Category: Technology

£870 Million Super-Cyber-Crook Captured

Posted on by Rob Burdett

The suspected leader of the criminal gang behind the Cobalt and Carbanak malware campaigns that targeted banks and netted £870 Million has been arrested in Spain.

The Carbanak & Cobalt Malware Attacks

Cobalt and Carbanak are names of the different generations of malware, increasing in sophistication – 3 were used in all – which the cyber-criminal gang were able to introduce to 100 banks and other financial networks in 40 countries.

Anunak was the first malware campaign to be used by the gang in late 2013. This was followed the same year by Arbanak, which was used in until 2016. Finally, the gang used more sophisticated attacks involving tailor-made malware based on the Cobalt Strike penetration testing software.

EUR 10 Million Per Heist

Cumulative losses to the gang from financial institutions are believed to be in the region of EUR 1 billion, and the Cobalt malware alone allowed criminals to steal up to EUR 10 million per heist.

Sent To Key Staff Members In Emails

The malware was sent to key staff members in booby-trapped phishing emails. When the computers of key staff members became infected with the malware e.g. by being tricked into opening the booby-trapped emails from the criminals, the gang was able to gain remote access to the banking networks to steal money.

Money was stolen by using remote access to order ATMs to dispense money at specific times (collected by gang members), and by altering databases to increase account balances so that more ‘mules’ could be used to collect even more money from inflated accounts via chosen ATMs.

Stolen money was also laundered via crypto-currencies and payment cards which enabled the purchase of luxury goods and houses.

Carbanak was claimed to have been discovered in 2014 by the Russian/UK Cyber Crime Company Kaspersky Lab.

Arrested

The person (as yet un-named by authorities) believed to have masterminded the crimes was arrested in Alicante, Spain. The arrest was the result of a complex investigation by the Spanish National Police, supported by Europol, the (US) FBI, the Romanian, Moldovan, Belarussian and Taiwanese authorities and private cyber security companies.

What Does This Mean For Your Business?

It’s all-too-often that we hear of major hacks and security breaches of businesses and organisations but it is rare to hear about the culprits being caught. The remote and often invisible nature of the crimes, coupled with the anonymity and complexity of the methods of attack and money collection tends to make cyber criminals difficult to apprehend. A combined and expert effort is needed, which is what has happened in this case, and it can only be good news for businesses worldwide that one key player appears to have been caught.

More cynical commentators may say that it was the large sums of money involved, and the facts that banks and financial institutions were victims that prompted such and effort to catch the perpetrators, something that, perhaps, smaller businesses may not expect when they are targeted, even though the results of an attack may be more devastating.

This story is also a reminder that not only are many attacks sophisticated, but human error by staff members is still an important element in allowing successful cyber attacks to take place. Cyber security is the responsibility of all of us, and companies and organisations should make sure that all staff receive training about likely cyber threats and what procedures to follow when dealing with emails or requests to transfer money. Making it a rule to never open unknown emails is one basic way of counteracting the serious threat posed by malware.

Facebook Revamps Privacy Settings

Posted on by Rob Burdett

In a move that Facebook says was due to happen before the recent personal data harvesting scandal, the social media giant has updated its privacy tools to make users more informed and in control.

50 Million Profiles Harvested

The high-profile outcry that followed revelations over data from 50 million profiles that were harvested for use by Cambridge Analytica has resulted in around £56bn being wiped off Facebook’s market value since 16 March.

It is also unknown as yet how much damage has been done to the Facebook brand and the trust placed in it by users, although some commentators have suggested that Facebook is so much a part of daily life for people, and there is a lack of real alternatives, that the damage in terms of user loyalty may not be as bad as the media has suggested.

Changes

Even though Facebook has suggested that privacy settings changes were on the cards long before this latest scandal hit the headlines, some commentators must feel justified in saying that it is no coincidence that Facebook have announced on their Blog this week, changes to the platform that are intended to help people understand how Facebook works and the choices they have over their data.

