Issue No. 2, January 2014 Monthly newsletter

Article

Issue No. 2 | January 2014

Monthly newsletter

6 February

Bank of Russia to work with law enforcers to prevent breaches of property rights related to cryptocurrencies

The Bank of Russia and law enforcers will work together to prevent breaches of property rights related to the use of cryptocurrencies, the General Prosecutor's Office announced after a working group meeting between the Central Bank, the Federal Security Service, and the Ministry of Internal Affairs. The General Prosecutor's Office added that the working group members are relying on the experience of other countries to define key regulatory areas for the industry.

19 February

Bank of Russia to take stricter approach to data protection for money transfers

According to a report from Banki.ru, Roman Prokhorov, the deputy director of the Department for the National Payment System, said that the Bank of Russia has started implementing measures to protect data during money transfers, while speaking at the 6th Ural Banking Forum held in Magnitogorsk.

28 February

State Duma passes draft law requiring information about data transferred over Internet to be retained for 6 months

The State Duma has passed the first reading of a draft bill requiring information about data transferred over the Internet to be retained for 6 months. The bill is part of a counter-terror legislative package initiated following terrorist attacks in Volgograd at the end of last year. The package was prepared by a group of MPs headed by Irina Yarovaya, a United Russia member and Chair of the State Duma Committee for security and corruption issues.

Legislative news and regulatory recommendations

1 February

Canadian intelligence performed surveillance on travelers using Wi-Fi hot spots in airports and cafes

CBS News has published a confidential report by Canadian intelligence which shows that in 2012, the Communications Security Establishment Canada (CSEC), working in close cooperation with the American NSA, tested a Wi-Fi surveillance system capable of capturing information about wireless devices used by citizens visiting public premises (e.g. airports, libraries, hotels and cafes) with Wi-Fi hot spots.

4 February

Misleading information about virtual currencies posted by hackers on official website of Prosecutor's Office for Volgograd Region

As reported by the Prosecutor's Office for the Volgograd Region (PO), hackers used its official website to post misleading information about criminal actions planned against certain websites. According to RIA Novosti, the press release said that the PO was planning to make a request to block websites trading virtual currencies.

16 February

Kickstarter hacked

According to reports, law enforcement officials have informed the Kickstarter team about a successful hacking attack on their website. The attackers obtained access to the personal information of registered users.

24 February

Bank of Russia: bitcoins a pyramid scheme

According to Timur Batyrev, the head of the Department for the National Payment System at the Central Bank, Bitcoin is a pyramid scheme: "There will always be people looking for easy money who will buy bitcoins. But there will also be people to pay for them."

Staying secure

Finance sector

3 February

Hackers steal 2.4 million rubles from bank in Naberezhnye Chelny

According to police in Naberezhnye Chelny, hackers stole 2.4 million rubles from a bank in October last year.

11 February

PayPal president's bank card hacked

Card skimmers stole data from the bank card of the PayPal president David Marcus while he was traveling in the UK. Marcus wrote about the incident on his Twitter account, adding that it was an EMV chipped card.

18 February

Bank of Russia: number of cyberattacks on Russian banks doubled over last year

According to the latest data, the number of data security incidents has doubled to about 22.5 cases per month, said Oleg Krylov, the head of the Central Department for Information Security and Protection of the Bank of Russia, speaking at the 6th Ural Banking Information Security Forum.

19 February

Sberbank proposes stricter regulations on skimming crime

Sberbank of Russia has asked the Russian State Duma Committee for the Financial Market to consider stricter regulations on skimming crime. The news came from Sergey Bondarev, the deputy director heading the Security Department of Sberbank, as he spoke at the 6th Ural Banking Information Security Forum.

Bondarev said Sberbank has proposed an additional Article 187.1 to the Russian Criminal Code that will be particularly focused on crime involving the use of skimming equipment. The bank would also like to see amendments to Article 187 of the Criminal Code (Production and sale of fake credit/payment cards and other payment documents).

19 February

Sberbank: theft of 22 million rubles attempted by fraudsters

The Sberbank Security Department, working in cooperation with law enforcement officers, has prevented a theft of more than 22 million Rubles from its customers' accounts, according to a press release issued by Sberbank.

24 February

Suspect in  5 million ruble theft arrested in Moscow

The Moscow police have arrested a suspect in a 5 million ruble theft from a bank account, the police press service for the Moscow Central Administrative District reported.

 

Internet and telecommunications

4 February

Information requests from U.S. intelligence for 2013

Acting in the free spirit of the Internet, some of the largest companies in the U.S. have published internal statistics on requests they received from U.S. intelligence over the first six months of 2013. Yahoo alone received more than 30,000 user information requests, while Microsoft, Google and Facebook received for 16,000, 10,000 and 6,000 requests, respectively.

13 February

Major VOIP providers unavailable in Belarus

Zadarma.com and Sipnet.ru, two major VOIP providers, are not available in Belarus. The routing paths to their servers appear broken after reaching the gateways of BelTelecom, the only state-owned monopoly provider of external Internet in Belarus.

