Posts Tagged ‘hacking’

ATM cyber heists hit Pakistan banks

December 11, 2017

This photo shows that HBL ATM software license is not genuine. (AN photo)

ISLAMABAD: An ATM scam affecting hundreds of debit card users in Pakistan has led to several arrests by the country’s Federal Investigation Agency (FIA), which apprehended another four suspects on Sunday.

.
FIA official Abdul Ghaffar Mirani told Arab News that investigators have unearthed a scam of about $105,000 and expected the number to rise after digital forensic experts searched confiscated equipment and cloned debit cards used by the scammers.
.
Mirani withheld the exact number of people arrested but said that mostly Chinese nationals had been taken into custody. “Our team is probing further as more complaints are pouring in and data is being compiled from other cities,” he said.
.
The cyber heist is being dealt with by the FIA’s National Response Center for Cyber Crime (NR3C), the country’s only technology-based crime division, which was set up 10 years ago and assists other law enforcement agencies in Pakistan.
.
On Friday, FIA Director Shakeel Durrani said at a press briefing that the investigation had revealed the involvement of Canadian, Nigerian and Italian hackers, as well as an Indian scammer identified as Sorev.
.
The information was divulged by Saqibullah, a Rawalpindi resident running a racketeering business, who as their front man sold stolen financial information to the hackers. He is also involved in identity theft, credit debit card cloning and extortion. His arrest has expanded into a FIA investigation searching for his collaborators.
.
Durrani said, “The prime suspect (Saqibullah) would take photos of ATM machines to match suitable skimming machines that were ordered from other countries.”
.
The cash withdrawals from the hacked accounts were in China, Canada, Italy, Nigeria, Indonesia, Malaysia, US, but were not limited to those countries, he said.
.
Revelations of the ATM-skimming scam were revealed last week by the country’s largest financial institution, Habib Bank Limited (HBL), which confirmed more than $105,000 had been stolen from 559 hacked HBL customers, mostly in the cities of Karachi and Lahore.
.
Image result for Habib Bank Limited, photos, signage
.
“We have more than 10 million customers, which means that the size of the amount missing is not very significant for the HBL, while the number of customers affected is also low, said HBL’s corporate and marketing executive Naveed Asghar, who was reported in a local English daily. “It is a fraud and we must check it and find the culprits … it happens in all the countries that use ATMs,” he said.
.
Banks using outdated technology fitted with aging security protocols attracted a “organized foreign group” to hack the ATM booths, suggests the FIA, which is approaching the State Bank of Pakistan, the country’s banking regulator, to introduce biometric policy and enforce it across the banking spectrum.
.
An HBL official in Islamabad told Arab News: “The practice of skimming is not new,” but the bank’s new biometric security measures, currently being introduced in its ATMs, “will prevent and curb future hacks.” Though HBL seems to be the main target, Standard Chartered Bank, Faysal Bank Limited, Bank Al Habib Limited and other banks have also fallen victim to cybercrime, he said.
.
“Officially the bank hasn’t sent out warning notifications to customers of this continuing fraud but we are compensating the affected account holders. An internal memo has been circulated for each bank branch to check and monitor the ATMs,” the banking officer said.
.
Advertisements

Uber Breach and Response Draw Global Government Scrutiny

November 23, 2017

Senator criticizes ‘inexplicable delay’ in announcing the breach, while the FTC and several countries are looking into the issue

An FTC spokesman said the agency is “closely evaluating the serious issues raised.”
An FTC spokesman said the agency is “closely evaluating the serious issues raised.” PHOTO: ERIC RISBERG/ASSOCIATED PRESS
.

Government officials world-wide said they would look at Uber Technologies Inc.’s handling of a major data breach last year.

Uber said Tuesday that it paid hackers $100,000 in an effort to conceal a data breach that affected 57 million accounts. In addition to the names, emails and phone numbers of riders, about 600,000 U.S. drivers’ license numbers were accessed, Uber said.

A Federal Trade Commission spokesman said the agency is “closely evaluating the serious issues raised,” while Sen. Richard Blumenthal (D., Conn) said on Twitter that the Senate Commerce Committee should hold a hearing to “demand Uber explain their outrageous breach—and inexplicable delay in informing its consumers and drivers.”

San Francisco-based Uber said it would notify owners of the affected accounts in coming days. It fired its chief security officer and a deputy for their role in the breach and covering it up, and Chief Executive Dara Khosrowshahi apologized.

At least three European government agencies are looking into Uber’s handling of the breach, and the New York State Attorney General’s office has opened an investigation.

Uber said in a statement that “we’ve been in touch with several state attorney general offices and the FTC to discuss this issue, and we stand ready to cooperate with them going forward.”

New Mexico’s Attorney General said in a letter to Uber that the company’s reaction to the breach was “gravely concerning” and requested that the company provide more information within 10 days.

Britain’s Information Commissioner’s Office will assess what steps Uber would need to take to better comply with data-protection requirements.
Britain’s Information Commissioner’s Office will assess what steps Uber would need to take to better comply with data-protection requirements. PHOTO: SIMON DAWSON/REUTERS

Uber hasn’t disclosed a geographic breakdown of the compromised accounts. Uber said Wednesday it was in the process of notifying regulatory and government authorities about the breach. “We expect to have ongoing discussions with them,” an Uber spokesman said. “Until we complete that process we aren’t in a position to get into any more details.”