In summary, the changes that Facebook has announced are:

  • Generally making data settings and tools easier to find. In short, a re-designed settings menu on mobile devices means making everything accessible from a single place, plus, outdated parts have been cleaned up to clarify what information can and can’t be shared with apps.
  • There is a new ‘Privacy Shortcuts’ menu where you can:
    – Add more security e.g. add more security layers e.g. two-factor authentication.
    – Review what personal information you’ve shared and delete it if you want to – this includes posts you’ve shared or reacted to, friend requests you’ve sent, and things you’ve searched for on Facebook.
    – Manage the information you give that will influence the type of adverts you’re shown.
    – Manage who sees you posts and profiles.
  • The introduction of a new ‘Access Your Information’ section where you can securely access and manage e.g. posts, reactions, comments, and things you’ve searched for, as well as being able to delete anything from your timeline or profile that you no longer want on Facebook.
  • Giving you the ability to download a secure copy of the data that you’ve shared with Facebook, and giving you the option to move it to another service. This includes photos you’ve uploaded, contacts you’ve added to your account, and posts on your timeline.

More Changes To Come

Facebook has also said that in the coming weeks, it will be proposing updates to its terms of service and its data policy to better spell out what data it collects and how it uses it. Facebook is keen, in the light of the recent scandal, to point out that the updates are about transparency, and not about gaining new rights to collect, use, or share data.

Some commentators have suggested that Facebook also intends to make the link to fully delete an account more prominent.

Acknowledges Trust Damage

Facbook has acknowledged that it has lost peoples’ trust and it needs to get to work on regaining it, and no doubt, the hope is that these changes (that Facebook has worked on with regulators, legislators and privacy experts) are intended as an initial offering in the move to achieve that as well as to make the platform more GDPR-ready.

What Does This Mean For Your Business?

Yes, there is an element of Facebook needing to get something positive out there quickly to show that it’s doing something in response to media and public opinion about the damaging recent scandal. These changes are also, however, a clear move by Facebook to make sure that it will be GDPR compliant when the new regulation comes into force in May. The sheer size of Facebook’s customer base, and the company’s earnings mean that the company is very aware of the challenges that GDPR could bring e.g. with data breaches and with GDPR in force, Facebook could potentially be looking at fines of 4% of its global turnover. It’s no wonder, therefore, that the changes to the privacy settings of the platform have been made now.

Your Computer Data Stored … On DNA?

Posted on by Rob Burdett

British scientists believe they have developed a technique that will enable them to store computer files in DNA code.

Why?

Data storage takes up a huge amount of space. It is estimated that there is now 3 zettabytes (3000 billion billion bytes) of digital data, with more being generated all the time.

Also, storage media such as hard disks are expensive and require a constant supply of expensive electricity, and even the best ‘no-power’ archiving materials e.g. magnetic tape degrade within a decade.

What’s So Good About DNA?

It is estimated that, if all the data on the internet was stored in DNA, it would be the size of a shoebox, and that every bit of datum ever recorded by humans could fit in a container about the size and weight of a couple of pickup trucks.

Using DNA could, therefore, provide a highly effective, ultra-compact space-saving solution, that doesn’t require large amounts of costly electricity.

Also, DNA can keep for hundreds of thousands of years if kept in a cool, dry place. Data stored in DNA won’t degrade over time, and it can be decoded relatively easily.

Another advantage of DNA is that it won’t become obsolete, and unlike other high-density approaches, new technologies can write and read large amounts of DNA in one go.

Synthesized DNA as a storage medium could, therefore, provide a very practical, high-capacity, robust, low-maintenance information storage solution long into the future.

How Can Digital Data Be Stored In DNA?

Scientists from the European Bioinformatics Institute have developed a method whereby the basis of digital data, which is made up of ones and zeros, is changed into their own code as Cs, Gs, and Ts.

This converted code is then sent to a US laboratory, which turns the letter code into physical DNA, so that it can act like an incredibly small hard drive. The laboratory uses DNA synthesis machines to transform the code into physical material in a similar way to how an inkjet printer lays down ink on paper. The physical result is a tiny piece of dust with the vital digital data stored inside. An estimated 215 petabytes (215 million gigabytes) of data could be stored in a single gram of DNA.

Tried Back In 2013

The potential of using DNA storage was highlighted back in 2013 when scientists in Cambridge spelled out a collection of Shakespeare’s 154 sonnets in DNA.

