World grapples with rise in cyber crime

• 

  May 9, 2013: In this undated photo provided by the United States Attorneys Office for the Southern District of New York, Elvis Rafael Rodriguez, left, and Emir Yasser Yeje, pose with bundles of cash allegedly stolen using bogus magnetic swipe cards at cash machines throughout New York.AP

LONDON –  International law enforcement agencies say the recent $45 million dollar ATM heist is just one of many scams they're fighting in an unprecedented wave of sophisticated cyberattacks.

Old-school robberies by masked criminals are being eclipsed by stealth multimillion dollar cybercrime operations which are catching companies and investigators by surprise.

"We are seeing an unprecedented number of cyberscams that include phishing for financial data, viruses, credit card fraud and others," Marcin Skowronek, an investigator at Europol's European Cybercrime Center in The Hague said on Saturday.

"In Europe, we are generally quite well protected against some types of fraud because of the chip and pin technology we use, but there are still shops and machines around the world who still take cards without chips. And the most popular destinations for this type of fraud are the United States and the Dominican Republic."

U.S. Investigators said Thursday a gang hit cash machines in 27 countries in two attacks -- the first netting $5 million in December and then $40 million in February in a 10-hour spree that involved about 36,000 transactions.

Hackers got into bank databases, eliminated withdrawal limits on prepaid debit cards and created access codes. Others loaded that data onto any plastic card -- even a hotel keycard -- with a magnetic stripe

A similar scam yielded some 50 arrests this year in Europe during a joint police operation between Romanian police and Europol, Skowronek said.

The operation took more than a year, involved some 400 police officers across Europe and required work comparing bank losses to illegal transactions and then cross-referencing suspects, said Skowronek, who said many national police forces were beefing up their undercover work in the cyberworld to catch criminals.

Investigators found illegal workshops for producing devices and software to manipulate point-of-sale terminals. Illegal electronic equipment, financial data, cloned cards and cash were seized in raids in Britain and Romania.

The group stole credit and debit card numbers and PIN codes by implanting card reading devices and malicious software on point-of-sale terminals. The criminals then used counterfeit payment cards with stolen data for further illegal transactions in countries that included Argentina, Colombia, the Dominican Republic, Japan, Mexico, South Korea, Sri Lanka, Thailand and the United States.

Some 36,000 debit card and credit card holders in some 16 countries were affected, Skowronek said. The amount stolen was unclear.

Bank fraud, ATM scams and phishing are common in Romania, one of the most corrupt countries in the European Union, according to Transparency International which monitors and measures graft.

 Under the late communist dictator Nicolae Ceausescu, who was ousted and executed in 1989, Romanians specialized in mathematics and computer coding and criminal gangs have tapped into those skills. The tradition has continued and Romanian school students are more advanced in mathematics than many of their European counterparts.

Nadine Spanu, a spokeswoman for Romania's anti-crime prosecutors, said Saturday she had no statement to offer on the $45 million heist or a possible Romania connection.

Skimming works when criminals place devices on ATMs that copy consumers' card details and leave them vulnerable to fraud.  There have been similar cases in the United States and Britain.

The EU is the world's largest market for payment card transactions and it is estimated that organized crime groups derive more than 1.5 billion euros ($1.9 billion) a year from payment card fraud in the EU.

 Mike Urban, director of financial crime solutions at Fiserv, a Brookfield-Wisconsin-based company that provides financial technology to banks, credit unions and corporations across the world, says banks have not caught up with the threat of electronic crime.

"Compare this to a physical bank security. If someone walks in today, they're probably not going to get very much money, the dye pack is going to explode, they will be caught on video, they're probably not going to get away with it, and they're probably going to spend a long time in jail," said Urban. "Online, in the cyberworld, we're not there yet."

One security loophole thieves have learned to exploit is the lack of real-time transactions in ATM-speak.

Known as the "Gone in 60 Seconds" scam, thieves deposit money and then make coordinated cash-advance withdrawals in various places -- but all in less than 60 seconds so the machines essentially regard all of the withdrawals as one transaction.

 In October, some 14 people were charged following an FBI-led investigation into the theft of more than $1 million from Citibank using the 60-second scam. The simultaneous transactions at casinos in California and Nevada tricked the system into thinking that they were one transaction. Even on some joint accounts where both partners have cards for the same account, users can often bypass withdrawal limits if the transactions are done at the same time.

