The Stroz Friedberg Cyber Brief

email : Webview : Cyber Brief: Hackers Plunder Millions From Asian Bank
The Cyber Brief
Today's Top Story
MONDAY, MARCH 14, 2016
Early last month, unidentified hackers breached Bangladesh’s central bank and looted more than $80 million from its account at the Federal Reserve Bank of New York, one of the largest such heists in history. The assailants attempted to steal nearly $1 billion, but other illicit financial transfers were blocked after a typo--”foundation” misspelled as “fandation”--was flagged. Bangladesh Bank has billions of dollars in an account with the Fed that it uses for international settlements.

FireEye's Mandiant forensics division is reportedly helping authorities investigate the crimes.The hackers appeared to have stolen Bangladesh Bank's credentials for the SWIFT messaging system, which lenders around the world use for secure financial communication. Officials said that the stolen funds first made their way to the Philippines and then possibly to Hong Kong. Bangladesh’s finance minister blamed the incident on the Federal Reserve and said his government will file a case in international court against the U.S. bank. A New York Fed spokesman denied the accusation. (Reuters, WashPost, Bloomberg, Guardian)
ISIS: A defector allegedly leaked a trove of secret data on the terrorist group’s members, including the names, phone numbers, and hometowns of more than 20,000 of its fighters. If the information is real, it would be an unexpected gift for security agencies and prosecutors. (Wired)

Facebook: An India-based cybersecurity researcher, Anand Prakash, found a vulnerability that allowed him to crack any Facebook account using a simple brute force password attack. The social media company rewarded him with $15,000. (ThreatPost)

Industrial Vehicles: A Spanish hacker, Jose Carlos Norte, says he discovered a security weakness in radio devices attached to some trucks, buses, and ambulances that could allow him to affect a vehicle’s steering, brakes, or transmission. (Wired)

Vulnerable States: A new report by the University of Maryland and Virginia Tech says that the United States is ranked 10th in a pool of 44 countries most vulnerable to a cyberattack. The study says that South Korea, India, Saudi Arabia, China, Malaysia, and Russia face the greatest risk. (FCW)
Iranian Hackers: A Justice Department investigation has determined that Iran was responsible for a 2013 cyberattack that allowed assailants to to probe a dam outside New York City. An indictment from the U.S. attorney's office in Manhattan is expected in the coming weeks. (AP)

Apple: The Justice Department is seeking to overturn a ruling by a magistrate in Brooklyn that protects Apple from unlocking an iPhone in a New York drug case. In its filing last Monday, the government cited the decision against Apple in a similar case in California as evidence that the All Writs Act has been used to compel the company to unlock its phones. Additionally, it argued that the phone at issue in New York runs an older operating system that Apple has agreed to crack several times in previous cases. (Reuters)

Guccifer: Romania's top court approved a request by U.S. authorities to extradite a convicted hacker known as Guccifer. A federal grand jury indicted Marcel Lazar Lehel in 2014 on charges of wire fraud, unauthorized access to a protected computer, aggravated identity theft, cyberstalking and obstruction of justice. (Reuters)
Guardian Forces: Some military analysts are questioning whether it is time for Congress and the Obama administration to consider separating from the traditional military some cyber, space, acquisition, and other personnel who perform national security tasks far from direct violence. (Defense One)
White House: Speaking at a popular media conference in Texas, President Obama said that law enforcement must be legally able to collect information from smartphones and other devices, and asked the tech industry to partner with government to understand the relevant technology and develop a solution. (NPR)

Driverless Cars: The top U.S. auto safety agency said that significant legal hurdles must be cleared before self-driving cars without steering wheels and gas pedals can be sold in the United States. The National Highway Traffic Safety Administration is reportedly working on new guidance to states, policymakers, and firms that it hopes to release in July. (Reuters)
GM: The Detroit automaker bought Cruise, a San Francisco autonomous vehicle start-up, for more than $1 billion. The purchase follows a $500 million investment, announced in January, in Lyft, the ride-hailing start-up, and the launch of its own car-sharing service, Maven. (FT)
North Korea: Pyongyang denied that it conducted cyberattacks on the phones of national security officials from South Korea, calling Seoul's recent accusation that it did so a “fabrication.” (AAP)
Must Reads
Cybersecurity: Critical Infrastructure: Much is written about protecting U.S. critical infrastructure, and this CRS report directs the reader to authoritative sources that address many of the most prominent issues. It includes resources and studies from government agencies (federal, state, local, and international), think tanks, academic institutions, news organizations, and other sources.

The Least Secure Credit Cards: “Understanding the slow, tortured process of the ongoing transition to microchip cards in the U.S. requires a closer look at how all of the companies involved profit in different ways from credit-card transactions. Nearly every transaction involves three parties: a retailer that accepts the card, a bank that issues it, and a processor that facilitates the payments between the first two parties,” writes Josephine Wolff in the Atlantic.

Don’t Change Passwords So Often: “When you demand that your co-workers’ passwords change as frequently as the seasons, you’re not just driving them bonkers, you’re actively making your systems less secure. Before you write this off as the whining of someone who’s had enough of mixing up his alphanumerics, please know that I’m not asking you to take my word for it. In fact, don’t listen to me at all. Listen to science,” writes Brian Barrett in Wired.
Top Op-Eds
July 27 - 30
Follow us:

Stroz Friedberg
powered by emma