The FTC has the authority to examine Uber’s cybersecurity efforts and its response to the breach, including any communication, or lack thereof, with the public.

The commission has undertaken at least preliminary investigations, and sometimes very detailed probes, of this nature during past large-scale hacks, looking at whether a hacked company had reasonable data protection practices in place that were in line with industry best practices. The FTC also has examined how companies have responded to any known security weaknesses before a breach took place.

The FTC has pursued enforcement actions when it believed companies weren’t vigilant in following appropriate safeguards.

In September, the FTC said it was investigating a breach at Equifax Inc .

Britain’s Information Commissioner’s Office, which oversees data protection in the country, said it would assess how the breach affected people in the U.K. and what steps Uber would need to take to better comply with data-protection requirements. The office has the power to fine Uber, up to £500,000 ($665,000), for any wrongdoing.

“Deliberately concealing breaches from regulators and citizens could attract higher fines for companies,” said James Dipple-Johnstone, the British agency’s deputy commissioner, in a statement.

In addition to Britain—where Uber also faces a separate legal challenge over drivers’ compensation and a potential ban on operating in London—Italian and Dutch authorities said they also planned to evaluate how Uber handled the data breach.

“We are dismayed by the poor transparency shown towards users, which we intend to investigate,” said Antonello Soro, the Italian Data Protection Authority’s president, in a statement.

A spokesman for the data protection agency in the Netherlands, where Uber bases its European operations, said the agency would examine the reports of the data breach.

Most EU-member authorities don’t currently have the power to impose fines on companies in the case of personal data breaches. This will change under a new regulation taking effect in May 2018.

The National Privacy Commission of the Philippines said it has summoned Uber to a Nov. 23 meeting to discuss the incident and to comply with the formal breach notification procedure under the Data Privacy Act of 2012.

The coverup is another challenge for Uber, which is valued at $68 billion. Mr. Khosrowshahi has tried to bring stability after a year of controversies that took place under CEO Travis Kalanick.

Mr. Khosrowshahi has inherited several federal probes of the company over programs targeting rivals and regulators, as a well as a possible violation of the Foreign Corrupt Practices Act.

Uber is in a heated legal battle with Google parent Alphabet Inc., which filed suit in February alleging the company stole trade secrets related to self-driving cars. And it is trying to recover from claims by a former female engineer that management ignored complaints from her and other women of sexism and harassment.

The company has said it is cooperating with federal regulators in their investigations. It disputes the allegations made by Alphabet and is contesting the lawsuit.

Write to Stu Woo at Stu.Woo@wsj.com

https://www.wsj.com/articles/european-regulators-look-into-uber-handling-of-data-breach-1511378731

Related:

Uber Paid Hackers to Delete Stolen Data on 57 Million People

November 22, 2017

Bloomberg

By Eric Newcomer

 Updated on 
  • Company paid hackers $100,000 to delete info, keep quiet
  • Chief Security Officer Joe Sullivan and another exec ousted

Hackers stole the personal data of 57 million customers and drivers from Uber Technologies Inc., a massive breach that the company concealed for more than a year. This week, the ride-hailing firm ousted its chief security officer and one of his deputies for their roles in keeping the hack under wraps, which included a $100,000 payment to the attackers.

Compromised data from the October 2016 attack included names, email addresses and phone numbers of 50 million Uber riders around the world, the company told Bloomberg on Tuesday. The personal information of about 7 million drivers was accessed as well, including some 600,000 U.S. driver’s license numbers. No Social Security numbers, credit card information, trip location details or other data were taken, Uber said.

At the time of the incident, Uber was negotiating with U.S. regulators investigating separate claims of privacy violations. Uber now says it had a legal obligation to report the hack to regulators and to drivers whose license numbers were taken. Instead, the company paid hackers to delete the data and keep the breach quiet. Uber said it believes the information was never used but declined to disclose the identities of the attackers.

Dara Khosrowshahi

Photographer: Matthew Lloyd/Bloomberg

“None of this should have happened, and I will not make excuses for it,” Dara Khosrowshahi, who took over as chief executive officer in September, said in an emailed statement. “We are changing the way we do business.”

Read more: Uber Pushed the Limits of the Law. Now Comes the Reckoning

After Uber’s disclosure Tuesday, New York Attorney General Eric Schneiderman launched an investigation into the hack, his spokeswoman Amy Spitalnick said. The company was also sued for negligence over the breach by a customer seeking class-action status.

Hackers have successfully infiltrated numerous companies in recent years. The Uber breach, while large, is dwarfed by those at Yahoo, MySpace, Target Corp., Anthem Inc.and Equifax Inc. What’s more alarming are the extreme measures Uber took to hide the attack. The breach is the latest scandal Khosrowshahi inherits from his predecessor, Travis Kalanick.

Read more: Gadfly’s Shira Ovide says Kalanick must speak

QuicktakeCybersecurity

Kalanick, Uber’s co-founder and former CEO, learned of the hack in November 2016, a month after it took place, the company said. Uber had just settled a lawsuit with the New York attorney general over data security disclosures and was in the process of negotiating with the Federal Trade Commission over the handling of consumer data. Kalanick declined to comment on the hack.