"This type of attack might be preventable if ATM networks were able to monitor transactions in real time for unusually large numbers of transactions involving individual cards or cards from the same issuing institution. Unfortunately, that type of infrastructure doesn't exist today, but perhaps it's time to consider creating and implementing it now, especially after this latest attack," said Tom Cross, director of security research at the Lancope, a company specializing in flow analysis for security and network performance based in Alpharetta, Georgia.

Police Maj. Gen. Pisit Paoin, chief of Thailand's Technology Crime Suppression Division, said in a telephone interview Saturday that Thai police have arrested more than 20 suspects involved in the $45 million cyber heist including those from Bulgaria, Bangladesh and eastern Europe.

He said that in the latest arrest in early April, a group of Bangladeshi and Malaysian suspects were using about 50 cards to withdraw cash from machines in Bangkok for a month and took out about 10 million baht ($336,000).

View the original article here

Hagel cancels creation of new drone, cyber medal following widespread criticism

• 

  FILE: Undated: This image released by the Department of Defense shows the obverse view with ribbon of the newly announced Distinguished Warefare Medal.AP

Defense Secretary Chuck Hagel on Monday cancelled the production of a new military medal for service members involved in drone attacks and cyber warfare -- following widespread criticism that the award would rank higher than the Bronze Star and Purple Heart.

Hagel instead wants military leaders to develop a special pin or object that would be attached to already existing medals or ribbons.

The Distinguished Warfare Medal was created by Hagel's predecessor, Leon Panetta, and it immediately triggered complaints from veterans and lawmakers.

Hagel last month ordered the military to stop production of the medal, and top defense and military leaders began a new review.

“While the review confirmed the need to ensure such recognition, it found that misconceptions regarding the precedence of the award were distracting from its original purpose,” said Hagel, who was twice awarded the Purple Heart.

The leaders have instead recommended the creation of an alternative honor, similar to the "V" for valor that can be attached to the Bronze Star and other medals to reward an act of heroism.

Hagel asked Gen. Martin Dempsey, chairman of the Joint Chiefs of Staff, to report back to him in 30 days.

When Panetta announced the medal would be created in mid-February, defense officials said it would be considered a bit higher in ranking than the Bronze Star and the Purple Heart, but lower than the Silver Star.

Panetta said the new medal, for only a small number of service men and women, reflected battlefield contributions in a world of changing warfare. He said that remotely piloted aircraft and cyber systems have changed the way that wars are fought and can change the course of a conflict from afar.

But the Veterans of Foreign Wars and other groups sent a letter to President Obama in March, asking him to keep the medal ranked below the Purple Heart, which is awarded for combat injuries. Critics said the ranking was an injustice to those troops who risked their lives in battle.

“The right decision was made,” the VFW said Monday. “This decision will clearly keep medals that can only be earned in combat in their high order of precedence, while providing proper recognition to all who support our war-fighters regardless of their distance from the fight.”

The American Legion's national commander, James E. Koutz, said Hagel's decision keeps the evolving roles of military combat in proper perspective.

"Cyber and drone warfare have become part of the equation for 21st-century combat, and those who fight such battles with distinction certainly deserve to be recognized," Koutz said in a statement. "But the American Legion still believes there's a fundamental difference between those who fight remotely, or via computer, and those fighting against an enemy who is trying to kill them."

As originally conceived, the blue, red and white-ribboned medal was to be awarded to individuals for "extraordinary achievement" related to a military operation that occurred after Sept. 11, 2001. But it does not require the recipient to risk his or her life to get it.

Over the last decade of war, remotely piloted Predator and Reaper drones have become a critical weapon to gather intelligence and conduct air strikes against terrorists or insurgents around the world. They have been used extensively on the battlefields in Iraq and Afghanistan, as well as in strikes in Pakistan, Yemen and northern Africa.

Over the same time, cyber attacks have become a growing national security threat, with Panetta and others warning that the next Pearl Harbor could well be a computer-based assault.

The Bronze Star is the fourth-highest combat decoration and rewards meritorious service in battle, while the Silver Star is the third-highest combat award given for bravery. The Purple Heart is ranked just below the Bronze Star.

Several other awards, including the Defense Distinguished Service Medal, are also ranked higher than the Silver Star, but are not awarded for combat.