18 February

Russia considers cyber security centers

Russia may establish cyber security centers to respond to cyber incidents, according to participants in the 6th Ural Banking Information Security Forum.

28 February

Hacker from UK faces charges for attacking Federal Reserve System's servers and stealing data

As reported by the BBC, a hacker from the UK whose case is being investigated in the U.S. is facing new charges for attacking the FRS's servers to steal personal data.

Industry and services

24 February

Belorussian companies must obtain certificates for anti-virus tools

Apart from other products, anti-virus programs have been suspended from sale in Belarus.

Articles

3 February

Transparent encryption for corporate network folders

With network technologies such LAN, CAN and VPN becoming more widespread, businesses can set up quick and convenient data exchange at various distances. That said, protecting data within the corporate environment is as important as ever, remaining a serious concern for both SMEs and large businesses across industries. As a result, any business, large or small, almost inevitably faces the need to manage employee access rights based on data confidentiality.

5 February

NSA surveillance gadgets

Documents published by Edward Snowden, a former employee of the CIA and the NSA, contain some information about surveillance technology used by the NSA organized in the document as a short catalogue. A total of 48 pages, marked as either confidential or strictly confidential, provide short descriptions of surveillance technology, though the catalogue is not exhaustive.

11 February

Safe City – data collection and processing solution

It is a well known fact that the Sochi Olympic Games boasts a quick-response taskforce of tens of thousands of people dedicated to making the Games a success. However, even a taskforce as big as that still needs appropriate technology to support residents of the extensive resort city, which offers Alpine skiing facilities to many thousands of visitors flocking in from around the world.

9 February

IBM gets $3.45 million from DARPA to develop self-destructing technology

The idea of self-destructing electronics is on the minds of many militaries, including those in the U.S. DARPA reportedly recently transferred $4.7 million to SRI to develop biodegradable electronics.

26 February

Targeted attacks exploit vulnerability of Flash Player

Late last week, Adobe published update APSB14-07 to fix the CVE-2014-0502 flaw in its Flash Player. According to the security firm FireEye, a number of public and private websites have been compromised by the malware "iFrame," which redirects users to a website containing a 0day exploit. This attack exploits outdated libraries compiled without ASLR protection enabled, creating stable and transferrable ROP sequences to bypass the DEP protection. In Windows XP, ROP gadgets are created using msvcrt.dll.

Information security technologies in news

Information security management system standard ISO 27001:2005 in practice

Over 3,000 companies all over the world have completed ISO 27001 certification. This standard sets out key specifications for developing and operating an information security management system.

To be added to bookmarks

February 4

Government Passwords Are Incredibly Easy to Hack

Some of the federal government’s most sensitive data are protected by passwords that wouldn’t pass muster for even the most basic civilian email account, according to a new congressional report.

February 15

Merkel, Hollande to discuss European communication network avoiding U.S.

German Chancellor Angela Merkel said on Saturday she would talk to French President Francois Hollande about building up a European communication network to avoid emails and other data passing through the United States.

February 21

Huge ATM Skimming Case Progresses. Alleged Ring Leader Indicted. Global Collaboration Key

The arrest, extradition and indictment of a Romanian who's alleged to have orchestrated one of the biggest ATM skimming rings in the U.S. illustrates how collaboration among international authorities is working to more swiftly bring global cybercrime leaders to justice (see Charges in ATM Skimming Scheme).

But this week's indictment of Marius Vintila is just a blip on the cyberthreat radar, says financial fraud analyst Al Pascual of the consultancy Javelin Strategy & Research. Much more still needs to be done to ensure global law enforcement authorities are catching cybercriminals sooner, and prosecuting them within shorter windows of time, he adds.

February 23

Banking trojan hit a large number of Islamic Mobile Banking Customers on

Security researchers at InterCrawler discovered a Banking trojan which infected a large number of devices the Middle East belonging to Islamic Banks.

February 24

iBanking Mobile Bot Source Code available for sale in the underground on

iBanking is a new mobile banking Trojan available for sale in the underground for $5,000 according the RSA’s FraudAction Group.

February 26

How the Army Plans to Fight a War Across the Electromagnetic Spectrum

The Pentagon long has made a big effort to showcase its budding cyberwarfare capabilities. But the military has been less forthcoming about a key, more tangible component of cyber — electronic warfare – until now.

February 26

YouTube ads network serving Caphaw Banking Trojan on

YouTube users were targeted by a classic drive-by download attack by exploiting client Java software vulnerabilities and serving Caphaw Banking Trojan.

February 28

Industry Needs To Do More To Protect the Power Grid From a Cyber Attack

Energy companies should create a new industry-led body to deflect cyber threats to the electric grid — from large generators to local distribution utilities, according to a new report co-authored by Ret. Gen. Michael Hayden, former CIA and National Security Agency director.

Foreigner corner

Did you find this useful?