On Q Professional Investigations

Apple is expected to unveil its next iPhone at a special event on Sept. 10, sources told AllThingsD.

The launch comes at an important time for Apple, which continues to make a lot of money from the iPhone but has seen its global market share dip amid a growing wave of lower-cost Android devices, as well as an intense battle with archrival Samsung.

One of the key questions is whether Apple adopts a new tactic to address the midrange of the smartphone market. Historically, Apple has gone after those customers by offering its year-old and two-year-old models for $100 and $200 less than a new iPhone. However, there has been a great deal of talk that the company will debut a new lower-cost iPhone alongside whatever update it has in store for the current iPhone 5.

Much of the speculation there has centered on the usual kinds of camera and processor enhancements, as well as the likelihood of a fingerprint sensor.

That has been expected ever since Apple acquired Authentec last year.

Naturally, any new phones will be running iOS 7, which has been in testing since its announcement at Apple’s developer conference in June. The new software includes a radical redesign of the overall look of the iPhone’s menus and icons, but the other new features are largely incremental updates, such as improved notifications, better photo-organizing abilities and additional capabilities for developers.

This has become something of a pattern for Apple, which typically debuts its software update at its June developer conference, tests it for a couple months, then shows the new hardware a couple weeks ahead of the new phone’s availability. The iOS update is also available for older models. Apple has already said that iOS 7 will work on many recent iPhones, iPads and iPod touch devices.

Apple is also expected to formally launch the next version of Mac OS X, known as Mavericks, in the coming weeks, though that is not expected at the Sept. 10 event.

An Apple representative declined to comment on the timing of any upcoming events.

Consumers, investors (and reportedly board members, as well) have been pressing Apple for a more rapid pace of innovation.

The company has long been rumored to also be working on television and watch projects, though there is no indication either of those are close to debuting.

View Source

Prior to President Obama’s press conference on potential surveillance reform today, two important stories were published showing National Security Agency (NSA) surveillance has gone farther than government officials have admitted publicly. Now that the President has promised transparency on NSA surveillance, it’s time for the NSA to come completely clean to the American public. They can start by explaining—in detail—how and why they are obtaining the content of communications transiting telecom networks, which then go into the databases behind NSA programs.

First, the background: on Thursday, the New York Times published a blockbuster story on its front page, detailing how the NSA “is searching the contents of vast amounts of Americans’ e-mail and text communications into and out of the country.” Today, the Guardian published more secret documents and an interview with Sen. Ron Wyden (D-Ore) showing that the NSA has secret permission to search its vast databases of individual Americans’ communications without a warrant.

These stories add to the towering pile of revelations showing that the NSA and the administration are not being honest with the American public – not just omitting classified information, but affirmatively misleading. The government has implied, on numerous occasions, that the content program was narrow, and required a court order for United States persons.

The New York Times explained how the NSA could technically search such vast quantities of email:

Computer scientists said that it would be difficult to systematically search the contents of the communications without first gathering nearly all cross-border text-based data; fiber-optic networks work by breaking messages into tiny packets that flow at the speed of light over different pathways to their shared destination, so they would need to be captured and reassembled.

Sound familiar? That’s because we have known since 2006 that the NSA built a secret room in AT&T’s facilities in San Francisco to do this gathering (plus more). The facilities, including a bank of fiber optic splitters, make a copy of all communications traveling over AT&T’s fiber optic cables connecting AT&T’s network to the Internet.

AT&T whistleblower Mark Klein gave us blueprints and photos of the room, plus descriptions of the filtering and selection technologies inside at the time and we’ve been involved in two long running lawsuits over it ever since. Mark Klein’s evidence indicates several other facilities exist in the Western U.S. plus one in Atlanta. In addition, former NSA mathematician William Binney estimates the NSA did something similar in 10-20 key telecom switches around the country. NSA slides published by the Guardian confirm the NSA has this type of access, and the New York Times story this week just provides the latest evidence.