In addition to veterans' concerns, there is a practical side to the rankings for currently serving troops. There are grades of medals -- commendation, merit, distinguished -- that affect promotions for those still in uniform. Each grade gives troops a certain number of points needed for promotions.

The Associated Press contributed to this report.

View the original article here

House committee votes in favor of pro-business cyber security bill

WASHINGTON –  A House panel voted overwhelmingly Wednesday in favor of a new data-sharing program that would give the federal government a broader role in helping banks, manufacturers and other businesses protect themselves against cyberattacks.

The bill, approved 18-2 by the House Intelligence Committee, would enable companies to disclose technical threat data to the government and competitors in real-time, lifting antitrust restrictions and giving legal immunity to companies if hacked, so long as they act in good faith. In turn, companies could get access to government information on cyberthreats that is often classified.

It's a defiant move by pro-business lawmakers who say concerns by privacy advocates and civil liberties groups are overblown. But even while the panel's approval paves the way for an easy floor vote next week, the legislation has yet to be embraced outside the Republican-controlled House. Last year, a similar measure never gained traction and eventually prompted a White House veto threat.

"We've struck the right balance," said Rep. Mike Rogers, R-Mich., the committee's chairman. "It's 100 percent voluntary. There are no big mandates in this bill, and industry says under these conditions they think they can share (information), and the government can give them information that might protect them."

The Cyber Intelligence Sharing and Protection Act, or CISPA, is widely backed by industry groups that say businesses are struggling to defend against aggressive and sophisticated attacks from hackers in China, Russia and Eastern Europe.

Privacy and civil liberties groups have long opposed the bill because they say it opens America's commercial records to the federal government without putting a civilian agency in charge, such as the Homeland Security Department or Commerce Department. That leaves open the possibility that the National Security Agency or another military or intelligence office would become involved, they said. While the new program would be intended to transmit only technical threat data, opponents said they worried that personal information could be passed along, too.

Democratic Reps. Adam Schiff of California and Jan Schakowsky of Illinois were the lone dissenters. At a press conference, they said they would push for amendments on the House floor next week that would specifically bar the military from taking a central role in data collection and instead put the Homeland Security Department in charge. They also want a requirement that industry scrub any data of personal information before giving it to the government -- a stipulation that Rogers and business groups say would be too onerous and deter industry participation.

Rogers, who co-sponsored the bill with Rep. Dutch Ruppersberger, D-Md., the panel's top Democrat, said they altered the bill to address other concerns by privacy groups raised last year. But a lawyer for the American Civil Liberties Union, Michelle Richardson, said the bill is still objectionable because it could allow the military to review data on private commercial networks.

"A couple of cosmetic changes is not enough to address the concerns of members" in the Senate, Richardson said.

Rogers says the political calculus has changed and that China's hacking campaign was too brazen for the White House to justify the status quo.

"There's a line around the Capitol building of companies willing to come in and tell us in a classified setting (that) `my whole intellectual property portfolio is gone,"' Rogers said. "I've never seen anything like this, where we aren't jazzed and our blood pressure isn't up."

In February, Obama signed an executive order that would help develop voluntary industry standards for protecting networks. But the White House and Congress agreed that legislation was still needed to address the legal liability companies face if they share threat information. Senate Majority Leader Harry Reid, D-Nev., promised at the time to advance a bipartisan proposal "as soon as possible," although one hasn't emerged.

Sen. Jay Rockefeller, D-W.Va., chairman of the Senate Commerce Committee, is expected to take the lead on a cybersecurity proposal that would likely address the issue of information sharing. A panel spokesman said Rockefeller plans to work with Sen. John Thune, R-S.D., to introduce a plan to committee members "in the near future."

View the original article here

North Korea training teams of 'cyber warriors,' experts say

• 

  March 21, 2013: South Korean computer researchers, left, check the computer servers of Korean Broadcasting System (KBS) as a South Korean police officer from Digital Forensic Investigation watches at the Cyber Terror Response Center at the National Police Agency in Seoul, South Korea.AP

SEOUL, South Korea –  Investigators have yet to pinpoint the culprit behind a synchronized cyberattack in South Korea last week. But in Seoul, the focus remains fixed on North Korea, where South Korean security experts say Pyongyang has been training a team of computer-savvy "cyber warriors" as cyberspace becomes a fertile battleground in the standoff between the two Koreas.

