Archive for February 2010


MASSIVE CYBER ATTACK SHOCKS 2500 COMPANIES

Wednesday, February 24th, 2010

Last month, engineers discovered a massive, long term, global cyber attack that has successfully breached more than 75,000 computer systems at nearly 2,500 companies in nearly 200 countries. Amit Yoran, chief executive of NetWitness (the company that first detected the attack) said, “The attack also highlights the inability of the private sector — including industries that would be expected to employ the most sophisticated cyber defenses — to protect itself…The traditional security approaches of intrusion-detection systems and anti-virus software are by definition inadequate for these types of sophisticated threats…The things that we — industry — have been doing for the past 20 years are ineffective with attacks like this. That’s the story.”

Run by an eastern European criminal group, the attack (dubbed the “Kneber bot”) began in 2008 and successfully targeted “proprietary corporate data, e-mails, credit-card transaction data and login credentials at companies in the health and technology industries”.

The Kneber bot commandeers users’ computers, scrapes them for login credentials and passwords — including to online banking and social networking sites — and then exploits that data to hack into the systems of other users. It has the ability to target any information the attackers want, including file-sharing sites for sensitive corporate documents.

Stories of successful cyber attacks are no longer novel, but this story is remarkable for two reasons: the long term, large-scale nature of the attacks and the presumed sophistication of the targets’ cyber defenses.

InterComputer’s insured Interoperating System (IOS) is structurally immune to attacks like the Kneber bot. It provides an “end-to-end trusted path” for electronic messages and payments that is impossible to achieve by cobbling together products from various vendors. While InterComputer is not in the business of securing computers and networks, the IOS is not a potential point of entry for any attack like the Kneber bot. All messages sent or received within the IOS are fully insured against cybercrime of any kind, including any attack like the Kneber bot. To learn more about the IOS, click here.

Details of the attack and its implications are available at:

http://www.washingtonpost.com/wp-dyn/content/article/2010/02/17/AR2010021705816_pf.html

Tags: , ,
Posted in Computer Crime | No Comments »


ARE YOU HELPING YOUR HACKER?

Monday, February 8th, 2010

Password overlap is the practice of using one on-line password at more than one website. At first glance, it seems obvious that doing this would make it far easier for a hacker who steals the password at a less-secure website to turn around and use it to “walk in the front door” of a very secure website—like your bank, for example. But who would be dull enough to use their online-banking password for any other website?

It turns out that, according to a recent msnbc blog post by Bob Sullivan ( http://redtape.msnbc.com/2010/02/for-years-computer-security-experts-have-been-preaching-that-users-should-never-share-the-same-password-across-their-connecte.html), nearly 75% of 4 million people surveyed do exactly that. Worse, about half of all consumers use both their banking password and their banking user name at other sites. In such cases, any hacker who steals them from an unsecure site can have instant, unfettered access to the rest of your cyber-life as well as your real cash and personal information.

While most consumers are not willing to create and maintain a unique user name/password combination for every website they use, your on-line banking login information should be unique and used only for your banking website. Sullivan’s post wisely suggests that if unique logins are too much for you to handle, you should consider creating at least three unique logins: one for your financial sites, one for sites that store your personal information, and one for generic logins.

Fortunately, most financial institutions provide additional security layers for your on-line access. Nevertheless, increasingly sophisticated cybercriminals are successfully breaching on-line banking security to the tune of hundreds of millions of dollars per year. To date, banks have refused to reimburse their customers for losses due to cybercrime and have vigorously worked to prevent the establishment of any legal precedent requiring them to do so.

That is why InterComputer Corporation is working with the largest U.S. banks to implement an insured electronic transaction environment that covers all parties with complete underwritten loss recovery.

Tags: ,
Posted in Banking Industry | No Comments »


COURT ALLOWS LAWSUIT AGAINST BANK FOR ON-LINE THEFT

Monday, February 8th, 2010

The issue of who pays when a customer’s on-line access to bank accounts is compromised has been simmering ever since on-line banking began. Banks have, understandably, been exceedingly reluctant to accept liability when a customer’s electronic banking identity and password are compromised and money disappears from their accounts. Financial institutions have spent heavily to prevent the establishment of any precedent that would result in banks being on the hook for cybercrime losses. Until now, no court in the U.S. has actually found any financial institution liable in such a case.

However, recent news reported in Computerworld Security (http://www.computerworld.com/s/article/9137451/Court_allows_suit_against_bank_for_lax_security) chronicles a decision by an Illinois District Court to allow such a lawsuit against Citizens Financial Bank to proceed to trial.  You can see another view of this case at darkreading.com (http://www.darkreading.com/database_security/security/attacks/showArticle.jhtml?articleID=220100950).

This incident is a good example of how angry cybercrime victims are and how nervous banks are. In this case, someone acquired the customer’s account name and password and used them to steal $26,000 from the customer’s home equity line of credit.  Unless a pre-trial settlement is reached, the bank will obviously spend many times that amount to defend itself in court and avoid setting a costly precedent.

The victims in this case are not alleging that the bank violated its cyber security policies, or even that the bank was the source of the name/password leak. They are alleging that the bank was negligent for not providing stronger protection against cybercrime. Specifically, the victims assert that the bank should have offered “two-factor authentication”, which relies not only on what the user knows (ID and password) but what the user has (a security token).