Nevertheless, the Administration has failed to engage in an honest debate about the splitters. Congress needs to pick up the ball and demand public answers, including:

-how many fiber optic splitters are in operation in the U.S.
-how many splitters (anywhere) divert the communications of U.S. persons?
-how much content is diverted each day? (measured by number of people, number of message, and number of petabytes).
-how much content is stored?
-what type of filters are used, and at what point in the process?

The time for vague dismissals of these charges, or vague, misleading discussions, has past.

View Source

Forced by recent leaks to respond to criticism that the government is exploiting legal loopholes to conduct widespread surveillance of U.S. citizens, President Barack Obama publicly acknowledged today that the government needs to be more transparent about its surveillance activities. Obama promised a broad review of the programs to determine what changes Congress needs to make to the Patriot Act to protect privacy and civil liberties.

Obama said that while he is confident the government is not currently abusing its legal powers with the surveillance programs, “given the history of abuse by government, it’s right to ask questions about surveillance, particularly as technology is reshaping every aspect of our lives.”

Obama denied that the move for reform was motivated by recent leaks to the press from NSA whistleblower Edward Snowden and said that the review and changes were in place before the leaks occurred and would have happened anyway.

“There’s no doubt that Mr. Snowden’s leaks triggered a much more rapid and passionate response than would have been the case if I had simply appointed this review board to go through and I had sat down with Congress,” he said. “It would have been less exciting, it would not have generated this much press. [But] I actually think it would have got to the same place and we would have done so without putting at risk our national security.”

Obama had called for a review of the programs in April, before the Guardian newspaper began publishing the first leaks from Snowden. But the review was a secretive closed-door process. Snowden’s leaks have forced the issues into the spotlight and ensured that the public has been able to voice its concerns and anger over the programs and pressure Congress to fully engage in ways they have failed to do until now.

Speaking at a press conference on Friday, Obama laid out four areas for reform that included working with Congress to determine what changes need to be made to increase oversight of the Patriot Act, particularly Section 215 of the law that the government has been using for widespread collection of phone records of U.S. citizens. The existence of the phone records collection program was first reported by USA Today in 2006, though phone companies had denied it at the time. Documents leaked by Snowden to the Guardian detailed the extent to which the government was collecting, storing and using the records.

“This program is an important tool in our effort to disrupt terrorist plots,” Obama said, “[but] given the scale of those programs, I understand the concerns of those who worry that it could be subject to abuse.”

Obama also called for a review of Foreign Intelligence Surveillance Court procedures to determine how they can be more adversarial so that judges reviewing government requests for surveillance are forced to consider privacy and civil liberties with the same weight they now consider security concerns.

Critics say the secret court is a rubber stamp, since judges hear only one-sided arguments from the government about why they should approve surveillance requests, and that the court rarely rejects any requests for surveillance or engages in followup oversight to determine that the surveillance has actually been executed in a manner that comports to the law and protects civil liberties.

Obama said he had called for the creation of a privacy and civil liberties task force that will produce an initial report within 60 days and a full report by the end of the year.

The American Civil Liberties Union was unimpressed with the president’s statements about reform, saying they didn’t go far enough.

“While the initial reforms outlined by the president are a necessary and welcome first step, they are not nearly sufficient,” ACLU Executive Director Anthony D. Romero said in a statement. “The bulk collection of Americans’ phone records is only one of several troubling programs disclosed over the last two months. The president must work with members of Congress to reform all of these surveillance programs, including those authorized by Section 702 of the FISA Amendments Act, which collect, monitor and retain the contents of Americans’ communications without a warrant. We also urge the president to release the relevant FISA Court opinions and agency memos that have created a body of secret law that is far removed from public oversight and adequate congressional review. We must ensure that the government’s surveillance programs once again adhere to the protections afforded by the Fourth Amendment.”

View Source

What’s the most persistent digital divide in America? It isn’t by race, income or educational attainment, studies show, but by age.

Just 56 percent of Americans over 65 are online, according to a May study by the Pew Internet and American Life Project, compared with 83 percent of people aged 50 to 64, 92 percent of people 30 to 49 and 98 percent of 18-to-29 year olds. The 2013 study represented the first time the percentage of America’s online elderly tipped over the 50 percent mark.

