Article
Issue No. 2 | January 2014
Monthly newsletter
6 February
The Bank of Russia and law enforcers will work together to prevent breaches of property rights related to the use of cryptocurrencies, the General Prosecutor's Office announced after a working group meeting between the Central Bank, the Federal Security Service, and the Ministry of Internal Affairs. The General Prosecutor's Office added that the working group members are relying on the experience of other countries to define key regulatory areas for the industry.
19 February
Bank of Russia to take stricter approach to data protection for money transfers
According to a report from Banki.ru, Roman Prokhorov, the deputy director of the Department for the National Payment System, said that the Bank of Russia has started implementing measures to protect data during money transfers, while speaking at the 6th Ural Banking Forum held in Magnitogorsk.
28 February
The State Duma has passed the first reading of a draft bill requiring information about data transferred over the Internet to be retained for 6 months. The bill is part of a counter-terror legislative package initiated following terrorist attacks in Volgograd at the end of last year. The package was prepared by a group of MPs headed by Irina Yarovaya, a United Russia member and Chair of the State Duma Committee for security and corruption issues.
Legislative news and regulatory recommendations
1 February
CBS News has published a confidential report by Canadian intelligence which shows that in 2012, the Communications Security Establishment Canada (CSEC), working in close cooperation with the American NSA, tested a Wi-Fi surveillance system capable of capturing information about wireless devices used by citizens visiting public premises (e.g. airports, libraries, hotels and cafes) with Wi-Fi hot spots.
4 February
As reported by the Prosecutor's Office for the Volgograd Region (PO), hackers used its official website to post misleading information about criminal actions planned against certain websites. According to RIA Novosti, the press release said that the PO was planning to make a request to block websites trading virtual currencies.
16 February
According to reports, law enforcement officials have informed the Kickstarter team about a successful hacking attack on their website. The attackers obtained access to the personal information of registered users.
24 February
Bank of Russia: bitcoins a pyramid scheme
According to Timur Batyrev, the head of the Department for the National Payment System at the Central Bank, Bitcoin is a pyramid scheme: "There will always be people looking for easy money who will buy bitcoins. But there will also be people to pay for them."
Staying secure
Finance sector
3 February
Hackers steal 2.4 million rubles from bank in Naberezhnye Chelny
According to police in Naberezhnye Chelny, hackers stole 2.4 million rubles from a bank in October last year.
11 February
PayPal president's bank card hacked
Card skimmers stole data from the bank card of the PayPal president David Marcus while he was traveling in the UK. Marcus wrote about the incident on his Twitter account, adding that it was an EMV chipped card.
18 February
Bank of Russia: number of cyberattacks on Russian banks doubled over last year
According to the latest data, the number of data security incidents has doubled to about 22.5 cases per month, said Oleg Krylov, the head of the Central Department for Information Security and Protection of the Bank of Russia, speaking at the 6th Ural Banking Information Security Forum.
19 February
Sberbank proposes stricter regulations on skimming crime
Sberbank of Russia has asked the Russian State Duma Committee for the Financial Market to consider stricter regulations on skimming crime. The news came from Sergey Bondarev, the deputy director heading the Security Department of Sberbank, as he spoke at the 6th Ural Banking Information Security Forum.
Bondarev said Sberbank has proposed an additional Article 187.1 to the Russian Criminal Code that will be particularly focused on crime involving the use of skimming equipment. The bank would also like to see amendments to Article 187 of the Criminal Code (Production and sale of fake credit/payment cards and other payment documents).
19 February
Sberbank: theft of 22 million rubles attempted by fraudsters
The Sberbank Security Department, working in cooperation with law enforcement officers, has prevented a theft of more than 22 million Rubles from its customers' accounts, according to a press release issued by Sberbank.
24 February
Suspect in 5 million ruble theft arrested in Moscow
The Moscow police have arrested a suspect in a 5 million ruble theft from a bank account, the police press service for the Moscow Central Administrative District reported.
Internet and telecommunications
4 February
Information requests from U.S. intelligence for 2013
Acting in the free spirit of the Internet, some of the largest companies in the U.S. have published internal statistics on requests they received from U.S. intelligence over the first six months of 2013. Yahoo alone received more than 30,000 user information requests, while Microsoft, Google and Facebook received for 16,000, 10,000 and 6,000 requests, respectively.
13 February
Major VOIP providers unavailable in Belarus
Zadarma.com and Sipnet.ru, two major VOIP providers, are not available in Belarus. The routing paths to their servers appear broken after reaching the gateways of BelTelecom, the only state-owned monopoly provider of external Internet in Belarus.
18 February
Russia considers cyber security centers
Russia may establish cyber security centers to respond to cyber incidents, according to participants in the 6th Ural Banking Information Security Forum.
