Tag: banking

Bangladesh security expert kidnapped

Tanvir-Hassan-Zoha-Bangladesh-1-660x330A security researcher has been kidnapped after accusing Bangladesh’s central bank officials of negligence, which facilitated the theft of over $81 million from the country’s oversea accounts.

Tanvir Hassan Zoha, 34, had been investigating how on February 5, 2016, hackers accessed the accounts of Bangladesh’s central bank at the US Federal Reserve Bank in New York and tried to steal $1 billion dollars. Their attempt to transfer the money was thwarted by a simple typo, but not before managing to take $81 million.

Security researchers, including Zoha, blamed malware and a faulty printer but at the same time said that the Bangladesh central bank officials were also to blame because of weak security procedures. The bank’s governor and two deputy governors had to quit their jobs.

Then Zoha met with a friend at 11:30 PM on Wednesday night, March 16. While coming home, a jeep pulled in front of their auto-rickshaw, and the men were put into two different cars.

Zoha’s friend was dumped somewhere in Dhaka but he never made it home. When his family tried to report the kidnapping they were ignored by the local coppers and went straight to the media.

IBM sets up block chain operation

suitsBig Blue has announced it will lead the development of a new blockchain financial transaction infrastructure called Open Ledger.

This is designed for major banking and financial institutions including Wells Fargo, JP Morgan and the London Stock Exchange

The project will create a more flexible exchange ledger of exchange and will share some concepts to the blockchain that underpins Bitcoin and other cryptocurrency systems. The new system will be ‘semi-private’ with an open source approach to development.

Open Ledger will be overseen by the non-profit Linux Foundation. IBM has been researching blockchain technology for the past year together with Digital Asset Holdings. The pair are to be joined by Microsoft, VMware, Fujitsu, Mitsubishi UFJ Financial Group and financial application-builder SWIFT.

Marley Gray, Director of Technology Strategy US Financial Services at Microsoft Azure, also told Fortune that the new system could provide additional security and operate as a major impediment to stock market gaming. It might also kill off the need for ‘expensive middlemen’, or the need to put trust into particular individuals and organisations.


Retail banks “will be dead in 15 years”

An analyst at the White Bull conference here in Barcelona said that in his view, retail banks will disappear over the next 15 years.

The reason for that is that quite a few of the top 100 multinationals have financial services arms where they can make value add on transactions.

Ralph Silva, of SRN, gave an example where he was going to buy a BMW car and before he knew where he was, BMW was selling him home insurance, car insurance and even pet insurance too.

BMW’s financial services arm knew the name of his dog, Jazz because he had visited the car showroom earlier with the mutt, and a salesman asked the name of his pet. That eliminated the need for him to go anywhere near a bank. Dozens of other companies are also plotting similar plans.

Silva also predicted that an IBM funded research programme was making headway with a CPU based not on CMOS, but on elements of DNA.  There are working chips already in the IBM labs, he said.

He also said that in future, every child will be fitted with two embedded chips which will contain healthcare information and other ID. The identity of the individual will be verified by a person putting her or his hand – with one chip in it, to his or her arm, with another chip fitted there.

Other future innovations include a single cable sending multiple signals, eliminating the need for miles and miles of cables in aircraft.

Microsoft reveals how it took down Zeus cybercrime operation

Microsoft and the banking industry have been telling the world and its dog how they disrupted a cybercrime operation that used malicious software to allegedly steal $100 million over the last five years.

According to Business Week Microsoft’s digital crimes unit’s Richard Boscovich said the aim was to knock out the Zeus botnet The computers were under the remote control of a criminal group that stole personal information, financial credentials and money, according to court records.

While Microsoft has not been able to shut down the Zeus network it will be more difficult and expensive for the criminals to operate, he claimed.

Boscovich added that this was stage one of a cunning plan to target the Zeus network until it is cast out of Olympus.

Microsoft obtained a warrant authorising a raid in late March against computer servers at hosting centers in Illinois and Pennsylvania.

The software company joined the Electronic Payments Association and the Financial Services Information Sharing and Analysis Center, who all claimed the Zeus network had infected 13 million computers since 2007.

Boscovich said that Microsoft has found that the people behind the Zeus botnets are located in Eastern Europe. However at the moment the case against them is ongoing and he would not say more.

He said that Microsoft and the bankers had come up with some interesting uses of US law to shut down Zeus. This included the 1946 Lanham Act that covers trademark infringement and the Racketeer Influenced and Corrupt Organisations Act, a statute that has been used to prosecute members of the mafia and the Hells Angels motorcycle gang.

A federal judge in New York granted the request for what Boscovich and others described as a “takedown” of the network’s command and control servers.

About three and a half million infected computers are now being directed to Microsoft instead of the Zeus command and control servers, Boscovich said. 

Banks may not have to pay for phished users

If you are dumb enough to fall for a phishing scam, you have only yourself to blame and your bank does not have to bail you out, a top German court has decided.

The German Federal Court of Justice in the southwestern city of Karlsruhe has ruled that clients, and not banks, are responsible for money lost in online phishing scams.

A German retiree lost $6,608 in a bank transfer fraudulently sent to Greece as part of a phishing scam.

According to the The Local, the man gave phishers 10 transaction numbers, also known as TAN codes, which are commonly used in German banks, on a site which looked like his bank’s site, Sparda Bank.

The court ruled the bank had specifically provided warnings to its customers against this practice, so the man was responsible.