The racial divide, by comparison, only runs from 76 percent of Hispanic Americans who are online to 85 percent of blacks and 86 percent of non-Hispanic whites, Pew found.

The divide measured by income is somewhat greater, from 76 percent of households that make less than $30,000 per year to 96 percent of households that make more than $75,000. The education divide comes closest to the age divide. About 59 percent of Americans who didn’t complete high school are online, Pew found, compared with 96 percent of college graduates.

The effects of this divide can be pernicious, said Tony Sarmiento, executive director of Senior Service America, a Washington-area nonprofit that works to increase Internet use among the elderly. Disconnected seniors are more likely to feel isolated and sink into depression, Sarmiento said, especially if they’re housebound by physical ailments or have lost much of their nondigital social circle to death, disease or dementia.

A 2009 report by the Phoenix Center for Advanced Legal and Economic Public Policy Studies found a 20 percent reduction in depression among seniors who are online compared with those who are not.

“We all end up paying for that in terms of older people needing more care because their health deteriorates,” Sarmiento said. “So being able to lessen that isolation online, not just with email but with Skype and things like that could have a tremendous impact.”

Retirees who need to return to the workforce because of reductions to their pensions are also finding it more difficult because job postings are increasingly only online, Sarmiento said. That’s not to mention the struggle of actually competing in the increasingly digital workforce.

This digital divide is even more exaggerated when it comes to mobile.

Only 18 percent of American seniors use smartphones, according to a Pew study released in June, compared with 55 percent of Americans aged 45 to 54, 69 percent of Americans 35 to 44 and about 80 percent of Americans 18 to 34.

A Pew study released Monday showed 43 percent of America’s online seniors use social media now. That’s more than triple the 13 percent who used those sites in 2009 but roughly half the 72 percent of total Americans who use social networking.

Nextgov spoke with Sarmiento Tuesday about why the digital divide persists among seniors, what it means and what government can and should be doing about it. The transcript is edited for length and clarity.

What lessons do you take from studies showing more older Americans are using the Internet, smartphones and Web services such as social networking?

Well, the good news is that last year you had a majority of older Americans online, but that’s a slim majority. That means there are 24 million who are not online and it doesn’t look as if there’s much effort to do anything about that. There are a number of interrelated reasons why the digital divide among those older people persists but in the end I think the current publicly funded efforts and market forces aren’t making much of a dent.

What did you think about the Pew findings released Monday showing a tripling of seniors using social media?

The thing I took away from the latest findings is that once an older person goes online what they use the Internet for is becoming more and more similar to other users. Also, as the kinds of services available on the Internet continue to change, it’s becoming clear that the digital divide isn’t a fixed idea. We used to think the wrong side of the divide meant not having dial up at home. Now the threshold that separates the right and wrong sides of the divide may not be just having broadband at home. Maybe you do need mobile access. Maybe you need to be able to do social media.

What keeps elderly people from getting online?

One of the big hurdles is there are a lot of people who say ‘I’ve lived 65 or 70 or 90 years and I never needed this before so why do I need it now?’ One early report Pew did that stuck with me is they looked at people with less income and less education and then they compared older and younger people with those characteristics. The big change they found in terms of being on the wrong side of the digital divide is that no one had to convince young people they were missing out on something. Their peers were online and they got the sense there was all sorts of stuff they were missing.

Older people too often believe ‘there’s nothing in it for me. Why should I deal with the hassle of a new bill or a new technology or another damn remote,’ let alone the trouble of learning all this stuff. When you don’t know what you’re missing you’re much tougher to reach as a potential market. What we’ve learned when we’ve reached out to older adults is you’re not going to break through this irrelevancy barrier by some kind of mass media campaign. It has to be with a personal touch where one older person helps another older person discover ‘hey, you can really do something here.’

Are there fewer older seniors online because they are less likely to have used the Internet before retirement?

Yes. And that helps to explain why companies that are trying to make money on this segment of the population, often decide it’s just not worth it. It would just cost way too much to convince older customers they should be online and given their age, you know, they might not be customers for that long. So the return on investment just gets weaker and weaker.

