Tag Archives: regulations

Kentucky Fraud Kickin’.

The Internet and mobile devices and related gadgetry have brought so much incredibly useful stuff into our lives that sometimes it’s hard to imagine how on earth anyone managed without it before. You know, purchasing airline tickets and checking in, online shopping and banking, multi-device data sharing, keeping the kids occupied on the backseat of the car with a film on their tablets (in my youth you just sat there or played I Spy). But I digress, and so early on in this post…

Alas, along with all the good and helpful stuff to make life easier, the Internet’s brought us other stuff – bad stuff that’s harmful and dangerous. Malware, spam, hard-to-trace cybercrims, cyberweapons, etc., etc. There’s also Internet fraud, which is what I’ll be writing about in this post, or – more to the point – how to combat it.

But let’s start with the basics: who suffers from Internet fraud?

Consumers? Well, yes, but not much compared with businesses: the brunt of the cost of online fraud is taken by banks, retailers, and in fact any online operators.

The brunt of the cost of online fraud is taken by online operators

A few figures to illustrate the scope of Internet fraud:

  • In 2012 in the United States alone, direct losses from online fraud came to $ 3.5 billion;
  • Those losses were made up of about 24 million fraudulent online orders;
  • Almost 70 million orders were cancelled due to suspicion of foul play.

All rather alarming.

Online financial fraud

In the meantime, are online operators generally taking any measures against fraud?

Of course they are. Plenty!

Read on: budgets, people but not the right tools…

A Move in the Right Direction.

Barack Obama signs an executive act regulating cyber security

On Tuesday, President Obama issued a long awaited Executive Order on cyber security intended to expand and deliver more robust information sharing between government and the private sector.  The Executive Order also requires the development of a voluntary cyber framework and standards to improve protection of the U.S. critical infrastructure.  The Executive Order rightly focuses on a risk-based approach.  Resources are limited and prioritization to secure those areas most at risk is smart policy.  The sophistication of threats and targeted attacks on key economic sectors around the world stresses the urgency that action be taken to better secure critical infrastructure.  This effort by President Obama is a positive step to address a real gap in the protection of critical assets necessary to the well being of the United States.

The risk to critical infrastructures is real, and an international challenge that must be addressed by governments and the private sector together.  As we see more threats to the national and economic security of countries, action must be taken to better protect those critical national infrastructures.  Attacks like StuxnetFlameGauss and Shamoon are becoming commonplace and keep growing in sophistication.

I believe this executive order is a move in the right direction as it seeks to increase digital defenses of critical infrastructure, and tries to facilitate the exchange of threat information between the government and private sector.  Better cooperation between governments around the world and their private sectors to improve sharing of timely and relevant cyber threat information is essential. Likewise, operators of the critical infrastructures must work to implement flexible performance based standards to secure their assets.

We are at a critical juncture on cyber security protection, and leadership in the U.S. and around the world is essential.  We hope that other nations and unions will follow this example and take steps to better protect their national critical infrastructures.

We’re ready to support and assist in national and international cyber defense efforts with our research, technologies and people.

Flickr photostream

Instagram photostream

Worse than Cheese: Scary Scenarios Causing Nightmares Now – the Five Main Issues of IT Security.

I recently found myself wondering how many interviews with the press I do every month. Of course the totals fairly helter skelter between months, but in the busier periods the number can get anywhere up to 70! And that’s only spoken interviews, i.e., those done in person or over the phone. If I were to also include e-mail interviews – the number would be just silly.

But I don’t complain. In fact just the opposite – I love interviews! Which reminds me of Richard Branson and his simple rule about interviews: “If CNN rings me up and wants to do an interview with me, I’ll drop everything to do it.” I also follow this rule – to the letter – and not without good reason.

Most interviews are what you’d expect. I get asked lots of questions, I answer them as best I can, and that’s about it.

But in a very few rare instances I get interviewed by a really well read-up journalist, meticulous to the point of hair-splitting, who not only knows all about me and KL and what we do, but also all about the particular narrow topic the interview’s about. By the end of the allotted hour I’m exhausted, the mind’s pretty much frazzled, and I feel like my very soul’s been extracted together with my long-winded answers to the sophisticated questions.