Joe Sullivan, the outgoing security chief, spearheaded the response to the hack last year, a spokesman told Bloomberg. Sullivan, a onetime federal prosecutor who joined Uber in 2015 from Facebook Inc., has been at the center of much of the decision-making that has come back to bite Uber this year. Bloomberg reported last month that the board commissioned an investigation into the activities of Sullivan’s security team. This project, conducted by an outside law firm, discovered the hack and the failure to disclose, Uber said.

Image result for Uber, signage, photos

Here’s how the hack went down: Two attackers accessed a private GitHub coding site used by Uber software engineers and then used login credentials they obtained there to access data stored on an Amazon Web Services account that handled computing tasks for the company. From there, the hackers discovered an archive of rider and driver information. Later, they emailed Uber asking for money, according to the company.

A patchwork of state and federal laws require companies to alert people and government agencies when sensitive data breaches occur. Uber said it was obligated to report the hack of driver’s license information and failed to do so.

“At the time of the incident, we took immediate steps to secure the data and shut down further unauthorized access by the individuals,” Khosrowshahi said. “We also implemented security measures to restrict access to and strengthen controls on our cloud-based storage accounts.”

Uber has earned a reputation for flouting regulations in areas where it has operated since its founding in 2009. The U.S. has opened at least five criminal probes into possible bribes, illicit software, questionable pricing schemes and theft of a competitor’s intellectual property, people familiar with the matters have said. The San Francisco-based company also faces dozens of civil suits. London and other governments have taken steps toward banning the service, citing what they say is reckless behavior by Uber.

In January 2016, the New York attorney general fined Uber $20,000 for failing to promptly disclose an earlier data breach in 2014. After last year’s cyberattack, the company was negotiating with the FTC on a privacy settlement even as it haggled with the hackers on containing the breach, Uber said. The company finally agreed to the FTC settlement three months ago, without admitting wrongdoing and before telling the agency about last year’s attack.

The new CEO said his goal is to change Uber’s ways. Uber said it informed New York’s attorney general and the FTC about the October 2016 hack for the first time on Tuesday. Khosrowshahi asked for the resignation of Sullivan and fired Craig Clark, a senior lawyer who reported to Sullivan. The men didn’t immediately respond to requests for comment.

Khosrowshahi said in his emailed statement: “While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes.”

The company said its investigation found that Salle Yoo, the outgoing chief legal officer who has been scrutinized for her responses to other matters, hadn’t been told about the incident. Her replacement, Tony West, will start at Uber on Wednesday and has been briefed on the cyberattack.

Travis Kalanick

Photographer: Scott Eells/Bloomberg

Kalanick was ousted as CEO in June under pressure from investors, who said he put the company at legal risk. He remains on the board and recently filled two seats he controlled.

Uber said it has hired Matt Olsen, a former general counsel at the National Security Agency and director of the National Counterterrorism Center, as an adviser. He will help the company restructure its security teams. Uber hired Mandiant, a cybersecurity firm owned by FireEye Inc., to investigate the hack.

The company plans to release a statement to customers saying it has seen “no evidence of fraud or misuse tied to the incident.” Uber said it will provide drivers whose licenses were compromised with free credit protection monitoring and identity theft protection.

— With assistance by Erik Larson

Includes Video:

https://www.bloomberg.com/news/articles/2017-11-21/uber-concealed-cyberattack-that-exposed-57-million-people-s-data

Related:

Uber admits covering up data hack that hit 57m users and drivers

November 22, 2017

AFP

© Getty Images / AFP (file photo) | Personal data from some 57 million Uber riders and drivers was compromised in a hack that took place more than a year ago.

Text by NEWS WIRES

Latest update : 2017-11-22

Uber said Tuesday that hackers compromised personal data from some 57 million riders and drivers in a breach kept hidden for a year.

“None of this should have happened, and I will not make excuses for it,” said a statement from chief executive Dara Khosrowshahi, who took over at the ridesharing giant in August.

Two members of the Uber information security team who “led the response” that included not alerting users that their data was breached were let go from the San Francisco-based company effective Tuesday, according to Khosrowshahi.

The Uber chief said he only recently learned that outsiders had broken into a cloud-based server used by the company for data and downloaded a “significant” amount of information.

Stolen files included names, email addresses, and mobile phone numbers for riders, and the names and driver license information of some 600,000 drivers, according to Uber.

Uber paid the hackers $100,000 to destroy the data, not telling riders or drivers whose information was at risk, according to a source familiar with the situation.

Co-founder and ousted chief Travis Kalanick was advised of the breach shortly after it was discovered, but it was not made public until Uber’s new boss Khosrowshahi learned of the incident.

“You may be asking why we are just talking about this now, a year later,” Khosrowshahi said.

“I had the same question, so I immediately asked for a thorough investigation of what happened and how we handled it.”

Khosrowshahi said that what he learned about Uber’s failure to notify users or regulators prompted corrective actions.

Need to change

Uber is notifying drivers whose license numbers were swiped, and offering them credit and identity theft protections.

The company also said it is notifying regulators, and monitoring affected rider accounts for signs of fraud.

“While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes,” Khosrowshahi said.

“We are changing the way we do business.”

Khosrowshahi inherited a litany of scandals and a toxic workplace culture when he replaced Kalanick.