On the other side of the coin, what’s causing the overall increase in seniors online?

Well, the other end of the spectrum is people who are entering the group of so-called younger older people or the older baby boomers. Many of them learned this Internet stuff on the job before they retired so they don’t need to get over the digital divide. But there’s also a class difference. If baby boomers aren’t online, it’s because they weren’t in an occupation where being online was important.

Clearly there’s also been a positive effect from older people, particularly those with more income and education, deciding for themselves that ‘maybe there’s something in this for me, my kids are online, my grandkids are online and so if I want to stay in touch with them I’d better get with the program.’

Finally, there’s also the iPad. For a lot of older people, this is a much more user friendly interface where they can much more quickly get to what really interests them and what’s really useful about being online as opposed to the long slog of learning how to use the mouse and the operating system and all that.

Can the government save money in the long run by getting more seniors online?

I think in theory you can, but it’s like the line from Moonstruck where the plumber says you’ve got to spend money to save money.

So what should the government be doing?

That’s a big policy question. Maybe we should try to expand the Lifeline Program, [a Federal Communications Commission initiative to provide low-cost Internet and mobile phone service to poor Americans].

There’s also Connect to Compete, [a partnership between non-profits and telecoms that offers low-cost broadband to poor Americans]. Those providers mostly use the free or reduced school lunch program to verify eligibility, so that’s clearly having no effect on older households, except for older people raising their grandchildren. We’ve proposed that maybe you could use SNAP [the Agriculture Department’s Supplemental Nutrition Assistance Program, commonly known as food stamps] as another way to determine eligibility so households headed by older people with no school-aged kids would be included.

That might address affordability, but if you’re really going to make a dent in the 24 million older adults who aren’t online that’s necessary but not sufficient. You’ve got to deal with the need for instruction designed for older learners. What we’ve found in our experience is if we can mobilize older people to serve as coaches for their peers, that can address the irrelevance problem and a little bit of the skills training.

That’s one reason public libraries are very important, but in too many places funding for public libraries is getting dire. So you come to the conclusion that neither market forces nor the public has the resources to break through that barrier.

Maybe you look at this and say it’s just too overwhelming but I say let’s try.

As I reported Monday, the crew of the USS Guardian minesweeper ran aground on a reef in the Philippines because they relied on an erroneous digital chart and a sole source of navigation – GPS.

If they had used their eyeballs – far more advanced than any gadget – they would have heeded the flashing five-second beam from a lighthouse on the reef and avoided the collision.

This is just another example of turning over the most basic functions handled extraordinarily well by the human brain to technology – with over-reliance on GPS and the digital maps that go along with it topping the list.

Last month Katie Barnett returned to her McArthur, Ohio, home to find her house emptied of all her wordly goods because a repossession team dispatched by a bank emptied her place, instead of the house across the street, due to a really bum GPS steer.

Bad GPS system maps resulted in more than 1,000 trucks colliding with bridges in New York State between 2005 and 2011, and this June a hapless driver blindly followed GPS maps into the path of an oncoming train in Belmont, Mass.

All of the above could have been avoided by reliance on the Mark I eyeball.

View Source

The single-click Google account login for Android apps is a little too convenient for hackers, according to Tripwire’s Craig Young, who has demonstrated a flaw in the authentication method.

The mechanism is called “weblogin”, and basically it allows users to use their Google account credentials as authentication for third-party apps, without sharing the username and password itself: a token is generated to represent the user’s login details.

Young claimed the unique token used by Google’s weblogin system can be harvested by a rogue app and then used to access all of the advertising’s giants services as that user.

To demonstrate the flaw at this month’s Def Con 21 hacking conference in Las Vegas, Young created an Android app that asks for access to the user’s Google account to display stocks from Google Finance.

Assuming the user grants permission the app, it issues a token to access the requested data. The rogue app sends that token back to the hacker, who can paste it into a web session to access all of the user’s Google services, said Young.

That includes unrestricted access to Gmail, Google Drive, Google Calendar and so forth, even though the permission was only given for an Android app to access Google Finance, we’re told.