Malware shut down 32,000 computers and servers at three major South Korean TV networks and three banks last Wednesday, disrupting communications and banking businesses, officials said. The investigation into who planted the malware could take weeks or even months.

South Korean investigators have produced no proof yet that North Korea was behind the cyberattack, and on Friday said the malware was traced to a Seoul computer. But South Korea has pointed the finger at Pyongyang in six cyberattacks since 2009, even creating a cyber security command center in Seoul to protect the Internet-dependent country from hackers from the North.

It may seem unlikely that impoverished North Korea, with one of the most restrictive Internet policies in the world, would have the ability to threaten affluent South Korea, a country considered a global leader in telecommunications. The average yearly income in North Korea was just $1,190 per person in 2011 -- just a fraction of the average yearly income of $22,200 for South Koreans that same year, according to the Bank of Korea in Seoul.

But over the past several years, North Korea has poured money and resources into science and technology. In December, scientists succeeded in launching a satellite into space aboard a long-range rocket from its own soil. And in February, North Korea conducted an underground nuclear test, its third.

"IT" has become a buzzword in North Korea, which has developed its own operating system called Red Star. The regime also encouraged a passion for gadgets among its elite, introducing a Chinese-made tablet computer for the North Korean market. Teams of developers came up with software for everything from composing music to learning how to cook.

But South Korea and the U.S. believe North Korea also has thousands of hackers trained by the state to carry its warfare into cyberspace, and that their cyber offensive skills are as good as or better than their counterparts in China and South Korea.

"The newest addition to the North Korean asymmetric arsenal is a growing cyber warfare capability," James Thurman, commander of the U.S. forces in South Korea, told U.S. legislators in March 2012. "North Korea employs sophisticated computer hackers trained to launch cyber-infiltration and cyber-attacks" against South Korea and the U.S.

In 2010, Won Sei-hoon, then chief of South Korea's National Intelligence Service, put the number of professional hackers in North Korea's cyber warfare unit at 1,000.

North Korean students are recruited to the nation's top science schools to become "cyber warriors," said Kim Heung-kwang, who said he trained future hackers at a university in the industrial North Korean city of Hamhung for two decades before defecting in 2003. He said future hackers also are sent to study abroad in China and Russia.

In 2009, then-leader Kim Jong Il ordered Pyongyang's "cyber command" expanded to 3,000 hackers, he said, citing a North Korean government document that he said he obtained that year. The veracity of the document could not be independently confirmed.

Kim Heung-kwang, who has lived in Seoul since 2004, speculated that more have been recruited since then, and said some are based in China to infiltrate networks abroad.

What is clear is that "North Korea has a capacity to send malware to personal computers, servers or networks and to launch DDOS-type attacks," he said. "Their targets are the United States and South Korea."

Expanding its warfare into cyberspace by developing malicious computer codes is cheaper and faster for North Korean than building nuclear devices or other weapons of mass destructions. The online world allows for anonymity because it is easy to fabricate IP addresses and destroy the evidence leading back to the hackers, according to C. Matthew Curtin, founder of Interhack Corp.

Thurman said cyberattacks are "ideal" for North Korea because they can take place relatively anonymously. He said cyberattacks have been waged against military, governmental, educational and commercial institutions.

North Korean officials have not acknowledged allegations that computer experts are trained as hackers, and have refuted many of the cyberattack accusations. Pyongyang has not commented on the most recent widespread attack in South Korea.

In June 2012, a seven-month investigation into a hacking incident that disabled news production system at the South Korean newspaper JoongAng Ilbo led to North Korea's government telecommunications center, South Korean officials said.

In South Korea, the economy, commerce and every aspect of daily life is deeply dependent on the Internet, making it ripe grounds for a disruptive cyberattack.

In North Korea, in contrast, is just now getting online. Businesses are starting to use online banking services and debit cards have grown in popularity. But only a sliver of the population has access to the global Internet, meaning an Internet outage last week -- which Pyongyang blamed on hackers from Seoul and Washington -- had little bearing on most North Koreans.

"North Korea has nothing to lose in a cyber battle," said Kim Seeongjoo, a professor at Seoul-based Korea University's Department of Cyber Defense. "Even if North Korea turns out to be the attacker behind the broadcasters' hacking, there is no target for South Korean retaliation."

View the original article here