Unfortunately, even two-factor security is no longer any guarantee that on-line access to bank accounts is secure, as reported in this ZD-Net article (http://blogs.zdnet.com/security/?p=4402.)

InterComputer’s solution utilizes three-factor authentication (plus an “out of band” protocol) as just one part of one of the seven layers of protection built into every application.  Nevertheless, the true value of InterComputer’s profound technological superiority to current industry practices is that it is insurable. Underwritten Insurance against financial loss, lost business, and third party liability from cybercrime will allow bank information security officers (and their customers) to sleep well at night.

If you were the bank’s chief security officer, which solution would you choose: one that promised tough security only, or one that delivered cutting-edge, patent-pending security along with an insured guarantee?

Tags: , ,
Posted in Banking Industry, Computer Crime | No Comments »


ON-LINE BANKING CYBERCRIME REACHES $100 MILLION MARK

Monday, February 8th, 2010

The Federal Bureau of Investigation recently announced that cybercrime attacks on banking transactions in the U.S. have the reached the $100 million level.

According to the Internet Crime Complaint Center (www.ic3.gov), which is jointly operated by the FBI, the National White Collar Crime Center, and the Bureau of Justice Assistance, malware and phishing schemes are largely responsible for the “significant increase” in cybercrime against Internet banking. Most of the victims are small and medium-sized businesses and public institutions such as municipal governments, schools, and court systems.

Typical schemes involve the secret insertion of malware, such as a keystroke logger program, onto the victim’s computer. The cyber thieves then use the information stolen by the keystroke logger to access the victim’s bank accounts themselves.  Many of the victim’s bank accounts were held at local community banks and credit unions.

Interestingly, the FBI noted that “the threat stems not only from the malware involved in these cases, but the vulnerabilities presented by the lack of controls at the financial institution…” In other words, poor Internet security systems at the bank often contributed to the problem.

InterComputer’s unique transaction insurance coverage covers both the bank and its clients in such cases. It completely resolves the security issues around Internet banking and relieves both the bank and its customer of liability for any losses caused by cybercriminals and ineffective security precautions on either side.

For more information, please click (http://www.ic3.gov/media/2009/091103.aspx), http://www.eweek.com/c/a/Security/FBI-Online-Banking-Attacks-Reach-100-Million-Mark-785125/ and www.intercomputer.com.

Tags: , ,
Posted in Banking Industry, Computer Crime | Comments Off


“OVERNIGHT SUCCESS” MYTH DEBUNKED FOR SOFTWARE COMPANIES

Monday, February 8th, 2010

InterComputer Corporation CEO, Scott M. Volmar, was recently interviewed regarding the company’s progess. “The returns that investors seek usually come from companies with correct fundamentals, effective business plan execution, and great timing,” Volmar said. “Even when those factors are all in place, achieving success in the software industry has never been an ‘overnight’ affair. One look at any of today’s leading software companies, such as Google, Microsoft, Amazon, or E-Bay, demonstrates this fact clearly.”

A brief examination of published histories of the companies Volmar mentioned seems to support his point:

Google (GOOG) began as a research project at Stanford University and sent its first “web crawler” to explore the Internet in March 1996.  The company formally incorporated on September 4, 1998 in a garage in Menlo Park, CA. Eight years after its inception, Google went public in 2004 with a market capitalization of $23 billion dollars. The company’s current market capitalization is $152 billion.

Microsoft’s (MSFT) Bill Gates and Paul Allen licensed their first product, a BASIC compiler, to Micro Instrumentation and Telemetry Systems on January 2, 1975. Microsoft’s IPO occurred 11 years later on March 14, 1986, and raised $520 million for the company. Microsoft’s current market capitalization is $225 billion.

Amazon.com (AMZN) was founded by Jeff Bezos in 1994 and incorporated in 1995 as an online bookstore. Riding the dotcom boom wave, the company went public on May 15, 1997, raising $54 million. Amazon’s initial business plan was unusual: the company did not expect a profit for four to five years. Amazon grew steadily in the late 1990s while other Internet companies grew blindingly fast. Amazon’s “slow” growth provoked stockholder complaints that the company was not reaching profitability fast enough. When the dotcom bubble burst, and many e-companies went out of business, Amazon persevered and finally turned its first profit in the fourth quarter of 2001. On November 21, 2005, Amazon entered the S&P 500 index, replacing AT&T after it merged with SBC Communications. On December 31, 2008, Amazon entered the S&P 100 index, replacing Merrill Lynch after it was taken over by Bank of America. Amazon’s current market capitalization is $39 billion.

eBay (EBAY) began as a small website called AuctionWeb in San Jose, CA in September 1995. The company received its first venture capital funding in 1997, during the heady days of the dotcom boom. The IPO occurred on September 21, 1998 and produce a market capitalization of $1.9 billion on day one. The company expects to report revenues of $9 billion for fiscal 2009.

“In every such case I have examined,” said Volmar, “the biggest winners were a team: the corporate leaders who performed and persevered and the investors whose capital enabled that perseverance to take place.”

Tags: , ,
Posted in Press Releases | No Comments »