Users do have to give multiple permissions to the app first: to access local accounts; to access the network; and to kick off a web session accessing finance.google.com – the last bit being when the web-usable token is issued. But if the user is expecting integration with Google Finance, then none of that would surprise them.

Handing over the keys to their Google Drive files would, however.

Once the miscreant has a valid token then they could see their mark’s search history, among other things. Young points out that should our victim happen to be a Google Administrator then the attacker could take control of the administered accounts, changing passwords, modifying privileges, etc.

But they’ll have to move fast – Google’s automated scanning may not have noticed the app’s behaviour (his rogue app was only removed from the Google Play app store following a complaint despite being clearly marked as a security test) but since being informed about the vuln in February the Chocolate Factory has been working to close the security hole. (The the PC World blog has more details on the bloke’s research.)

The flaw is typical of what happens when simplicity overtakes security in developers’ order of priorities. It’s unlikely that anyone but the most-dedicated spear-phisher would take advantage of a flaw like this, but its exposure reminds us to be aware of the permissions we grant – and keeps Google et al fixing flaws which shouldn’t exist in the first place.

View Source

SAN BERNARDINO — Officers from a specialized Inland Empire gang taskforce swarmed through the streets Friday night in an attempt to curb gang activity that has plagued the city for months, police officials said.

More than 60 people were taken into custody during the 10-hour sweep. Several weapons and an unknown amount of drugs were seized, police said.

“This is one of many tools we have to take our city back from those that want to control it by using fear and violence,” said an undercover officer of the SMASH (San Bernardino movement against street hoodlums) taskforce. “These gang members need to know we aren’t going away, and we’ll use everything we have to keep residents safe.”

Some residents were not happy with police coming into their apartment complexes and they made that point clear to officers.

“SMASH is going to get smashed one of these days,” said James Jones. a friend of a resident who lives in the Evergreen Apartments at 1555 Pumalo Street.

Another woman, who asked to be kept anonymous in fear of retaliation from her neighbors, said she was glad police came through.

“It makes me feel safer when they are here,”

she said. “If I could afford to move I would.”

The taskforce included officers from Rialto, Fontana, Barstow, Upland, San Bernardino City Unified School District, Redlands, District Attorney investigators and San Bernardino County Sheriff’s deputies.

View Source

The Obama administration Saturday halted a planned ban on the import and sale of older iPhones and Apple tablets that was ordered by the U.S. International Trade Commission.

The order would have banned the sale of AT&T versions of the iPhone 4, iPhone 3GS, iPad 3G and iPad 2 3G starting Monday for infringing on a patent held by Apple rival Samsung.

In a letter, U.S. Trade Representative Michael Froman said that his decision to lift the ban was based on a review of “various policy considerations” related to whether companies can sue competitors for infringing on patents covering technology that has been deemed standard and essential for the industry.

Such patents are supposed to be licensed to competitors at fair and reasonable rates. In January, the Justice Department and the U.S. Patent and Trademark Office issued a policy statement saying that courts evaluating whether companies can ask for bans due to infringement on those types of patents should be held to very specific criteria to ensure that the technology they cover is readily available to the full industry.
Froman said that he had to evaluate whether the ruling mandating a ban on the older phones was counter to the public interest, as well as how an import and sales ban might affect competition in the United States.

He also made clear that while he disapproved the ITC decision, Samsung may still be entitled to damages in the future.

“[The] patent owner may continue to pursue its rights though the courts,” Froman said in his letter.

Apple spokeswoman Kristin Huguet said Apple applauds the administration for its decision, adding that Samsung was “wrong to abuse the patent system in this way.” In a company statement, Samsung said it was “disappointed” in the decision, and said Apple had not been willing to negotiate fair terms on the patent.

“The ITC decision correctly recognized that Samsung has been negotiating in good faith and that Apple remains unwilling to take a license,” the statement said.

The ITC case was just one of dozens of legal blows traded between the rival firms in courts around the globe. Last summer, a California jury ruled that Samsung had infringed on Apple’s patents and awarded Apple more than $1 billion in damages. Those damages were later reduced. by U.S. District Court Judge Lucy Koh.

