced by Loretta E. Lynch, United States Attorney for the Eastern District of New York, and Steven Hughes, Special Agent in Charge, United States Secret Service, New York Field Office.

“These three defendants participated in a criminal flash mob, using data stolen through the most sophisticated hacking techniques to withdraw millions of dollars in mere hours in an unprecedented cyber heist,” stated United States Attorney Lynch. “Their pleas demonstrate that the United States government will not relent in its efforts to investigate and prosecute the perpetrators of these financially devastating cyberattacks.” Ms. Lynch expressed her grateful appreciation to the United States Secret Service, New York Field Office for their work on the investigation.

The “Unlimited Operation”

As alleged in the indictment and other court filings, the cyberattacks employed by the defendants and their co-conspirators in this case are known in the cyber underworld as “Unlimited Operations” — through its hacking “operation,” the cybercrime organization can access virtually “unlimited” criminal proceeds.

The “Unlimited Operation” begins when the cybercrime organization hacks into the computer systems of a payment card processor, compromises prepaid debit card accounts, and essentially eliminates the withdrawal limits and account balances of those accounts and also manipulates the security protocols that would alert the victim to the attack. The compromised card data is then distributed to cells worldwide who use the data to encode magnetic stripe cards to use at ATMs. These sophisticated techniques enable the participants to withdraw literally unlimited amounts of cash until the operation is finally detected and shut down. “Unlimited Operations” are marked by three key characteristics: (1) the surgical precision of the hackers carrying out the cyberattack, (2) the global nature of the cybercrime organization, and (3) the speed and coordination with which the organization executes its operations on the ground. These attacks rely upon both highly sophisticated hackers and organized criminal cells whose role is to withdraw the cash as quickly as possible.

The Defendants’ Roles in the Charged Cyberattacks

Evan Pea, Elvis Rafael Rodriguez, and Emir Yasser Yeje participated in two recent “Unlimited Operations” of staggering size. The first operation, on December 22, 2012, targeted a payment card processor that processed transactions for prepaid MasterCard debit cards issued by the National Bank of Ras Al-Khaimah PSC, also known as RAKBANK, in the United Arab Emirates. After the hackers penetrated the credit card processor’s computer network, compromised the RAKBANK prepaid card accounts, and manipulated the balances and withdrawal limits, casher cells across the globe operated a coordinated ATM withdrawal campaign. In total, more than 4,500 ATM transactions were conducted in approximately 20 countries around the world using the compromised RAKBANK account data, resulting in approximately $5 million in losses to the credit card processor and RAKBANK.

The second, and even more damaging, of these Unlimited Operations occurred on the afternoon of February 19 and lasted into the early morning of February 20, 2013. This operation again breached the network of a payment card processor that serviced MasterCard prepaid debit cards, this time issued by Bank Muscat, located in Oman. Again, after the cybercrime organization’s hackers compromised Bank of Muscat prepaid debit card accounts and distributed the data, the organization’s casher cells engaged in a worldwide ATM withdrawal campaign. Over the course of approximately 10 hours, cyber cells in 24 countries executed approximately 36,000 transactions worldwide and withdrew about $40 million from ATMs.

Pea, Rodriguez, and Yeje operated the New York cell of “cashers,” who encoded magnetic stripe cards, such as gift cards, with the compromised card data. After receiving the compromised account information and personal identification numbers (PINs) for the hacked accounts, the defendants’ cells sprang into action, immediately fanning out across the New York area making thousands of withdrawals from ATMs. During the RAKBANK Unlimited Operation, over the course of just two hours and 25 minutes, the defendants and their co-conspirators conducted approximately 750 fraudulent transactions, totaling nearly $400,000, at over 140 different ATM locations in New York City. The Bank Muscat Unlimited Operation was even more devastating. From 3 p.m. on February 19 through 1:26 a.m. on February 20, the defendants and their co-conspirators withdrew approximately $2.4 million in nearly 3,000 ATM withdrawals in the New York City area.

The defendants then passed portions of the proceeds back to the hackers organizing the attack and kept the rest for themselves. Notably, defendants Rodriguez and Yeje laundered hundreds of thousands of dollars in illicit cash proceeds. In one transaction alone, nearly $150,000 in the form of 7,491 $20 bills, was deposited at a bank branch in Miami, Florida, into an account controlled by defendant Alberto Yusi Lajud-Pea, who is now deceased. New York cell members also invested the criminal proceeds in portable luxury goods, such as expensive watches and cars. To date, the United States has seized hundreds of thousands of dollars in cash, bank accounts, and luxury merchandise, including two Rolex watches and a Mercedes SUV, and is in the process of forfeiting a Porsche Panamera. The Mercedes and Porsche were purchased with $250,000 in proceeds of this scheme.

In announcing the pleas, United States Attorney Lynch praised the extraordinary efforts of the Secret Service in responding to these attacks and investigating both the complex network intrusions that occurred overseas and the criminal activity occurring locally, and also expressed gratitude to U.S. Immigration and Customs Enforcement (ICE), Homeland Security Investigations (HSI) in New York for their assistance in this investigation. Ms. Lynch also thanked MasterCard, RAKBANK, and Bank Muscat for their cooperation with this investigation.

Today’s plea took place before United States District Judge Kiyo A. Matsumoto. When sentenced, the defendants face up to 7.5 years in prison, as well as forfeiture and a fine of up to $250,000.