Kalanick’s brash style has been credited with driving Uber to the leading spot in the smartphone-summoned ride market, but also blamed for fostering an atmosphere of impropriety and rule breaking at the company.

A planned tieup with Japanese tech giant SoftBank suggests the ridesharing giant is set to come of age in the business world, but it still faces a long road ahead.

The deal would give Uber an additional $1 billion in capital and could allow SoftBank to acquire as much as 14 percent of Uber over time.

While Uber has become a global phenomenon operating in more than 600 cities and dozens of countries, it is trying to move past scandals and missteps that have included executive misconduct, a cutthroat workplace, and potentially unethical competitive practices.

One step toward the future was the hiring of Khosrowshahi earlier this year, which left founder Kalanick in the background.

But Uber needs to clean up governance and other practices in order to meet its goal of a 2019 stock market debut that will open up the privately-held firm to greater scrutiny.

Under Kalanick, Uber reached an eye-popping valuation of $68 billion, unprecedented for a private firm.

But at the same time, it has faced resistance from traditional taxi operators and regulators, and faces possible bans in cities for failing to live up to local rules.

The deal with SoftBank is aimed at getting past the clashes between Kalanick and early investors like Benchmark Capital, which has sued the former CEO.

SoftBank is expected to buy up shares from some investors by pumping in as much as $9 billion, in a so-called tender offer to Uber stakeholders.

Rajeev Misra, CEO of SoftBank Investment Advisors, said earlier this month that some details are not yet final.

Uber called the SoftBank deal “a strong vote of confidence” in the company’s long-term potential.

But Uber has other issues as well. It is in court facing Waymo, the former Google Car unit, which has alleged the theft of trade secrets on autonomous vehicle technology, in a case pending in California.

Uber’s use of software aimed at thwarting rivals like Lyft has also hurt its image, and could create further legal woes.

Uber is facing tougher competition around the world, with rivals in Asia and Europe ramping up efforts and the expansion of US-based Lyft — which recently announced it would launch services in its first city outside the US market in Toronto, Canada.

(AFP)

U.S. Flagged Russian Firm Kaspersky as Potential Threat as Early as 2004

November 18, 2017

Intelligence agencies have expressed concern about the cybersecurity company’s software

WASHINGTON—A Russian cybersecurity firm whose products current and former U.S. officials suspect Moscow has used as a tool for spying was flagged by U.S. military intelligence as a potential security threat as early as 2004, according to new information the Defense Department provided to Congress.

In 2013, the Defense Intelligence Agency, the U.S. military spy service, also issued a Pentagon-wide threat assessment about products made by the company, Kaspersky Lab, according to an email this week from the Pentagon to the House Committee on Science, Space and Technology. The contents of the assessment weren’t disclosed.

The DIA “began producing threat reporting referencing Kaspersky Lab as a threat actor as early as 2004,” according to the email, reviewed by The Wall Street Journal, raising questions about why other federal agencies continued to use the firm’s products.

The Journal reported in October that hackers suspected of working for the Russian government targeted a National Security Agency contractor through the contractor’s use of Kaspersky Lab antivirus software and stole details of how the U.S. penetrates foreign computer networks.

Kaspersky has long said it doesn’t assist the Russian government with spying on other countries.

The revelation about Kaspersky comes as concern over Russian infiltration of American computer networks and social-media platforms is growing after the U.S. intelligence assessment that the Russian government worked to help President Donald Trump’s 2016 campaign. Russia has denied meddling in the election.

Kaspersky published a report on Thursday saying that the computer it believes may have belonged to the NSA contractor in question was infected with other malware that could have been responsible for ex-filtrating information.

The company said in a separate statement, in response to the revelation that U.S. military intelligence flagged the firm as a threat actor, that it remains “ready to work with the U.S. government to address any and all concerns and further collaborate to mitigate against cyber threats, regardless of their origin or purpose.” It added: “we maintain that there has yet to be any credible evidence of the risks presented by the company’s products.”

The DIA’s threat analysis center, established in 2009, circulated analysis regarding Kaspersky Lab to various acquisition programs within the Pentagon, according to the email. It also made its views about the potential threat posed by Kaspersky Lab known to other agencies as early as 2012, the email said.

The email the Pentagon official sent this week was a follow-up to questions posed by the committee chairman, Rep. Lamar Smith (R., Texas), about why the Pentagon had decided not to use Kaspersky products while other U.S. federal agencies felt safe to do so.

A top Pentagon cybersecurity official, Essye Miller, told the committee at a hearing this week that the Defense Department hadn’t used Kaspersky products because of intelligence information regarding the firm.

Still, other federal agencies didn’t follow the same precautions and used Kaspersky products. Jeanette Manfra, a top Department of Homeland Security official, said at the hearing that roughly 15% of the federal agencies that checked to see if Kaspersky was operating on their systems found the company’s products. DHS has set a Dec. 12 deadline for all U.S. government agencies to remove the firm’s software.

“We expect to continue to get more information and also get those basic questions answered—like why did they ever start using Kaspersky Lab products?” Rep. Smith said.

Write to Paul Sonne at paul.sonne@wsj.com

 https://www.wsj.com/articles/u-s-flagged-russian-firm-kaspersky-as-potential-threat-in-2004-1510957459

Russian MPs back law targeting foreign media — “A hybrid war has been declared against us,” Russian Communist Party Leader says

November 15, 2017

AFP

.