28 February
Hacker from UK faces charges for attacking Federal Reserve System's servers and stealing data
As reported by the BBC, a hacker from the UK whose case is being investigated in the U.S. is facing new charges for attacking the FRS's servers to steal personal data.
Industry and services
24 February
Belorussian companies must obtain certificates for anti-virus tools
Apart from other products, anti-virus programs have been suspended from sale in Belarus.
Articles
3 February
Transparent encryption for corporate network folders
With network technologies such LAN, CAN and VPN becoming more widespread, businesses can set up quick and convenient data exchange at various distances. That said, protecting data within the corporate environment is as important as ever, remaining a serious concern for both SMEs and large businesses across industries. As a result, any business, large or small, almost inevitably faces the need to manage employee access rights based on data confidentiality.
5 February
Documents published by Edward Snowden, a former employee of the CIA and the NSA, contain some information about surveillance technology used by the NSA organized in the document as a short catalogue. A total of 48 pages, marked as either confidential or strictly confidential, provide short descriptions of surveillance technology, though the catalogue is not exhaustive.
11 February
Safe City – data collection and processing solution
It is a well known fact that the Sochi Olympic Games boasts a quick-response taskforce of tens of thousands of people dedicated to making the Games a success. However, even a taskforce as big as that still needs appropriate technology to support residents of the extensive resort city, which offers Alpine skiing facilities to many thousands of visitors flocking in from around the world.
9 February
IBM gets $3.45 million from DARPA to develop self-destructing technology
The idea of self-destructing electronics is on the minds of many militaries, including those in the U.S. DARPA reportedly recently transferred $4.7 million to SRI to develop biodegradable electronics.
26 February
Targeted attacks exploit vulnerability of Flash Player
Late last week, Adobe published update APSB14-07 to fix the CVE-2014-0502 flaw in its Flash Player. According to the security firm FireEye, a number of public and private websites have been compromised by the malware "iFrame," which redirects users to a website containing a 0day exploit. This attack exploits outdated libraries compiled without ASLR protection enabled, creating stable and transferrable ROP sequences to bypass the DEP protection. In Windows XP, ROP gadgets are created using msvcrt.dll.
Information security technologies in news
Information security management system standard ISO 27001:2005 in practice
Over 3,000 companies all over the world have completed ISO 27001 certification. This standard sets out key specifications for developing and operating an information security management system.
To be added to bookmarks
February 4
Government Passwords Are Incredibly Easy to Hack
Some of the federal government’s most sensitive data are protected by passwords that wouldn’t pass muster for even the most basic civilian email account, according to a new congressional report.
February 15
Merkel, Hollande to discuss European communication network avoiding U.S.
German Chancellor Angela Merkel said on Saturday she would talk to French President Francois Hollande about building up a European communication network to avoid emails and other data passing through the United States.
February 21
Huge ATM Skimming Case Progresses. Alleged Ring Leader Indicted. Global Collaboration Key
The arrest, extradition and indictment of a Romanian who's alleged to have orchestrated one of the biggest ATM skimming rings in the U.S. illustrates how collaboration among international authorities is working to more swiftly bring global cybercrime leaders to justice (see Charges in ATM Skimming Scheme).
But this week's indictment of Marius Vintila is just a blip on the cyberthreat radar, says financial fraud analyst Al Pascual of the consultancy Javelin Strategy & Research. Much more still needs to be done to ensure global law enforcement authorities are catching cybercriminals sooner, and prosecuting them within shorter windows of time, he adds.
February 23
Banking trojan hit a large number of Islamic Mobile Banking Customers on
Security researchers at InterCrawler discovered a Banking trojan which infected a large number of devices the Middle East belonging to Islamic Banks.
February 24
iBanking Mobile Bot Source Code available for sale in the underground on
iBanking is a new mobile banking Trojan available for sale in the underground for $5,000 according the RSA’s FraudAction Group.
February 26
How the Army Plans to Fight a War Across the Electromagnetic Spectrum
The Pentagon long has made a big effort to showcase its budding cyberwarfare capabilities. But the military has been less forthcoming about a key, more tangible component of cyber — electronic warfare – until now.
February 26
YouTube ads network serving Caphaw Banking Trojan on
YouTube users were targeted by a classic drive-by download attack by exploiting client Java software vulnerabilities and serving Caphaw Banking Trojan.
February 28
Industry Needs To Do More To Protect the Power Grid From a Cyber Attack
Energy companies should create a new industry-led body to deflect cyber threats to the electric grid — from large generators to local distribution utilities, according to a new report co-authored by Ret. Gen. Michael Hayden, former CIA and National Security Agency director.