A separate ITC decision determining whether Samsung products infringed on Apple’s patents was delayed Friday. That decision will be handed down Aug. 9.

View Source

(CNN) — A global travel alert issued Friday by the State Department warned al Qaeda may launch attacks in the Middle East, North Africa and beyond in coming weeks, a threat that prompted Sunday’s closure of 21 embassies and consulates.

The U.S. government’s actions are in response to growing intelligence that shows a potential for attacks in Yemen and elsewhere in the Middle East as well as North Africa, said U.S. officials who spoke to CNN on condition of not being identified.

“The threat appears to be much worse than it has (been) in a long time,” said a senior national security official in Yemen, where the government is “on high alert against possible attacks in the days to come.”

Various Western targets — not just those tied to the United States — are under threat, according to two U.S. officials.

According to three sources, the United States has information that al Qaeda in the Arabian Peninsula members are in the final stages of planning for an unspecified attack.

One of the sources said that such preparations appeared to have increased in recent days with the approaching end of the Muslim holy month of Ramadan.

In particular, Sunday is Laylet al-Qadr, or the Night of Power, which is one of the holiest moments on the Muslim calendar.

Said one U.S. official: “It all leads us to believe something could happen in the near future.”

Based on intelligence, U.S. officials said, there was particular concern about the U.S. Embassy in Yemen between Saturday and Tuesday. President Barack Obama — who, amid regular updates on the situation, has directed officials to take all appropriate steps to protect Americans — praised Yemeni President Abdo Rabu Mansour Hadi for his country’s efforts following a meeting Thursday at the White House.

Still, it’s unclear whether the apparent plot targets that Arabian nation or one elsewhere — which is why the travel alert applies so broadly, and why embassies from Bangladesh to Libya are being closed. The expected time of an attack also isn’t known, with the U.S. travel alert noting the threat extends through the end of August.

“Terrorists may elect to use a variety of means and weapons and target both official and private interests,” the alert states. “U.S. citizens are reminded of the potential for terrorists to attack public transportation systems and other tourist infrastructure.”

New York Rep. Peter King, a member of the House Intelligence Committee, called the information “the most specific I’ve seen.”

While the principal attention is on the Arabian Peninsula, he stressed to CNN’s Wolf Blitzer that”we can’t rule anything out.”

“We are focused on the Middle East, but it’s a potential series of attacks that really could be almost anyplace,” said King.

21 embassies, consulates ordered closed

The State Department made public Friday a list of 21 embassies and consulates that will close Sunday, which is normally the start of the work week in the countries affected.

The 17 affected U.S. embassies are in Afghanistan, Algeria, Bahrain, Bangladesh, Djibouti, Egypt, Iraq, Jordan, Kuwait, Libya, Mauritania, Oman, Qatar,
Saudi Arabia, the United Arab Emirates, Sudan and Yemen. The U.S. embassy in Israel will be closed as normal Sunday.

Consulates in Iraq, Saudi Arabia and the United Arab Emirates are also being shut down for the day. Embassies and consulates in the region typically close their doors or operate with minimal staff on Fridays and Saturdays.

The shutdowns could extend beyond Sunday, a senior State Department official said.

Retired Gen. James Mattis — who until earlier this year was head of U.S. Central Command, responsible for a 20-country area that includes the Middle East — said the decision to close the embassies shows the reality of the threat and the wisdom of U.S. policymakers.

U.S. embassies have been targeted before in places such as Yemen, Turkey and Tanzania, he pointed out. Moreover, al Qaeda in the Arabian Peninsula is one of the terrorist network’s most active and most destructive branches.

“We have to remember that we’re up against an enemy who kills indiscriminately — whether it be women, children, diplomats — and our embassies … have been one of the targets,” Mattis told CNN on Friday. “They are showing some proactive discretion here, making certain that we don’t give the enemy an opportunity that we can deny them.”

