Blog article
See all stories ยป

An article relating to this blog post on Finextra:

New intelligence unit created to fight banking fraud

A new intelligence division is being established within the Dedicated Cheque and Plastic Crime Unit - which was set up by UK payments association Apacs and the Home Office to fight card crime - that w...


See article

I feel a whole lot safer......yeah right

15 City of London and Metropolitan Police officers alongside five fraud specialists from the banking industry will no doubt be able to save us from thousands of evil fraudsters - don't you think? Do they get a few of the Queens horses and some nice shiny suits of armour? They may especially need butt-plates.

Given that the US had 8.1 million people with ID theft problems - a rough calculation for the UK might be 1.76 millon UK citizens in similar peril. Divide that and our 20 gallant and no-doubt enthusiastic 'knights' may each have around 360 incidents to deal with every single working day. I wish them the best of luck.

That equates to 80 seconds per incident. Of course the British police are no doubt more productive than their US counterparts, but they won't have time for meetings, meals or toilet breaks. I'd say a knighthood would be the least they would deserve if they can last 6 months.

More potential security problems for anyone with sensitive data.

I mentioned recently the defeat of encryption on laptops and hard drives, RFID hacking and now we have more exploits if you want to skip the detail - nothing is safe.

Wesley Grew of Grew security has revealed a tool designed to run from a USB thumb drive, using an onboard *nix OS (a very small Linux bootloader). He includes detailed instructions (complete with screenshots) on how to create a working thumb drive for booting a computer and dumping memory straight to the drive.

This allows an attacker to simply plug in a usb into a cold machine to get the contents of memory which could include encryption keys. If you would prefer a faster firewire connection then simply use Adam Boileau's firewire program even on a laptop without  firewire but with PMCIA you can just use your own firewire card to hook into any live and 'locked' Windows machine and bypass the logon.

There could be considerable damage to your business reputation from data theft using these tools which anyone, your office cleaner, your son's friend, or the guy who stole your laptop last week could use to copy whatever they wanted from your laptop or even your desktop.

You might trust your son, and vet your cleaner, but there's a whole world of risk out there which you cannot measure.

Treat laptops as you would treat a briefcase full of cash, keep those laptops under lock and key when not in use and the less information you have on them the better off you'll be.

The way we do business may need a little tweaking so that less information is floating around either in our laptops but probably more critically in your retail merchant customer's computers. Consumer sentiment about data loss is churn waiting to happen. Remember though, we'll all be safe from churn if we all just do it equally poorly.

 At the moment physical acces to your machine is required, however it could easily evolve into a remote threat delivered - via your camera for instance and transmitting data elsewhere when you go online. There is no way to defend against these attacks short of  locking all computers away. It will create headaches for IT an don't be surprised to find them lurking around with a tube of glue as they resort to blocking them. The insider threat is particularly problematic now.

This is by the way a another case where someone has had the means and kept it quiet  for  years.

 

 

 

2849

Comments: (0)