The customer argued that the bank had a duty to protect its customers from the abuse of these codes. So far, however, the courts have not agreed.

Sparda Bank had warned that it was “widely known” that being asked to input multiple TAN codes was a sure fire sign of phishing.

It is not clear at this point how influential this ruling will be in the rest of the EU. Certainly we expect the court’s arguments will be touted in similar cases thoughout the region. 

Lack of transparency scares enterprise off Google mail

Gartner believes big businesses might as well use Gmail instead of Microsoft Exchange Online in the enterprise.

What it boils down to is who you trust more. Both have had their fair share of cock-ups, but of course, Microsoft has had more time to cock-up. 

Gartner says Gmail’s enterprise market share is just at one percent, but it owns roughly half of the enterprise email in the cloud. Considering the industry’s excitement about the thrilling migration to cloud computing, making inroads like that is important.

In a statement, the analyst house says classic stalwarts like Novell and IBM with its Lotus Notes  have “lost market momentum”, while Cisco shut its effort down. 

There are certain sectors where email is very sensitive that Google will not win over in the near future. That includes places like banks which really could do with stronger security and surveillance, not less of it, as Kweku Adoboli has proved. Gartner reckons Google isn’t willing to introduce that any time soon.

More importantly, larger organisations, says Gartner, complain that Google isn’t transparent about what it does with your data. And that is a big problem. 

Citigroup admits colossal bank hack

Mammoth US bank Citigroup has put its hands up and admitted to an enormous hack that has compromised hundreds of thousands of customer bank details.

Spinsters at the organisation carefully said only one percent of its card customers may have had their details compromised, but with roughly 21 million customers in the US alone,  that’s a lot of people.

The FT, which got the scoop, says Citigroup’s report that only credit card accounts were broken into may be inaccurate – with some of the paper’s sources confirming that debit card details had been breached. Customers weren’t aware until they tried using their cards over the weekend, which were declined.

Exposed details include names, account numbers and e-mail addresses, but Citigroup claims date of birth, security codes and social security numbers are not at risk. 

Citigroup seems to be drip feeding as little information as it can get away with. It says it’s working with the law to get to the bottom of the case and that it has bolstered its fraud systems. It will be too little too late for a minimum 210,000 customers. 

The attack follows other high profile, calculated strikes. Lockheed Martin fell victim to a cyber offensive, though Homeland Security said the damage was minimal but the event was significant. Fingers were pointed toward the east.

Damage may not be minimal to RSA, which saw its stolen tokens used to access Lockheed Martin. It is likely to find itself short of kudos as its impenetrable security systems begin to appear rather more penetrable. 

Public cloud revenue to rise 21.6 percent by 2014

Cloud computing revenue in the US public sector is expected to grow by 21.6 percent over the next few years, according to the latest survey by International Data Corporation (IDC).

The report, entitled U.S. Public IT Cloud Services by Industry Sector: More Details on the Opportunity, shows that from 2009 to 2014 public cloud revenue in the US will grow significantly from $11.1 billion to $29.5 billion.

The main areas that will employ cloud computing are professional services, communications and media, and discrete and process manufacturing markets. Professional services will be the primary driver of growth, due to a large volume of small to medium size businesses that require software-as-a-service.

The report found that the services and distribution sector makes the most revenue for cloud computing and that it is expected to more than double from its current intake of $3 billion to $8.5 billion in 2014.

Currently applications make up a large portion of revenue in this area, amounting to half of cloud revenue in 2009. As the sector grows, however, it will become less dependant on this and its market share will drop to one third. At the same time, infrastructure software is expected to increase to provide 22 percent of revenue.

Some public sector areas will be restricted in how they can apply cloud services, due to additional regulations, privacy concerns and security fears. These mainly include government, banking and healthcare sectors, all of which will also have a severely curtailed budget due to cutbacks.

Despite this, the potential for healthcare is huge and IDC forecasts a compound annual growth rate of nearly 23 percent by 2014, which will see a healthy increase on its currently small five percent market share. Collaboration applications will be the primary area where cloud computing will be employed in healthcare.

While these figures apply to the public cloud sector, it’s highly likely that the private cloud arena will see similar high growth over the next few years. A previous IDC report last year suggested that private cloud revenue would jump from $7.3 billion in 2009 to $11.8 billion in 2014, which is a slightly lower rate of growth than the public cloud, albeit still significant.

New Zeus bot nicking more bank details than ever before

Insecurity experts at Trusteer have warned that the Zeus botnet which has been crafted to nick online banking details is back and kicking.

Trusteer says the Trojan virus is in one of every 3,000 of the 5.5 million computers it monitors in the US and UK.

The latest version, Zeus 1.6,  can infect people using Firefox and Internet Exploder web browsers. It steals login information by recording keystrokes when the infected user is on a list of target websites. The data is then sent to a remote server to be used and sold on by cyber-criminals.

Anti-virus outfits had been good at shutting down the Zeus servers. In March 2010, many parts of the command and control system for the Zeus botnet were destroyed when the Kazakhstani ISP that was being used to administer it was cut off.

But to mix the mythological metaphors, Zeus is pretty much a Hydra and killing it is a Herculean task.

Amit Klein, chief technology officer at Trusteer expects the new version of Zeus to significantly increase fraud losses, since nearly a third of internet users bank online with Firefox and the infection is growing faster than seen before.