Read More

Stealing Cash, it’s Even Better than Stealing Money…

There was a popular Aflac Insurance commercial series that ran several years ago featuring New York Yankee great Yogi Berra, known as much for his clever quips as his Hall of Fame baseball talents. In the spot Berra stated about the company, “they give you cash, which is just as good as money.” Turns out Yogi may have been onto something because in today’s cyber world, cash may be even better than money. Confused? Let me explain.

We are seeing some interesting trends amongst cybercriminals whereas they are developing simple but effective methods that allow them to use cyber tools and tactics to steal cash. Now you may ask, haven’t they been doing this all along? No, they have been stealing money and valuables, but not cash. Herein lays the difference and why these schemes can be so dangerous.

One of the few comforts that security teams for high-risk industries such as banking and financial services enjoy is that while they are under constant attack, they are also very good at remediation and forensic analysis so they are able to quickly trace the source of an attack and block it or recover assets. Unfortunately, those abilities and protections do not translate to a cash theft. Let’s use a simple analogy, if you are travelling and your credit card is lost or stolen, there are built in protections for you. You can cancel the card, the credit card company will launch an investigation and in most cases, you will not be held responsible for any of the charges that took place once the card was compromised. However, if you are travelling with a couple of thousand dollars in cash that is lost or stolen, you are simply out of luck and the chances of ever recovering the money are nearly non-existent.

A perfect example of this type of scheme was back in early May when a global network used sheer manpower to steal more than $45 million from cash machines around the globe. In announcing the case, Brooklyn U.S. Attorney Loretta Lynch, described the theft as “a massive 21st-century bank heist.” From what we are seeing in the security community, this is not a onetime incident, but a dangerous trend. A trend that puts even greater emphasis on the ability to predict which assets are most at risk within your organization and tightening security around them.

Rose Romero, a former federal prosecutor and regional director for the U.S. Securities and Exchange Commission, would seem to agree with this assessment. After these attacks were uncovered she stated that “unfortunately these types of cybercrimes involving ATMs, where you’ve got a flash mob going out across the globe, are becoming more and more common. I expect there will be many more of these types of crimes.”

Here’s a quick look at how, by using cyber tactics, hackers were able to turn a routine breach into a massive physical crime worth millions of dollars. By breaching bank databases, they were able to manipulate the accounts and eliminate withdrawal limits on pre-paid debit cards. This also created access codes that enabled them to load the critical data onto any plastic card with a magnetic stripe. Whether it was a real credit card or not did not matter as long as it carried the account data and correct access codes. A coordinated and highly effective scheme, as the dollar amounts indicate.

My colleague, Ken Pickering, is an expert on these matters and was a resource from media outlets ranging from the Associated Press to the BBC after the story first broke. I think Ken said it best in his interview with the AP, “Once you see a large attack like this where they made off with close to $45 million that’s going to wake up the cybercrime community. Ripping off cash, you don’t get that back. There are suitcases full of cash floating around now, and that’s just gone.”

While the ATM example stated above represents an attack of a very sophisticated nature, we are also seeing a rise of the quick and simple attacks designed to get away with cash in $50 – $100 increments as well. Another colleague, Matt Bergin, was recently featured in the New York Times after discovering he could hack a cash register remotely, popping it open, by sending two digits from his smartphone to the service running on the cash register’s point-of-sale system.

According to Matt, they were able to reverse-engineer Xpient’s point-of-sale system, expecting that to interact with it he would have to crack a password or break through a layer of encryption. To their surprise, they encountered neither. By simply sending a two-digit code from his phone to the point-of-sale system, they discovered that they could pop open the cash register remotely. Think about that for a moment. While it may not seem like the crime of the century, the ability to simply key in a couple of digits on a phone and be off with a handful of cash before anyone was the wiser could be very lucrative. The simplicity of this attack would also appear to transfer well to other low-tech locking systems such as internal access doors.

They always say in the investment world that cash is king. We are now seeing that in terms of cyber as well. While the numbers may be smaller, the chances of getting caught are also greatly reduced and this may encourage would-be hackers to be a bit bolder. Stealing cash, it’s even better than stealing money.

View Source