Tag Archive for: fail

Hackers Fail to Honor Promises to Delete Data

/in


Cybercrime
,
Fraud Management & Cybercrime
,
Ransomware

Police Say Gang Extorted Millions From Victims Not Just by Stealing, But Lying Too

Mathew J. Schwartz
(euroinfosec)


February 24, 2023    

Crime Blotter: Hackers Fail to Honor Promises to Delete Data
Image: Dutch cybercrime police

Cybercrime experts have long urged victims to never pay a ransom in return for any promises attackers make to delete stolen data.

See Also: OnDemand | Navigating the Difficulties of Patching OT


Paying attackers for guarantees to delete data directly funds cybercrime and perpetrates cyber extortion as a business model. Just as importantly, it typically doesn’t stop criminals from selling stolen data, as a recently unveiled criminal probe demonstrates.


On Thursday, cybercrime police in the Netherlands announced that they had busted a three-man gang accused not just of hacking into companies, stealing their data and threatening to dump it online – unless they received a ransom payment – but also of failing to honor its guarantees.


Dutch police arrested the suspects – two 21-year-olds and one 18-year-old – on Jan. 23, and two of them have since been jailed and only allowed to speak to their attorney while the investigation continued. “Because of this measure and in order not to disrupt the investigation, the arrests have not been announced before,” police said. The suspects have been charged with computer hacking, data theft, extortion and money laundering.


The investigation began in March 2021 after a large Dutch company reported an attack to…

Source…

Big banks’ proposed digital wallet payment system likely to fail

/in


A group of leading banks is partnering with payment service Zelle’s parent company to create their own “digital wallet” connected to consumer credit and debit cards to enable online or retail store payments.

The new payment service, however, must compete with entrenched digital wallets such as Apple Pay and Google Pay that are embedded on mobile devices and already well established. It’s also not the first attempt for some in the consortium to create a digital wallet payment service.

The consortium includes Wells Fargo & Co., Bank of America, JPMorgan Chase, and four other financial services companies, according to The Wall Street Journal. The digital wallet, which does not yet have a name, is expected to launch in the second half of this year.

The system will be managed by Zelle’s parent company, Early Warning Services LLC (EWS). It will have about 150 million Visa and Mastercard credit and debit cards connected at launch, with plans to add other card networks later, according to an EWS blog.

“Early Warning is working closely with financial institutions to build a wallet that provides consumers a secure and easy way to pay,” James Anderson, EWS’ managing director of Wallet, said in the blog. “The wallet will also aim to deliver better business outcomes for merchants — including higher transaction approval rates and more completed sales.”

The consortium’s digital wallet will be a standalone service, not something under Zelle’s service, according to reports. It’s expected to compete with other digital wallet payment services such as Apple Pay, Google Pay, and Neo. And it will be up against other digital wallets run by banks, such as Revolut, Monzo and Curve and payment organizations that offer PayPal and Venmo.

Source…

CES 2023 FAIL: Worst in Show for Security and Privacy

/in


The Consumer Electronics Show wrapped up yesterday. But some vendors faced stiff criticism over their privacy and security stances.

Here are just two lowlights, as selected by iFixit, Repair.org, PIRG, SecuRepairs, the EFF, Consumer Reports, and JerryRigEverything. But you can bet there are many others that have been rushed to market without a thought for the security or privacy of their soon-to-be owners.

This is the way. In today’s SB Blogwatch, we feel fabulous.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: 2001 remade by Pixar.

This Happened in Vegas — it Should Stay in Vegas

What’s the craic? Tatum Hunter hunts for danger—“It’s 2023, and tech is still pushing unsafe products”:

Tough questions on safety
Tech products often hit the market with giant safety and privacy flaws. At the same time, CES, a giant annual consumer electronics exhibition in Las Vegas, brings a flood of new gadgets. It might be pouring gas on a fire.

The CES show floor buzzed with thousands of companies slinging health wearables, smart TVs, autonomous vehicles and other gadgets that rely on data from our bodies or homes. … But almost none directly address how they treat customer’s data … or their approach to safety and security.

Media tend not to ask tough questions on safety at CES, and companies tend not to volunteer the information. [Yet] cybercrime … often relies on hastily shipped products.

So who “won” the dubious honor? Thomas Claburn lists the key pair—“Technology has the potential to make life better. This isn’t it”:

Not created with security in mind
As the 2023 Consumer Electronics Show winds down, it’s once again time for the Worst in Show Awards, an enumeration of … “terribly, awfully bad” … tech products as determined by various technology advocates. … And this year’s CES vendors delivered.

Cindy Cohn, executive director of the Electronic Frontier Foundation, flagged the Withings U-Scan pee reading smart toilet puck. … The company proclaims, “It provides an immediate snapshot of the body’s balance by monitoring and detecting a large variety of biomarkers found in…

Source…

Hired ‘hackers’ fail to disrupt Brazil voting system

/in


BRASILIA, Brazil — More than 20 would-be hackers gathered in the Brazilian electoral authority’s headquarters in the capital last week. Their mission: infiltrate the nation’s voting system ahead of a race in October.

Their three-day battery of attempted assaults ended Friday and was part of planned testing that happens every election year, usually proceeding without incident or drawing any attention. But with President Jair Bolsonaro continuously sowing doubt about the system’s reliability, the test took on an outsized significance as the electoral authority, known as the TSE, seeks to shore up confidence in the upcoming general elections.

Analysts and members of the TSE said the test’s results were more encouraging than ever. All the experts attempting to disrupt the system — among them federal police agents and university professors in engineering, information technology, data security and computer science — had failed.

“No attack managed to alter the destination of a vote in the electronic ballot,” Julio Valente da Costa, the TSE’s secretary of information technology, told reporters in an interview afterward.

“The importance of this test is for us to rest assured, at least about all the technology and computing components for the elections.”

When Bolsonaro won the presidential race four years ago, he claimed he had actually secured victory in the first round, not the runoff weeks later.

The former army captain has repeatedly made accusations the voting system used for three decades is vulnerable, and at times said he possesses proof fraud occurred, but has never presented any evidence.

Last year, Bolsonaro suggested the election could be canceled unless a voting reform was passed in Congress, but the proposed constitutional change did not garner enough votes.

Analysts and politicians have expressed worry that far-right Bolsonaro, who is trailing leftist former President Luiz Inacio Lula da Silva in all early polls, is laying the groundwork to follow the lead of his ally, former U.S. President Donald Trump, and reject election results.

The TSE has gone to great lengths to bring more openness to the electoral process, even inviting the armed forces to sit on its transparency…

Source…