Expensive And Could Take Time

As you may expect, the costs of DNA data storage in the next 5 year period are expected to be very high, although experts believe that in the next 10 to 15 years, a more affordable system may be more widely available.

What Does This Mean For Your Business?

Although the cost of this new storage system is likely to be prohibitively high to the vast majority of business it does hold a lot of promise for years to come. DNA storage could, in the long run, allow businesses to store and back up incredible amounts of data in a very convenient way with dramatically reduced space, equipment, and electricity costs, and to be assured that the data could be stored, without decay, for many thousands of years. The potential and real value of such a system is something that will only truly be understood by future generations.

Tech Tip – Google Keep

Posted on by Rob Burdett

If you need to jot down ideas and to-dos and share them with team members, you may find ‘Google Keep’ a useful tool.

With Google Keep can:

– Record voice memos within Google Keep on your Android or iOS device.
– Transcribe text from pictures, so you don’t have to worry about typing up notes from a meeting or whiteboard session – you can even photograph a note to get the text from it.
– Create drawings and search hand written notes.
– Take notes you’ve created in Keep, and drag them into Google Docs e.g. client proposals and more.

50 Million Facebook User’s Data With Cambridge Analytica

Posted on by Rob Burdett

Facebook is at the heart of a storm after a whistleblower alleged that the data analytics firm that worked with Donald Trump’s election team and the winning Brexit campaign harvested 50 million Facebook profiles from a data breach.

Why?

London-based data analytics company, Cambridge Analytica, which was once headed by Trump’s key adviser Steve Bannon, has been accused of illegally harvesting 50 million Facebook profiles in early 2014 in order to build a software program that could predict and use personalised political adverts to influence choices at the ballot box in the last U.S. election.

Under Investigation

Cambridge Analytica is already the subject of two inquiries in the UK. The first is by the Electoral Commission which is looking into the company’s possible role in the EU referendum. The second is by the Information Commissioner’s Office which is looking into the company’s possible use of data analytics for political purposes.

Also, the company is the subject of an investigation in the US over possible Trump-Russia collusion.

It has been reported that Elizabeth Denham, the head of Britain’s Information Commission, is seeking a warrant to search the offices of consultancy Cambridge Analytica over the breach.

Facebook Under Scrutiny

Facebook has, of course, faced strong criticism over the breach, one tangible result of which has been nearly $40 billion off its market value as Facebook’s investors have become worried that damage to the reputation of the social media giant’s network will deter users and advertisers.

In a BBC radio report, the ICO’s chief Elizabeth Denhan said that the ICO is looking at whether or not Facebook secured and safeguarded personal information on its platform, and whether Facebook, when they found out about the loss of the data, acted robustly and whether or not people were informed.

Also, the head of Britain’s cross-party Media parliamentary committee is reported to have written to Facebook’s Mark Zuckerberg asking for more information by Monday 26 March, and in Dublin, Ireland’s privacy watchdog (the lead regulator for Facebook in the European Union) has said that it is following up with Facebook to clarify its oversight.

Harvested By Kogan’s App

It has been reported that the data was harvested from Facebook by an app on Facebook’s platform, created by British academic, Aleksandr Kogan, that was downloaded by 270,000 people, providing access to their own and their friends’ personal data too. It has been reported that Kogan says he changed the terms and conditions of his personality-test app on Facebook from academic to commercial part way through the project.

Facebook has said that Kogan violated its policies by passing the data to Cambridge Analytica, and Facebook was told that the data has since been destroyed, and has made its own efforts to obtain proof that it has been destroyed.

Mr Kogan has said on BBC radio that he was advised that the app was entirely legal, and that he thinks he’s being made a scapegoat for Facebook and Cambridge Analytica.

This latest incident sees Facebook back in hot water following on from reports of how its platform was used by outside interests for posts and adverts that were designed to influence the result of the US election. The share price has been impacted significantly this week.

What Does This Mean For Your Business?

