23 October 2014

The Joy of Fraud Fighting

Uri Rivner - BioCatch

77 | posts 316,074 | views 35 | comments

Innovation in Financial Services

A discussion of trends in innovation management within financial institutions, and the key processes, technology and cultural shifts driving innovation.

A clear message to Beijing

23 May 2012  |  3233 views  |  2

I was waiting at the British Airways lounge for my connection flight when my eyes caught the cover of a BusinessWeek magazine. “Hey China”, it said, “Stop Stealing Our Stuff!”

In the last 2 years there has been a dramatic surge of Advance Persistent Threat attacks – military grade cyber attacks against commercial targets. Many of these attacks were reported by security researchers to have smoking trails leading to actors in China. Google was first to point a finger following what was made public as the famous Operation Aurora in which dozens of companies were successfully penetrated. Other attack waves such as Night Dragon and Shady RAT were also attributed to China by various sources (by the way, Dmitri Alperovitch, at  the time working for MacAfee, came with all of these cool names). And the same applies to numerous reports on attacks targeting high-profile commercial interests as well as the mining and energy companies and the oil and gas sector.

NSA director General Keith Alexander told the Senate Armed Services Committee that China is behind attacks targeting military-related intellectual property, mentioning the attack on RSA in that context; and chief security officer in cyber security consulting company Mandiant testified that in cases handled by his firm where intrusions were traced back to Chinese hackers, 94% of the targeted companies didn't realize they had been breached until someone else told them.

I can go on like this for a long while, sending you to additional links, but let’s stop here. Clearly a lot of fingers are pointed at a single direction.

Attribution is not trivial in the digital world. I can tell you that some denial-of-service attacks blamed on Russian Intelligence over the past five years were actually conducted by zealous patriotic privateers and were not directed by Moscow; that a recent attack on Israeli companies was staged from an Iran-registered server, but there’s open debate whether it was just a rather transparent decoy and the server was actually hijacked by the true attacker, which had the modus operandi of a hacktivist.

China consistently denied all allegations of foul play, while attacks rightly or falsely attributed to cyber attackers in China continued to escalate. Australia was one of the first non-US targets to suffer targeted advanced attacks; in March 2011 the Australian prime minister office reported a breach in their email server, and later it was speculated that the trigger was a planned visit of the prime minister to China as well as emails sent to Australian companies mining in China. Intelligence specialists at Stratfor, itself a target of attack by hacktivism group Anonymous, reported at the time that Australian intelligence sources blamed China for the attack.

OK. Let’s assume we know whodunit.

Now what?

China is an economic superpower. It’s not just the ‘made in China’ toys and shirts; it’s not just the huge market with access to over one billion local consumers; it’s not just the staggering $ trade deficit between China and the West. China is the largest single holder of US government debt, with 26 percent of all foreign-held US Treasury securities. China is also a major investor in the global markets, a major investor in developing countries, and a huge manufacturer of IT.

Accusing is one thing; engaging in actions is another. But there are signs that in certain minds, perhaps things have gone too far when it comes to the cold cyber war staged against economic interests.

A couple of months ago the Australian government passed a strong message to the Chinese government. Reports say it was banning Chinese technology giant Huawei from attending multibillion- dollar tenders to supply IT equipment to the national broadband network (NBN). The national network is an important piece of critical infrastructure, and according to the media, the Australian intelligence community will not risk any influence by foreign governments they do not trust.

The gloves are off, it seems, at many levels. People are sending a clear message to Beijing; they act, rather than just talk. It’s going to be very interesting to watch how this continues to unfold.

 

Don't mess with Australians TagsSecurityOnline banking

Comments: (2)

A Finextra member | 25 May, 2012, 09:01

Nice info.

Continental footballers seems to relish the play-acting to 'win' penalties and red cards from the opposition - its endemic, and I think the Chinese culture-of-copy is the same.  Add to that the regime there, always manoevering to keep control and fiercely competitive with the West and they will use all means possible to get information (remember, China does not have the powerhouse of education and thinktanks and R&D that the West has, but they have smart people that want acess to it).  Its always been this way between people, its just that here we suspect  coordination by the government, which in China claims to be the people.  In short - it wont stop, ever, whoever is doing it.

Who knows what backdoor code and trojans exist in Chinese and many other software products.  Laying there latent until triggered by time or event.  Never detected during testing.  Buried in the compiled core and not open to inspection.   But when cost comes first, procurement don't seem to value the element of trustability.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Siddharth Udani - Consulting - London | 25 May, 2012, 11:07

Interesting perspective. People Power is an advantage as well as an disadvantage for BRIC mainly China. Its not just the production but also consumption, for instance, we read Apple's ipad consumption fears in china at the same time as exploiting labor in china.

I am personally quite surprised & impressed at how a huge nation like China has come together internally and has become a mega factory especially with language barriers to meet the ever growing demands of the west.

NCCGroup's data says.. Russia has over 12% of global hacks originating there, compared to just 3.5% in the previous findings. This huge leap has cemented its position in 3rd, behind the United States and China. There was also a significant rise in hacks from the Netherlands, up from 3.1% to over 11%, moving it into 4th place in the hacking chart. And UK is on 7th position. 

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Comment on this story (membership required)
Log in to receive notifications when someone posts a comment

Latest posts from Uri

Brazil vs. Germany: A Surprising Find

12 July 2014  |  2286 views  |  1  |  Recommends 0 TagsSecurityMobile & onlineGroupInnovation in Financial Services

Sweetheart Scams: When Fraudsters Turn to Romance

30 June 2014  |  1738 views  |  0  |  Recommends 0 TagsSecurityMobile & onlineGroupInnovation in Financial Services

BitCoin Explained: How to Become a BitCoin Thief - part 1

04 December 2013  |  16992 views  |  1  |  Recommends 1 TagsMobile & onlinePaymentsGroupInformation Security

A Message from Hell

01 October 2013  |  2858 views  |  0  |  Recommends 0 TagsSecurityMobile & onlineGroupInnovation in Financial Services

The Dark Side of Security

11 September 2013  |  2127 views  |  0  |  Recommends 0 TagsSecurityMobile & onlineGroupInnovation in Financial Services
name

Uri Rivner

job title

Head of Cyber Strategy

company name

BioCatch

member since

2008

location

Tel Aviv

Summary profile See full profile »
Internet. The perfect fraud frontier. These are the thoughts of Uri Rivner, head of Cyber Strateg...

Uri's expertise

What Uri reads
Uri writes about

Who is commenting on Uri's posts

Ketharaman Swaminathan
Brett King