MOSCOW (AFP) – Russian MPs on Wednesday backed new legislation that could force foreign media outlets to register as “foreign agents” in a reciprocal response to US pressure on Kremlin-backed TV channel RT.

Lawmakers approved amendments that would allow any international media that receive financing from abroad to be classified as “foreign agents,” a measure previously used only against NGOs.

The Kremlin praised the move as allowing it to offer a “very harsh” response to attacks on Russian media abroad.

 No automatic alt text available.

“Any attempts to encroach on the freedom of Russian media abroad… will not remain without response from Moscow — without a very harsh response,” Kremlin spokesman Dmitry Peskov told journalists.

Russia will be able to use the law “to give a timely retaliatory response,” he said.

The law could be used against US media such as Voice of America and Radio Free Europe/Radio Liberty, which receive funding from the US Congress.

Members of parliament have given contradictory statements on whether the law could apply to commercial TV network CNN.

Lawmakers unanimously voted to back the amendments in rushed second and third readings within a few hours on Wednesday.

“A hybrid war has been declared against us and we are obliged to respond,” Communist Party leader Gennady Zyuganov said in parliament.

The lower house of parliament’s deputy speaker Pyotr Tolstoy told the chamber reciprocal measures were “forced” by the actions of the United States, which he earlier said was spitting in Russia’s face.

“They forced us to take these measures,” he said.

No automatic alt text available.

The amendments now need to be passed by the Senate and then be signed into law by President Vladimir Putin, after which they will enter force immediately.

– ‘Selective measures’ –

The wording of the law is very broad, potentially allowing its use against any foreign media organisation operating in Russia.

Tolstoy told parliament the amendments would not be automatically enforced, but would be selectively applied by the justice ministry.

“You shouldn’t think that after this law enters force… all foreign media in Russia will automatically become foreign agents,” he told parliament.

“We are making it possible… to take selective retaliatory measures — that is the idea of the law, and I hope it will be enforced this way.”

He denied it will affect any Russian media with foreign funding.

Amnesty International has warned the law will allow the Russian authorities “to tighten their stranglehold on press freedom.”

A Russian law adopted in 2012 forces NGOs that have international funding and whose activities are deemed “political” to undergo intensive scrutiny of their finances and staffing and label themselves as “foreign agents” on paperwork and statements.

Many NGOs have closed in response to the legislation.

RT television, which is funded by the Kremlin to give a Russian point of view on international affairs, confirmed Monday it has registered as a foreign agent in the United States, meeting a deadline from the US Department of Justice.

Image result for kremlin, photos

Washington considers RT a propaganda arm of the Kremlin and told it to register its American operation under the Foreign Agents Registration Act aimed at lobbyists and lawyers representing foreign political interests.

The Moscow-based broadcaster has become a focus of the investigations into alleged Russian interference in the 2016 US presidential election.

by Anna MALPAS

Why Trump is sticking with Obama’s China hacking deal

November 8, 2017
Donald Trump and Xi Jinping are pictured. | AP Photo

 

The hacking agreement is not expected to be a major talking point when President Donald Trump meets on Wednesday in Beijing with Chinese President Xi Jinping (right). | Saul Loeb/Pool Photo via AP/File

President Donald Trump has broken with a host of Obama-era international agreements, from the Trans-Pacific Partnership to the Paris climate pact — but he’s showing every sign of sticking with a 2015 hacking accord with China.

Last month, the Trump administration quietly reaffirmed the agreement, which Republicans had initially greeted with skepticism. And business groups, cyber researchers and international policy experts say they see little reason for Trump to cancel the deal, especially as he’s pressing for China’s cooperation in curbing North Korea’s increasingly bellicose cyber and nuclear programs.

The hacking agreement is not expected to be a major talking point when Trump meets on Wednesday in Beijing with Chinese President Xi Jinping, whose country remains one of the most skilled and aggressive operators in cyberspace.

China appears to be largely complying with the 2015 deal, in which both countries pledged not to steal trade secrets from each other for the benefit of their domestic companies. That has helped calm the friction that once reigned between Washington and Beijing over cyber disputes, leaving Trump free to press his complaints with China on issues such as its protectionist regulations and unfavorable trade balance with the U.S.

“Having the cyber accord that we have helps to narrow the issues in dispute,” said Luke Dembosky, who worked on the 2015 U.S.-China cyber pact as a senior Justice Department official. “We need every bit of goodwill we can muster between our two countries on issues like North Korea. And we should, as a country, capitalize on the breakthrough that was achieved in fall of 2015.”

Perhaps most surprisingly to some, the deal has had its intended effect: Chinese-backed cyber theft of American trade secrets has dropped roughly 90 percent since the September 2015 accord, according to two leading digital security firms. Before then, analysts estimated that the thefts were costing the U.S. hundreds of billions of dollars a year.

“We saw the level of that activity drop off a cliff,” said Chris Porter, the chief intelligence strategist at FireEye, which closely tracks major Chinese-linked hacking groups. “At or near zero levels.”

Those same researchers, though, caution that Chinese hacking tactics may have mutated in recent months, once again threatening American businesses through means that push the boundaries of the 2015 accord.

The Trump administration has not made strong public statements either way regarding the U.S.-China cyber pact despite jointly pledging with China in October to continue implementing the deal.

