Techerous

My name is Bill, I am a recent graduate in Information Sciences and Technology from Penn State University and this is a place for me to post or give my 2 cents on the fascinating world of technology. I am now working for a pretty big technology related company whose name I will leave out just to avoid any possible complications, however far-fetched them happening may be. Music gets included from time to time as well.

March 13, 2014 6:49 pm
Target Warned of Hack But Didn't Immediately Respond: Report - NBC News

techheat:

Target received warnings from its internal security system about last year’s massive breach before the data was stolen, but failed to act, according to a …

Via NBC News
May 27, 2013 10:54 pm
Bots€™ That Siphon Off Tickets Frustrate Concert Promoters
December 13, 2012 11:43 pm
Massive bank cyberattack planned
Security firm McAfee on Thursday released a report warning that a massive cyberattack on 30 U.S. banks has been planned, with the goal of stealing millions of dollars from consumers’ bank accounts.
McAfee’s research upheld an October report from RSA, the security wing of IT giant EMC Corp (EMC, Fortune 500).

RSA startled the security world with its announcement that a gang of cybercriminals had developed a sophisticated Trojan aimed at funneling money out of bank accounts from Chase (JPM, Fortune 500), Citibank (C, Fortune 500), Wells Fargo (WFC, Fortune 500), eBay (EBAY, Fortune 500) subsidiary PayPal and dozens of other large banks. Known as “Project Blitzkrieg,” the plan has been successfully tested on at least 300 guinea pig bank accounts in the United States, and the crime ring had plans to launch its attack in full force in the spring of 2013, according to McAfee, a unit of Intel (INTC, Fortune 500). (McAfee was founded by John McAfee, who is wanted for questioning as part of a Belize murder investigation, but he no longer has any ties to the company.)
Project Blitzkrieg began with a massive cybercriminal recruiting campaign, promising each recruit of a share of the stolen funds in exchange for their hacking ability and busywork. With the backing of two Russian cybercriminals, including a prominent cyber mafia leader nicknamed “NSD,” the recruits were tasked with infecting U.S. computers with a particular strain of malware, cloning the computers, entering stolen usernames and passwords, and transferring funds out of those users’ accounts.
The scheme was fairly innovative. U.S. banks’ alarm bells get tripped when customers try to access their accounts from unrecognized computers (particularly overseas), so banks typically require users to answer security questions. Cloning computers lets the cybercriminals appear to the banks as though they are the customers themselves, accessing their accounts from their home PCs — thereby avoiding the security questions.
And since most banks place transfer limits on accounts, recruiting hundreds of criminals to draw smallish amounts out of thousands of accounts is a way to duck those limits. The thieves could collectively siphon off millions of stolen dollars.

Massive bank cyberattack planned

Security firm McAfee on Thursday released a report warning that a massive cyberattack on 30 U.S. banks has been planned, with the goal of stealing millions of dollars from consumers’ bank accounts.

McAfee’s research upheld an October report from RSA, the security wing of IT giant EMC Corp (EMC, Fortune 500).

RSA startled the security world with its announcement that a gang of cybercriminals had developed a sophisticated Trojan aimed at funneling money out of bank accounts from Chase (JPM, Fortune 500), Citibank (C, Fortune 500), Wells Fargo (WFC, Fortune 500), eBay (EBAY, Fortune 500) subsidiary PayPal and dozens of other large banks. Known as “Project Blitzkrieg,” the plan has been successfully tested on at least 300 guinea pig bank accounts in the United States, and the crime ring had plans to launch its attack in full force in the spring of 2013, according to McAfee, a unit of Intel (INTC, Fortune 500). (McAfee was founded by John McAfee, who is wanted for questioning as part of a Belize murder investigation, but he no longer has any ties to the company.)

Project Blitzkrieg began with a massive cybercriminal recruiting campaign, promising each recruit of a share of the stolen funds in exchange for their hacking ability and busywork. With the backing of two Russian cybercriminals, including a prominent cyber mafia leader nicknamed “NSD,” the recruits were tasked with infecting U.S. computers with a particular strain of malware, cloning the computers, entering stolen usernames and passwords, and transferring funds out of those users’ accounts.

The scheme was fairly innovative. U.S. banks’ alarm bells get tripped when customers try to access their accounts from unrecognized computers (particularly overseas), so banks typically require users to answer security questions. Cloning computers lets the cybercriminals appear to the banks as though they are the customers themselves, accessing their accounts from their home PCs — thereby avoiding the security questions.

And since most banks place transfer limits on accounts, recruiting hundreds of criminals to draw smallish amounts out of thousands of accounts is a way to duck those limits. The thieves could collectively siphon off millions of stolen dollars.

July 5, 2012 11:47 pm June 15, 2012 1:46 am
The Antivirus Era Is Over

unexpectedtech:

 In recent years, high-profile attacks on not just the Iranian government but also the U.S. government have taken place using software that, like Flame, was able to waltz straight past signature-based software. Many technically sophisticated U.S. companies—including Google and the computer security firm RSA—have been targeted in similar ways, albeit with less expensive malware, for their corporate secrets. Smaller companies are also routinely compromised, experts say.

Some experts and companies now say it’s time to demote antivirus-style protection. “It’s still an integral part [of malware defense], but it’s not going to be the only thing,” says Nicolas Christin, a researcher at Carnegie Mellon University. “We need to move away from trying to build Maginot lines that look bulletproof but are actually easy to get around.”

Both Christin and several leading security startups are working on new defense strategies to make attacks more difficult, and even enable those who are targeted to fight back.

“The industry has been wrong to focus on the tools of the attackers, the exploits, which are very changeable,” says Dmitri Alperovitch, chief technology officer and cofounder of CrowdStrike, a startup in California founded by veterans of the antivirus industry that has received $26 million in investment funding. “We need to focus on the shooter, not the gun—the tactics, the human parts of the operation, are the least scalable.”

CrowdStrike isn’t ready to go public with details of its technology, but Alperovitch says the company plans to offer a kind of intelligent warning system that can spot even completely novel attacks and trace their origins.

This type of approach is possible, says Alperovitch, because, although an attacker could easily tweak the code of a virus like Flame to evade antivirus scanners once more, he or she would still have the same goal: to access and extract valuable data. The company says its technology will rest on “big data,” possibly meaning it will analyze large amounts of data related to many traces of activity on a customer’s system to figure out which could be from an infiltrator.

Christin, of Carnegie Mellon, who has recently been investigating the economic motivations and business models of cyber attackers, says that makes sense. “The human costs of these sophisticated attacks are the one of the largest,” he says. Foiling an attack is no longer a matter of neutralizing a chunk of code from a lone genius, but of defeating skilled groups of people. “You need experts in their field that can also collaborate with others, and they are rare,” says Christin. Defense software that can close off the most common tactics makes it even  harder for attackers, he says.

(via unexpectedtech-deactivated20130)