There are so many worrying facets to this story, not least that personal data may not have been protected well enough to allow it to be harvested by an app on the platform, and then passed to a third-party that allegedly used it to create a tool to influence elections. Also, it has been several years since the breach happened, and news of the breach has only just been released. Some industry insiders have described the incident as ‘horrifying’, and many may rightfully believe that Facebook has a lot of questions to answer, as does Cambridge Analytica.

Facebook will be painfully aware that if the ICO’s investigations find Facebook to be at fault, the social media giant could be looking at a fine of up to 500,000 pounds ($700,000), and with the introduction of GDPR in May, it could be facing fines of up to 4% of its global turnover.

Also, Facebook is a major advertising platform for businesses, and some marketing commentators have pointed to the fact that scrutiny of Facebook over this latest issue could impact Facebook’s ability to gather and deploy data for ad targeting, which has been vital to ad efficacy and budget growth.

All the recent bad publicity about Facebook has seen the number of daily users in the United States and Canada fall for the first time in its history, dipping in the company’s home market by 700,000 from a quarter earlier to 184 million.

We haven’t heard the half of this story yet, and it remains to be seen what information will be released in the coming days and weeks and as the result of numerous investigations.

Camelot Hack – ‘It Could be You!’

Posted on by Rob Burdett

Lottery operator Camelot has announced that 150 customer accounts have been affected by a hack that took place prior to Friday’s £14-million draw at 8.30pm.

Low Level

The company has described the hack as ‘low level’ and has stressed that no money was stolen, and that the attackers only saw limited information. Camelot attributed the early discovery of the attack to its regular security monitoring which, in this case, detected suspicious activity on a small number of accounts.

Credential-Stuffing

The kind of hack that took place was a method known as ‘credential-stuffing’. This hack uses a list of passwords taken from other websites that have been circulated online e.g. on hacking groups / on the dark web. This method relies on people using the same password for multiple websites.

Suspended Accounts + Change Passwords

Camelot has said that it has directly contacted the customers whose accounts had been affected and all of the affected accounts have now been suspended. The company has also advised all 10.5 million National Lottery players to change the password on their online accounts.

Warned In November 2016

Back in November 2016, Camelot announced that it believed that as many as 26,500 online National Lottery accounts had been hacked using login details that had been stolen from elsewhere (e.g. a list of stolen passwords circulated online). At the time, Camelot said that it believed that suspicious activity appeared to have taken place in fewer than 50 of the hacked accounts.

Camelot re-assured customers by saying that it didn’t hold full debit card or bank account details in the online accounts for National Lottery player, and no money had been taken or deposited.

Criticism

Although, as in the latest hack, Camelot was quick to submit a breach report to The Information Commissioner’s Office, some critics voiced concerns and suspicion that there could have been some kind of deficiency in the system to allow 26,500 correct logins while saying that the details were not taken from Camelot’s servers.

What Does This Mean For Your Business?

If you have an online National Lottery account, change the password as soon as possible.

This story illustrates one of the main dangers of using the same passwords for multiple accounts. If there is a hack and theft of your login details from just one website, you could be in danger of falling victim to cyber-crime as those details are circulateing among other hackers and used for credential-stuffing attacks. The advice is, therefore, to change your passwords regularly and avoid using the same password for multiple accounts.

This story is also a reminder that businesses have a legal responsibility to protect customer data, and this responsibility will be enforced even more rigorously, and with the threat of very large fines for non-compliance with the introduction of GDPR in May this year.

One positive aspect of this story is that Camelot appear to have been proactive in their monitoring of customer account activity, were quick to inform the Information Commissioner’s Office, publicly announced the hack, and gave clear advice to customers (unlike many other companies). This story is also an example of why having a good Disaster Recovery Plan is important.

Huge UK Increase In Demand For AI Professionals

Posted on by Rob Burdett

A study by job website ‘Indeed’ based on job postings on its site since 2015 has found that demand for skills in AI and machine learning has almost tripled in 3 years.

Demand – AI Boom

With the Artificial Intelligence (AI) sector booming in the UK, and with the pace of growth in demand for AI roles here outstripping that in the US, Canada and Australia, AI is providing a shot in the arm to Britain’s jobs market, and Britain is consolidating its reputation as a world tech leader. The ‘Indeed’ figures show that the number of AI roles advertised in the UK is now 1,300 out of every million, but that there are six times more AI roles available in Britain than there are candidates to fill them.