“President Trump believes strongly in protecting intellectual property rights, which are a key part of a fair and reciprocal trade policy,” White House spokesman Marc Raimondi said via email. “We will be closely monitoring [China’s] adherence to both the letter and the spirit of the commitment.”

When Xi visited the White House in 2015, cyber tensions were at an all-time high between the two countries. It was widely believed that Beijing’s cyber spies had been behind the devastating theft that spring of more than 20 million sensitive U.S. government security clearance background-check files. And business groups were imploring the Obama administration to punish China over what they said was a pervasive hacking campaign to steal America’s trade secrets and erode the country’s competitive advantage, costing the U.S. up to $400 billion a year.

But instead of slapping Beijing with sanctions, Obama and Xi announced a mutual vow to end the type of theft that was enraging U.S. business leaders. Republicans — and even some Democrats — were immediately dubious that the diplomatic route would have any tangible effect on China’s behavior. And notably, the deal did not require either side to stop traditional cyber espionage, such as the theft of the U.S. background-check records.

However, just over two years later, the pact has held.

There has been a “massive reduction” in Chinese intrusions of American companies, said Dmitri Alperovitch, co-founder of the digital security firm CrowdStrike, which is working on a report analyzing China’s digital behavior since the agreement.

And it has allowed the two countries to focus more on their trade relationship, making it “a remarkable success” from that perspective, said Porter, of FireEye. “It shows that diplomacy can be used to reduce the cyber threat to Americans.”

Those who worked on the deal also believe it played a broader role in stabilizing U.S.-China relations and set a rare precedent for the international community on cyber norms, which have been notoriously difficult to pin down.

“These are two of the, if not the two, world leaders on cyber issues,” said Dembosky, now a partner at the law firm Debevoise and Plimpton. “So for them to reach any agreement on matters of cyberspace … has huge ripple effects in the international community in a positive way.”

China did not give up its expansive cyber efforts, though. Instead, the country shifted its focus to regional targets, training its digital spies on dissidents in Tibet and Hong Kong, as well as political, military and economic targets across Asia, CrowdStrike’s Alperovitch said. According to FireEye’s Porter, Chinese hackers were able to pilfer intellectual property — from other nations, like Japan — that was largely comparable to what they had been getting in the U.S.

At the same time, Xi was also restructuring his military. The increasingly powerful leader wanted to consolidate the country’s cyber army and rein in government-linked hackers moonlighting as rogue digital actors, a process FireEye detailed in a June 2016 report.

And there are recent signs that Beijing may be testing the limits of its 2015 promises.

In mid-2016, FireEye noticed that one prominent suspected Chinese hacking group had resurfaced, catching it infiltrating a U.S. information technology services firm in a likely attempt to gain access to the firm’s clients. Porter said FireEye had also discovered Beijing-linked hackers spying on corporate executives, giving them access to inside information that might eventually come in handy for Chinese investors looking to purchase an American firm or Chinese companies bidding on a U.S. project.

It’s unclear whether either strategy would technically violate the narrow terms of the 2015 agreement.

“I do think that it’s still too early to call victory here,” Alperovitch said.

Still, cyber watchers say that Trump should stick with the deal.

The U.S. gave up almost nothing in inking the agreement, they note, as it already had a long-established commitment to not steal corporate secrets for domestic economic gain. Plus, the deal established law enforcement channels to swap details on cybercrime, a valuable tool given China’s proximity to North Korea’s increasingly assertive cyber army. Researchers believe Pyongyang was behind a global malware outbreak earlier this year that froze tens of thousands of computer networks, costing businesses hundreds of millions of dollars. South Korea has also blamed its northern neighbor for the digital theft of war plans.

China may have enabled North Korea’s hacking operations by providing network bandwidth or even physical space for Pyongyang’s digital warriors, according to studies and media reports. Details are thin on what assistance China may currently provide.

“China may well be in a position to be able to provide information about North Korean cyber activities,” said Samir Jain, who helped craft the U.S.-China cyber deal as a senior director for cyber policy at the National Security Council. “To the extent that the Chinese can provide information about those actors or about servers or other infrastructure being used by North, then that would all be helpful.”

The White House also doesn’t appear eager to rock the boat over any possible noncompliance with the 2015 deal. A White House blog post about Trump’s upcoming visit to Beijing mentioned only the North Korea situation and “China’s unfair trade practices.”

Indeed, those “unfair trade practices” are where industry leaders’ concerns now lie. They worry that new Chinese cybersecurity regulations could force foreign technology companies to hand over software for “security” reviews before being allowed to enter China’s booming market. Trump recently ordered the U.S. trade representative to investigate the issue, setting up a potential showdown with Beijing on trade.

“We are at risk of a trade war,” Dembosky said. “It may be a cold trade war, but it’s certainly getting much hotter. If we don’t reach some understanding with China on the processes — and the fairness of the processes on both sides for evaluating these risks — then both counties will suffer.”

Eric Geller contributed to this report. 

https://www.politico.com/story/2017/11/08/trump-obama-china-hacking-deal-244658

 

Looking at The Challenges of The New World Order

November 4, 2017

The Straits Times

Image may contain: 2 people

A woman holds a Chinese newspaper with a picture of US President Donald Trump at a news stand in Shanghai.PHOTO: AFP

The winds of change are blowing.

