Software code stolen from the Fed |
A Chinese computer programmer hired as a contract employee by a third party technology consulting company is charged with stealing software code valued at nearly $10 million from the Federal Reserve Bank of New York. The software, the Government-wide Accounting and Reporting Program (GWA), is used to help track billions of dollars the United States government transfers daily. Following his arrest, Bo Zhang of Queens, New York admitted to illegally copying the code to an external hard drive and taking it home, reports Reuters. We have to wonder what kind of third party security measures were in place - or should have been in place - to prevent this type of insider breach.
Bank cyber heist nets millions
Bank robbers are a varied breed with differing MOs (modi operandi) and they target banks in every state or province in every country across the globe. Thieves in South Africa devised a cleverly executed plan to pull off their heist without being physically present at the bank. Over the New Year holiday in Johannesburg, a cyber gang accessed the South African Postbank's server system from a remote location and transferred more than $5.2 million from various accounts into accounts the crooks opened several months earlier. Get the details on how they pulled off their sophisticated cyber robbery at TechWorld. While it may have taken place far from our homeland here in the U.S., this story is a reminder that criminals are industrious and banks are always vulnerable to new and unsuspected attacks.
Father and son fraud team
Facing charges of conspiracy, mail fraud, wire fraud, computer fraud, aggravated identity theft and securities fraud, Vladimir Zdorovenin of Moscow has been extradited to the U.S. and could face up to 142 years in prison. From their home in Russia, Zdorovenin, 54, and his son Kirill (who remains at large) stole and used stolen credit card information, established fake websites and bank accounts, ran stock scams, and tapped into the financial accounts of U.S. victims. Sophos has the full story.
Zest for cash
Former Google CIO Douglas Merrill has raised $73 million in funding toward his quest to reform payday lending with his new venture, ZestCash. Consumers with poor credit often turn to payday lenders to take out small, short term loans that result in high fees when borrowers are unable to repay the loans immediately. ZestCash loans are processed solely online and allow borrowers to set the amount and the terms of the loan based on a manageable weekly payment. TechCrunch has more on this new service being marketed to millions of unbanked consumers.
Retailers have seen a notable increase in point-of-sale (POS) fraud losses in recent years. Approximately $40.7 billion in losses annually are attributed to disloyal or fraudulent employees, according to the Centre for Retail Research's Global Retail Theft Barometer. Over half of the retail businesses surveyed are still using the least secure method of password authentication. Fingerprint biometric authentication is being considered by many retailers as a viable solution to prevent fraud at POS systems, reports Help net Security.
Zapped by hackers
Hackers targeted Amazon-owned online shoe retailer Zappos and gained access to parts of its internal network and systems containing information on 24 million customers. Though company representatives said full credit card information was not compromised, the hackers who gained access through a Kentucky server stole billing and email addresses, the last four digits of credit cards, and scrambled passwords. Zappos has issued a warning to its customers to change their passwords, particularly on other sites where they may be using the same password, and to be on the alert for phishing emails and other signs of fraudulent activity. InformationWeek has the details.
Searching for fraud
The World Wide Web's first search engine was Archie (in no way associated with the comic book character), derived from the word "archive" without the v. Then came others like Yahoo, WebCrawler and Lycos. Now we search - or "Google" - using the most popular web-based search engine in the world. The criminal underground now has its own Google-style search engine that indexes and aggregates data about compromised cards and leads buyers to the best fraud shops for their needs. MegaSearch.cc doesn't store card numbers or card holder information. It works by indexing the first six digits of compromised account numbers, which are the bank identification numbers, and provides users links to fraud vendors who offer cards issued by the corresponding bank. Krebs on Security has the details.
Gift giving from the ATM
Shopping for that perfect gift for a friend, loved one or coworker can be a daunting task. Gift cards have grown in popularity and are now available for almost any retail store, restaurant, coffee shop, movie theatre and in some cases professional services. Nearly $460 billion was loaded onto prepaid cards in 2011. You can drive to the merchant of choice to purchase a gift card or grab one from the "card mall" at your local supermarket - and you might soon be able to pick up a gift card at your local ATM. Machine-dispensed prepaid cards are being piloted by Better ATM Services in select markets. ATM Marketplace has the details.
Playing with money
Watch out Angry Birds - there's a new game in town! Financial firms are turning to games to attract and hold onto a younger generation of consumers. A free rewards program is being offered by SaveUp that allows users to link their savings and debt-bearing accounts to earn credits by making deposits or paying down debt. The credits earned can be redeemed for chances to win iPads, airline tickets, cars, scholarships and the top prize, a $2-million annuity. SaveUp can securely connect with nearly every financial institution in the US that provides online banking services. Reuters has the details.
Updates, Patches and Alerts...
US-CERT: Current Activity
InfoWorld: Adobe plugs 6 critical holes in reader
Computerworld: Oracle to issue 78 patches, including 27 for MySQL
ZDNet: McAfee to plug spam hole this week
Techworld: PHP fixes hash collision DoS vulnerability in PHP 5.3.9