Supply Increasing Too

Just as demand for AI professionals has shown a huge increase, the number of candidates actually looking for jobs in this area has doubled over the same period. One of the key benefits of landing a job in an emerging field is, of course, the salary. According to Indeed’s figures, jobs in AI advertised for an average of £56,385 a year and machine learning roles at £54,617.

Skills Gap & Brexit

Unfortunately, one of the reasons why companies are willing to pay so much is that experts of this kind are hard to find in a labour market where there is a real tech skills gap. Some tech commentators have long been predicting that Brexit is only likely to make matters worse. For example, a 2016 survey by the ‘Hired’ website highlighted skills gap challenges in many areas of IT, possible challenges to attracting high-skilled workers from across the globe because of Brexit, lower average salaries for London tech jobs compared to places like San Francisco and New York, leading to a possible brain drain, and the number of UK students graduating with computer science degrees falling.

A further example of the possible impact of Brexit on AI and robotics in the UK comes from an RSA report from late 2017 which showed that the UK receives up to 80% of its funding for autonomous systems and robotics directly from the EU, and even with the government’s Autumn statement promise of a boost to R&D, it may not be enough to plug the funding hole that Brexit will create.

Funding Needed

Also, some industry experts have recently criticised the UK government for making a strategic error in their perceived lack of funding in AI and robotics.

There have been calls for the setting up of systematic programmes to mobilise the brain power of AI and robotics communities around the most important challenges of government.

What Does This Mean For Your Business?

If your business needs an AI or robotics professional, you may have a challenge on your hands. A home-grown skills gap means that you may need to attract talent from overseas, one aspect of which is being able to pay a considerable salary that is competitive with that offered in other countries. Getting an overseas professional to come to the UK, however, may be problematic because of the insecurities that Brexit is presenting to migrant workers.

Ideas to plug the UK’s skills gap in many tech areas include the offering of digital apprenticeships e.g. by Microsoft, but AI is a very specialised area, and much more investment and specialist education and training may need to be made available in the UK in a short time to enable UK industries to make the most of the UK’s AI boom.

First Direct Customers Can Pay By Siri

Posted on by Rob Burdett

First Direct customers can now make voice-activated payments to existing payees or mobile contacts via the Siri tool on their Apple iPhones, without logging into online banking or using their password.

Following Barclays

First Direct’s move to voice-activated payments follows the move by Barclays last August to allow its customers (with an Apple device with iOS 10 software or above, with fingerprint technology) to make payments using Apple’s voice-activated assistant, Siri.

Dutch Pioneers

Dutch banking group ING Netherlands are widely credited as being the pioneers of this kind of system when, back in 2014, they launched a voice-navigated banking app with a view to enabling biometric voice recognition as a replacement for PINs in the future.

Interface Between The Customer and Paym

In the case of First Direct, the Siri digital assistant acts as an interface between the customer and the Paym mobile payment system.

Paym is the service, launched by the Payments Council, that allows users to send and receive payments directly to a current account using only the mobile number of the account holder.

How Does It Work?

With the First Direct system, users simply tell Siri what amount they would like to pay, and the name of the person that they would like to pay using First Direct. The system then asks for verification using the fingerprint scanner or face ID tool on the payer’s mobile device. It has been reported that the money is then transferred instantly, and First Direct customers can make transfers of up to £350 daily using the new system.

What Will You Need?

Clearly, to use the system you will need to be registered for digital banking with First Direct. You will then need to activate Paym in the First Direct app, and make sure that you are using an iPhone that is capable of fingerprint or facial recognition so that your payments can be verified without a password.

What Does This Mean For Your Business?

For businesses, saving time and getting cash quickly into the business are important, and the First Direct system looks as though it is capable of helping both these things to happen. It also offers your business, suppliers, and other stakeholders a convenient way of paying while on the move.

Also, the biometric aspect (fingerprint or facial recognition) is believed to provide greater security than passwords.

