Louisiana Firm Sues Capital One After Losing Thousands in Online Bank Fraud
Brian Krebs writes on Security Fix:
An electronics testing firm in Louisiana is suing its bank, Capital One, alleging that the financial institution was negligent when it failed to stop hackers from transferring nearly $100,000 out of its account earlier this year.
In August, Security Fix wrote about the plight of Baton Rouge-based JM Test Systems, an electronics testing firm that in February lost more than $97,000 from two separate unauthorized bank transfers a week apart.
According to JM Test, Capital One has denied any responsibility for the losses. On Friday, JM Test filed suit in a Louisiana district court, alleging breach of contract and negligence by the bank. The firm says it is still out a total of $89,000, and that it has spent roughly $70,000 investigating and responding to the breaches.
"Capital One was not willing to make good on our losses or attempt any type of settlement," said Happy McKnight, JM Test's controller. "The banks are clearly taking a 'Hey, don't look at me!' stance. It is so sad to wonder how many business failures this type of fraud has caused."
Capital One declined to comment for this story.
More
here.
New Study Calls for Cyber Security Overhaul in U.S.
Grant Gross writes on ComputerWorld:
The U.S. government and private businesses need to overhaul the way they look at cybersecurity, with the government offering businesses new incentives to fix security problems, the Internet Security Alliance said.
The alliance, in a report released Thursday, also called for permanent international cybersecurity collaboration centers, new security standards for VoIP (voice over Internet Protocol) communications and programs to educate corporate leaders about the benefits of enhanced cybersecurity efforts.
Lots of groups have called for better information security education for students, but education for enterprise leaders is often overlooked, said Joe Buonomo, president and CEO of Direct Computer Resources, a data security products vendor.
"At some point, almost every public official who addresses this subject stresses the need to train our kindergarten to 12th-graders on this topic," he said. "In many instances, these officials also note the need to upgrade cyber expertise in the federal workforce. Something else is necessary."
More
here.
Classic xkcd: Spinal Tap Amps
Click for larger image.
We love
xkcd.
- ferg
D.C. Businessman Loses Thousands After Clicking on Wrong e-Mail
Brian Krebs writes on Security Fix:
Pay-per-click revenue in the online advertising business may be diminishing for traditional media publishers, but thieves increasingly are earning five- to seven-digit returns when victims click on a booby-trapped link or attachment sent via e-mail.
The latest victim to learn this was Nigel Parkinson, president of D.C.-based Parkinson Construction, a firm with an estimated $20 million in annual revenue that has worked on some of Washington's top gathering places, including the new D.C. Convention Center and the Nationals baseball stadium.
Parkinson said he had an expensive crash course in computer security, when on Nov. 24, he clicked a link in an e-mail purporting to be from the Social Security Administration warning him about potential errors on his Social Security statement. Parkinson fell for the ruse and ended up downloading a copy of the Zeus Trojan, a prolific family of malicious software that criminal gangs have used to great effect to steal tens of millions of dollars from victimized businesses so far this year.
Zeus is primarily a password-stealing Trojan, and in short order the thieves had stolen the credentials Parkinson uses to administer his construction firm's bank account online.
From there, the hackers sent $92,000 of Parkinson's cash to nine different money mules, accomplices hired through work-at-home job schemes who are instructed to withdraw the money and wire it overseas (typically minus an eight percent commission).
More
here.
Yahoo, Verizon: Our Spy Capabilities Would ‘Shock’, ‘Confuse’ Consumers
Kim Zetter writes on Threat Level:
Want to know how much phone companies and internet service providers charge to funnel your private communications or records to U.S. law enforcement and spy agencies?
That’s the question muckraker and Indiana University graduate student Christopher Soghoian asked all agencies within the Department of Justice, under a Freedom of Information Act (FOIA) request filed a few months ago. But before the agencies could provide the data, Verizon and Yahoo intervened and filed an objection on grounds that, among other things, they would be ridiculed and publicly shamed were their surveillance price sheets made public.
Yahoo writes in its 12-page objection letter, that if its pricing information were disclosed to Soghoian, he would use it “to ’shame’ Yahoo! and other companies — and to ’shock’ their customers.”
“Therefore, release of Yahoo!’s information is reasonably likely to lead to impairment of its reputation for protection of user privacy and security, which is a competitive disadvantage for technology companies,” the company writes.
Verizon took a different stance. It objected to the release of its Law Enforcement Legal Compliance Guide because it might “confuse” customers and lead them to think that records and surveillance capabilities available only to law enforcement would be available to them as well — resulting in a flood of customer calls to the company asking for trap and trace orders.
More
here.
8 Million Reasons for Real Surveillance Oversight
Chris Soghoian writes on Slight Paranoia:
Sprint Nextel provided law enforcement agencies with its customers' (GPS) location information over 8 million times between September 2008 and October 2009. This massive disclosure of sensitive customer information was made possible due to the roll-out by Sprint of a new, special web portal for law enforcement officers.
The evidence documenting this surveillance program comes in the form of an audio recording of Sprint's Manager of Electronic Surveillance, who described it during a panel discussion at a wiretapping and interception industry conference, held in Washington DC in October of 2009.
It is unclear if Federal law enforcement agencies' extensive collection of geolocation data should have been disclosed to Congress pursuant to a 1999 law that requires the publication of certain surveillance statistics -- since the Department of Justice simply ignores the law, and has not provided the legally mandated reports to Congress since 2004.
Much more
here.