This year, change swept through the corridors of power in the United States, Asia and Europe, with US President Donald Trump taking office, China’s President Xi Jinping unveiling a new team at the top, and new leaders taking over in countries such as France and South Korea.

Free trade came under growing pressure from the forces of protectionism and populism, jeopardising agreements such as the Trans-Pacific Partnership.

Political and economic changes aside, new technologies continued to both enrich the lives and endanger the livelihood of millions worldwide.

The Straits Times Global Outlook Forum returns on Dec 5, to help readers make sense of these changes and what they can do to prepare for the challenges in the new year.

Titled 2018: Facing The Challenges Of A New World Order, the annual conference is organised by The Straits Times in partnership with presenting sponsor OCBC Premier Banking. The keynote speaker for this year’s forum at the Ritz-Carlton hotel will be Minister for Finance Heng Swee Keat.

One panel discussion at the forum will be dedicated to the issue of cyber security. Experts from the government and private sector will look into hacking and what can be done to fend off such attacks at the discussion to be moderated by ST senior technology correspondent Irene Tham.

One speaker is Mr David Koh, chief executive of the Cyber Security Agency (Prime Minister’s Office) and deputy secretary (special projects) and defence cyber chief at the Ministry of Defence.

He will be joined by Mr Richard Skinner, partner (strategy) of consultancy PwC Singapore, and Mr John Lee, president of the Singapore chapter of Isaca, which advocates for professionals in information security, assurance, risk management and governance.

Eleven-year-old Reuben Paul, a Texas-based cyber security ambassador and “child hacker”, will also be delivering a special address.

Another topic at the forum is global politics. One question to be discussed is what the world can expect as President Xi wants China to move centre stage in global affairs, while leaders in the West are increasingly distracted by populism, nationalism and voter discontent.

The audience will hear from prominent historian Wang Gungwu, Associate Professor Elvin Lim, head of the department of political science at the National University of Singapore (NUS), and Mr Richard Jerram, chief economist of the Bank of Singapore.

Professor Wang, chairman of the ISEAS – Yusof Ishak Institute, the East Asian Institute and Lee Kuan Yew School of Public Policy (NUS), will give his views on China after the recent 19th national party congress; Prof Lim, who specialises in US politics, will offer his take on America in the Trump era.

Joining them from ST are associate editor Rahul Pathak, who will talk about his recent reporting trip to North Korea, and Ms Audrey Quek, Opinion editor (global affairs), who will moderate the discussion.

• To register, go to https://eventreg.asiaone.com/register/stglobal2017

• Registration fee is $230, but there is an early bird special of $185 if you register by Nov 20. There are further discounts for group purchases and OCBC card holders.

A version of this article appeared in the print edition of The Straits Times on November 04, 2017, with the headline ‘ST forum to look at challenges of new world order’. Print Edition | Subscribe
.
.

Malaysia data breach puts personal details of 46.2 million mobile subscribers at stake

October 31, 2017

Image may contain: one or more people and phone

PETALING JAYA – The personal details of some 46.2 million mobile number subscribers in Malaysia are at stake in what is believed to be one of the largest data breaches ever seen in the country, The Star reported.

From home addresses and identity card numbers to SIM card information, the private details of almost the entire population may have fallen into the wrong hands.

The leak of the mobile data was first reported earlier this month on online forum and news site Lowyat.net, which said that it was believed to have originated from a massive data breach in 2014.

On Monday (Oct 30), the site “confirmed” that 46.2 million mobile numbers were leaked online.

Malaysia’s population is only around 32 million, but many have several mobile numbers. The list is also believed to include inactive numbers and temporary ones bought by visiting foreigners.

With this leak, Malaysians may be vulnerable to social engineering attacks and in a worst-case scenario, phones may be cloned.

It is also said that 81,309 records from the Malaysian Medical Council, Malaysian Medical Association (MMA) and Malaysian Dental Association were also leaked.

Lowyat.net founder Vijandren Ramadass told The Star that all information it received on the matter was handed over to the Malaysian Communications and Multimedia Commission (MCMC).

Asked what sort of action would be needed, he said: “Telcos need to admit that this breach actually happened and should inform all their customers what should be done.”

The MCMC had said on Oct 20 it is working with the police to investigate the data breach.

Malaysia’s police chief Mohamad Fuzi Harun was reported saying on Tuesday that details of the case could not be revealed as a probe was underway. He said the police were collecting information on how the data had been leaked.

“We are working with the Malaysian Communications and Multimedia Commission (MCMC) as this case is quite complicated since it involves telecommunication service providers,” the New Straits Times quoted him as saying.

“So far, we cannot reveal much as it is still ongoing. We are collecting information as to how the numbers and details were leaked. If we found the culprit, we will not hesitate to take legal action,” he told the paper.

Network and security strategist Gavin Chow said the most common social engineering attack examples were phone and messaging scams.

“Scammers pretend to be someone calling or texting from the telco since they can prove they have the target’s personal details,” said Chow, who is with cybersecurity and malware protection company Fortinet.

He added that the scammers would then try to trick the victim in various ways.

These include transferring funds into their accounts and installing “telco applications” containing malware or spyware, which will be used to exploit the target in future.

“The devices would likely not be hacked directly, but anyone with the data dump information and a little creativity may convince unsuspecting victims to install malware on their devices.