Voice-activated assistants have proven popular with users, and it makes sense that they could be linked up with other technologies and systems to deliver greater value, convenience, and time savings. It is likely that other banks will now follow suit, and voice-activated assistants will be linked-up to a whole range of other services in the near future to benefit the business and the customer.

Fighting Exploitation Via Blockchain and Coke

Posted on by Rob Burdett

Coca-Cola, the US State Department, and 2 other companies are working on a project to used blockchain to fight forced labour worldwide.

What Is Blockchain?

Blockchain is an incorruptible peer-to-peer network (a kind of ledger) that allows multiple parties to transfer value in a secure and transparent way. Blockchain’s Co-Founder Nic Carey describes Blockchain as being like “a big spreadsheet in the cloud that anyone can use, but no one can erase or modify”.

Forced-Labour

The International Labour Organisation estimates that there are nearly 25 million people working in forced-labour conditions worldwide, and 47% of them in the Asia-Pacific region.

The kind of work where there is known to be forced-labour varies, but many are engaged in work that contributes to products for food and beverage e.g. forced-labour in countries where sugarcane is produced.

A KnowTheChain (KTC), a partnership founded by U.S.-based Humanity United, showed that most food and beverage companies could be doing more solve the problem.

Coca-Cola Committed

As part of a new partnership, Coca-Cola has now committed to conduct 28 country-level studies on child labour, forced-labour, and land rights for its sugar supply chains by 2020.

Blockchain

Blockchain’s validation and digital notary capabilities are being used in the new project to create a secure registry for workers and their contracts. The project, involving Trust Accelerator (BTA), a non-profit organization, the US State Department, Coca-Cola, and U.S.-based Humanity United, will use blockchain to create a validated chain of evidence that will encourage compliance with labour contracts.

US tech company The Bitfury Group, will build the blockchain platform, while Emercoin will provide blockchain services.

Blockchain Used To Reduce Child Labour Too

Earlier this month it was reported that blockchain is also being used in a pilot project between car-maker BMW and start-up Circulor with a view to eliminating battery minerals produced using child labour. In that project, blockchain is being used to help provide a way to prove that artisanal miners are not using child labour in their cobalt mining activities. Bags of cobalt are given a digital tag which can be entered into blockchain using a mobile phone. The details of the digital tag can then be entered by each link in the chain of buyers, thereby providing a clear, verifiable trail, all the way from miner to smelter.

What Does This Mean For Your Business?

The new project involving Coca-Cola is another example of how blockchain is being used to ethically add value, genuinely reduce suffering and exploitation, and shows how this new technology can deliver social impact. One of the strengths central to blockchain is that it offers an incorruptible and transparent system that can provide a much greater, and more reliable level of proof that something has happened in the correct way in a value chain. Many different types of businesses can use blockchain to categorically prove a certain source and route for e.g. delivery, raw materials or production. This is proving to be particularly valuable to businesses where provenance is necessary to add to the monetary, ethical or other value of a product, service, and brand.

Tech Tip(s) – Browser Security

Posted on by Rob Burdett

Your Internet browser is one of your most-used applications, so it makes sense that you should make yours as secure as possible. Here are a few tips to help you do just that :

  • Use browsers that have built-in protection features such as Chrome, Firefox, Apple and Safari.
  • Utilise the security settings on your browser. Look under advanced settings, and select Privacy and Security e.g. restrict your device from visiting dangerous sites.
  • Use private / incognito browsing to avoid tracking.
  • Consider deactivating ‘ActiveX’. This add-on acts as a middleman between your PC and Java/Flash-based interactions in certain sites, thereby potentially creating security problems by giving malicious websites a window into your PC.
  • Consider disabling ‘JavaScript’. As well as making browsing quicker and simpler, this can stop cyber criminals from using JavaScript in malicious ways in order to infect your device.
  • Delete Cookies. Although they can be helpful for remembering accounts and passwords, they can also be targeted by cyber criminals because of the information they contain.
  • Beware of some browser extensions and add-ons. Even though they can add extra functionality, they can also pose a security risk as they can be exploited to inject malware.

As always (e.g. with cookie or javascript usage), it’s a case of weighing up benefits of functionality against potential risks and exploits. The more ‘stuff’ you have open/running … the more that can (potentially) go wrong.