Blog article
See all stories ยป

Breach Laws fail to stem losses and RSA encrypto-stortion

A study by Carnegie Melon University has found that legislation mandating reporting of data breaches (and fines) has failed to lower ID theft or it's effects. Is it that nothing has changed and the downside has been built into the balance sheet or is this approach of 'shouting after the horse has bolted' simply a pointless excercise?

I would have thought that a reference from a credit bureau enabling 57% of ID fraud, points to an obvious starting place.

What other actions can prevent ID theft? What is the root of the problem?

If we can't attack the problem from the back end, examine the chain of processes which ultimately enable the fraudster to succeed. I keep coming back to the 57% of cases where the fraudster obtained a loan or credit card. I personally don't know of any lenders loaning money to consumers (or imposters) without first obtaining a credit reference.  It's a bit of a stand out.

Surely it's worth a few cents per credit application to provide notification of consumers and at least we'll have a chance of stopping at least 57% of ID theft in it's tracks.

Encrypto-extortion

This lovely little service from extortionists uses RSA 1024 bit encryption to lock up your important data in uncrackable files encrypted with the extortionist's own 1024 bit RSA public key.

The attacker then demands payment in return for providing the private key used to decrypt your data. There's no use in trying to have a go at cracking it yourself unless you have a Roadrunner handy.

Roadrunner is an array being built in stages at the Los Alamos Laboritories by IBM and is capable of several Petaflops. Roadrunner stage one testing has doubled IBM's previous fastest record computer and it's only running on a couple of cylinders yet over 1,000 trillion operations per second (1 petaflop) is no trouble for Roadrunner.

The other neat thing about roadrunner is the improvements to instructions and coding which has increased the effective power by using harware to skip steps in the CPU which were required by the previous BlueGene screamer from IBM which was based on PowerPC chips. The Roadrunner is powered by Opteron and CellPower processors (to be used in the newest video game consoles). $200 million is a rough price guide.

I don't suppose you'll be able to afford a Roadrunner before the extortionists can if their latest enterprise is as successful as the last (and if you have to pay them to get your data back). I don't suppose RSA can help there either - their encryption is just too good and there is no backdoor is there?...

2941

Comments: (0)

Blog group founder

Retired Member

Member since

19 Mar 2009

Location

Blog posts

6,066

Comments

6,309

This post is from a series of posts in the group:

Information Security

The risks from Cyber cime - Hacking - Loss of Data Privacy - Identity Theft and other topical threats - can be greatly reduced by implementation of robust IT Security controls ...


See all