The government’s case is being prosecuted by Assistant United States Attorneys Cristina Posa, Hilary Jager, David Sarratt, and Brian Morris.

Article source: http://www.darkreading.com/attacks-breaches/members-of-new-york-cell-of-cybercrime-o/240163879

ARMONK, N.Y., Nov. 13, 2013 /PRNewswire/ — IBM (NYSE: IBM) today announced a definitive agreement to acquire Fiberlink Communications, a mobile management and security company. Financial terms were not disclosed.

With Fiberlink’s MaaS360 cloud-based offerings, IBM will expand its bring your own device (BYOD) capabilities to deliver a complete mobile management and security solution through IBM MobileFirst that includes trusted transactions and security intelligence capabilities for mobile apps, users, content and data.

This announcement is another milestone in IBM’s strategy to build the industry’s most comprehensive set of mobile capabilities while eliminating barriers to adoption and accelerating the productivity benefits of mobility. At the same time, IBM is expanding the vision for enterprise mobility management to also include secure transactions between businesses, partners and customers.

“In a mobile first world, clients require a comprehensive mobile management and security offering. Often times they integrate solutions on their own and take on unnecessary risk,” said Robert LeBlanc, IBM senior vice president, Middleware Software. “To protect and enhance the complete mobile experience, it’s crucial to secure the app, user, content, data and the transaction. The acquisition of Fiberlink will enable us to offer these expanded capabilities to our clients, making it simple and quick to unlock the full potential of mobility.”

Today’s announcement builds on the IBM MobileFirst strategy of bringing all mobile resources together in one platform. For example, organizations of all sizes will be able to build secure apps by design with IBM Worklight and IBM Security AppScan, deliver trusted transactions through integrated threat intelligence with Trusteer, and improve the user experience with Tealeaf. Now organizations can break free from one-size-fits-all security strategies and create more flexible, personalized mobile experiences that balance enterprise security with user privacy.

MaaS360 will become part of IBM’s Software as a Service (SaaS) portfolio of more than 100 cloud services. IBM plans to offer MaaS360 on the IBM SoftLayer cloud infrastructure.

Maximizing the Productivity Benefits of Mobility A new report by the IBM Institute for Business Value (IBV)1 found that using mobility to enable a more productive workforce is an important goal for many organizations. In fact, half of the respondents reported a greater than 10% gain in employee productivity as a result of their mobile efforts.

Additionally, the majority of respondents (58 percent) claimed “faster response time to customers” as one of the most important benefits of using mobile to improve employee productivity.

MaaS360 is being used across a variety of industries worldwide including financial services, healthcare and manufacturing. Using a cloud-based delivery model, MaaS360 decreases the amount of time and cost required for IT teams to support corporate BYOD programs. MaaS360 end-users can often enroll devices in less than five minutes with self service.

“While the proliferation of mobile devices provides great flexibility and agility for organizations, it also increases the complexity to manage and protect corporate data,” said Jim Sheward, CEO, Fiberlink. “We are looking forward to becoming part of IBM’s strategy to put mobile first and deliver holistic mobile device and app management and security for today’s always-connected workforce.”

MaaS360 will enable IBM to offer either cloud-based or on-premise mobile device management (MDM), mobile content management (MCM), and mobile application management (MAM) including containerization. Organizations will gain the building blocks to separate personal from enterprise data and content on mobile devices.

Additionally, the combination of IBM Endpoint Manager and MaaS360 will allow IBM to offer Unified Device Management, supporting either SaaS or on-premise deployments for all of an organization’s endpoints – from laptop, desktop and server to mobile devices. IBM also offers a range of other security solutions and services that address common enterprise mobility challenges including IBM Security Access Manager for Cloud and Mobile.

To hear more about today’s announcement and learn how organizations can benefit from IBM and Fiberlink, click here.

The acquisition is expected to close later this year and is subject to regulatory review and the satisfaction of customary closing conditions.

About IBM MobileFirst

As the first new technology platform for business to emerge since the World Wide Web, mobile computing represents one of the greatest opportunities for organizations to expand their business. Based on nearly 1,000 customer engagements, more than 10 mobile-related acquisitions in the last four years, a team of thousands of mobile experts and 270 patents in wireless innovations, IBM MobileFirst provides the key elements of an application and data platform with the management, security and analytics capabilities needed for the enterprise.

To learn more about IBM MobileFirst solutions visit the press kit or http://www.ibm.com/mobilefirst. Follow @ibmmobile on Twitter, and see IBM MobileFirst on YouTube, Tumblr and Facebook.

To learn more about IBM security solutions, visit: http://www.ibm.com/security

To learn more about IBM Cloud and Smarter Infrastructure solutions, visit:

http://ibm.co/cloudsi

About Fiberlink

MaaS360 by Fiberlink is the trusted enterprise mobility management solution to customers worldwide — from Fortune 500 companies to small businesses. We make working in a mobile world simple and safe by delivering comprehensive mobile security and management for applications, documents, email and devices.

Instantly accessible from the web, MaaS360 is easy to use and maintain and provides the flexibility organizations need to fully embrace mobility in every aspect of their business. Backed by the most responsive support in the industry, we put our customers first by providing them with the best user experience for IT and employees. Fiberlink is headquartered in Blue Bell, Pennsylvania. To learn more go to http://www.maas360.com.

Article source: http://www.darkreading.com/mobile/ibm-to-acquire-fiberlink-communications/240163880