“Users need to be alert when receiving calls and messages from strangers. Do not get tricked into sharing more personal details, transferring funds or installing apps,” he said.

Technology strategist Dinesh Nair said there was not much that consumers could do, but they should change their SIM card, for starters.

“Your name, address, phone number, the IMSI (international mobile subscriber identity) and the IMEI (international Mobile Equipment Identity), which are tied to your device are all out there.

“I’m sure my data is there as well. People with really good technical skills will be able to clone someone’s phone and that’s the worst-case scenario,” he said.

Dinesh added that while no one knew where the breach occurred, the fact that the details were out there pointed to a leak of some sort.

“How it happened, we can’t tell but with so much released from different telcos at the same time, it must come from a single source,” he added.

Bar Council cyber law and information technology committee co-chairman Foong Cheng Leong said assuming that the leak was after the enforcement of the Personal Data Protection Act 2010, there might have been a breach of the Act’s Security Principle by the data users.

“The Security Principle requires data users to process personal data securely, but there is not much customers can do other than file a complaint with the Personal Data Protection Commissioner,” he said.

Telco provider Digi said in a statement that it prioritised the privacy of its customer data.

“The authorities are looking into the matter and we’ll continue to support them,” the statement read.

Celcom Axiata Bhd said it was “collaborating closely with the authorities to assist in the investigation”, a sentiment echoed by Maxis Bhd, which also said it “fully supports the investigation”.

Representatives from U Mobile declined to speak about the leak, while representatives of TuneTalk could not be contacted for comments at press time.

MMA president Ravindran R. Naidu said a police report was lodged more than a week ago when news of the leak surfaced.

“Of course, no system is unhackable. Even the US Department of Defence has been hacked. However, we have been in the process of upgrading our IT system for the last year or so and the new servers will be more secure,” he said.

“We will also be upgrading our operational security measures and introducing a new SOP for our staff to minimise the risk of a repeat of this episode,” he added.

http://www.straitstimes.com/asia/se-asia/malaysia-data-breach-puts-personal-details-of-462-million-mobile-subscribers-at-stake

Cambodia deports 61 telecom extortion scam suspects — Taiwan protests

October 28, 2017

Reuters

PHNOM PENH (Reuters) – Cambodia police on Saturday deported 61 Chinese nationals wanted in China on suspicion of extorting money over the internet and by phone, they said, but Taiwan said 19 were from Taiwan.

Image may contain: one or more people and outdoor

Chinese nationals (in orange vests) who were arrested over a suspected internet scam, are escorted by Chinese police officers before they were deported at Phnom Penh International Airport, in Phnom Penh, Cambodia, October 12, 2017. REUTERS/Samrang Pring

Several hundred suspected scammers have been arrested in Cambodia, which has emerged as a major center of rackets that have cost the victims billions of dollars.

Pictures sent to Reuters on Saturday showed suspects wearing red shirts with their wrists bound together ahead of the deportation.

Uk Heisela, chief of investigation at Cambodia’s immigration department, said Chinese police had arrived to pick up the suspects.

Chinese nationals (in orange vests) who were arrested over a suspected internet scam, are escorted by Chinese police officers before they were deported at Phnom Penh International Airport, in Phnom Penh, Cambodia, October 12, 2017. REUTERS/Samrang Pring

“The Immigration Department deported 61 suspects, including 13 women, who were involved in extortions on the internet,” Uk Heisela told Reuters.

Uk Heisela said they had been detained during raids on Oct 17 and Oct 21 in the capital, Phnom Penh, and in Kandal and Preah Sihanouk provinces.

Taiwan’s government said 19 of them were from Taiwan, and that it had lodged a strong protest with China about the deportations.

Taiwan has been unhappy that Taiwanese extortion suspects have been deported to China in the past and has accused Phnom Penh of acting at the behest of Beijing.

China considers self-ruled Taiwan sovereign territory and Cambodia is one of China’s closest allies in Southeast Asia.

Reporting by Prak Chan Thul; Additional reporting by Jess Macy Yu in TAIPEI; Editing by Nick Macfie

Related:

In this photo released by Xinhua News Agency, Chinese suspects involved in wire fraud, center, sit in a plane as they arrive at the Beijing Capital International Airport in Beijing on Wednesday, 13 April 2016

A group of Chinese and Taiwanese suspects were deported from Kenya to China in April 2016. AP photo

Police escort a group of people wanted for suspected fraud in China, after they were deported from Kenya, as they get off a plane after arriving at Beijing Capital International Airport in Beijing, China
Police escort a group of people wanted for suspected fraud in China, after they were deported from Kenya, as they get off a plane at Beijing Capital International Airport in Beijing on April 13, 2016 Xinhua/Reuters
.

Telecom fraud suspects from Fiji arrive in Changchun, China after being deported.

Telecom fraud suspects from Fiji arrive in Changchun, China after being deported, August 8, 2017. Photograph: Xinhua/REX/Shutterstock

A Chinese national arrested over an alleged internet scam is escorted by police officers to be deported at the immigration office in Phnom Penh, Cambodia, July 26, 2017.

A Chinese national arrested over an alleged internet scam is escorted by police officers to be deported at the immigration office in Phnom Penh, Cambodia, July 26, 2017. Associated Press