These are the trickiest and most trying kinds of interviews, but also the most useful. Why? Because during such intense sessions the gray matter inside the skull shifts up a gear or three and really gets to work, thinking in new ways and approaching familiar topics from fresh standpoints – to such an extent that after the end of the interview the momentum keeps the ideas coming, leading to all sorts of new insights. All really quite fascinating how creative cognition comes about. And all kicked-off by super-sharp reporters doing their job masterfully. Respect due. And a thank you!

Curiously, what unites such “special” interviews with regular ones is an inevitable question about the most pressing IT Security issues today – something like: “What keeps you up at night (in terms of IT Security hazards)?”! And I don’t get asked this all the time just by journalists in interviews. The question pops up at practically every IT conference I speak at.

And so: as promised earlier, here I’m presenting my List of the Five Main Issues Facing IT Security, in the broad sense of the term.

I should say straight away that I don’t have prescriptions for solving all five issues. The aim of this post is more to identify the problems, let you start to muse on them, and hopefully draw you into the fold of their ongoing discussion by raising your interest, empathy and/or sympathy!

Right, here’s my list:

  1. Privacy
  2. Internet Passports
  3. Social Networks
  4. Cybercrime
  5. Cyberwarfare

More: getting into details …

Enter your email address to subscribe to this blog

Don’t Feed the Troll!

Ladies and gentlemen, your attention please!

Good news! After 3.5 years of legal battles with patent trolls we have finally won a resounding victory! This was our first patent litigation battle in the US and we won! // Well, we needed to make up somehow for Russia’s poor display at Euro 2012 :)

Here’s a recap.

Four years ago the patent trolls suddenly came on the scene trying to prove that we were using technology that had been patented by somebody else.

Because we were expecting this sort of thing, and knew all about patent trolls – albeit in theory – our very own patent department had for a number of years been quietly working away preparing our patent firepower in readiness for a showdown with all types of various patent trolls and black hats.

And then this story began, in the United States District Court for the Eastern District of Texas. By the look of things, the situation was only going to get worse for us, but we had absolutely no intention of just giving in. Even if we lost, we were going to go down fighting and make it as brutal and bloody as possible for them.

And just a few days ago came the final denouncement.

The Court for the Eastern District of Texas announced its verdict in the case brought by IPAT and completely dismissed all the charges against us. What’s more, it did so WITH PREJUDICE, i.e. IPAT can’t bring any more claims regarding those patents!

Court Filing

But this is not just some ordinary legal victory.

More: An insight into troll business, US patent system and search for a solution…

Cyber-Thriller, ver. 2011

Costin Raiu, one of our top generals in the war against malware, recently published an interesting post on the ten most significant events in the security field in 2011. I liked it; and the idea of a top-ten; so much so I decided to come up with my own. It mostly matches Costin’s report, but somehow this is a slightly different view. It’s not just regarding the past year – it’s a little broader: tendencies in the security market and about security in general. An “unofficial”, non-hoity-toity view of the important stuff – both that’s with us now, or that will be soon…

And so here’s my top-ten:

1. Hacktivism
2. Militarization of the Internet and Cyber Weapons
3. Social Networks and Politics
4. The Duqu Cyber-Bomb
5. Widely Publicized Hacks and Industrial Espionage
6. Certification Authorities: the Beginning of the End
7. Cybercrime: as Romantic as Sewage
8. Android Malware
9. Mac Malware
10. Intel Taking Over McAfee – Intel-ligent Move or Epic McFail?

Read More: And now in detail…

SOPA-Dodger.

– or why have we decided to withdraw from the Business Software Alliance (BSA).

Hi all!

Recently the US blogosphere has become increasingly alarmed by the new Anti-Piracy Act – Stop Online Piracy Act or SOPA. Discussions of the topic are, to put it mildly, quite frank, with comments like: “These idiots are coming for your internet” (read here).

What is SOPA?

It is support for and development of something that is currently very relevant – the protection of intellectual property. Ladies and gentlemen, this really is important! “Thou shalt not steal,” as the Bible says! An author – or more often than not, a team – spends sleepless nights writing a book, composing music, shooting a film, creating software or testing software packages. Doesn’t that deserve a financial reward? Yes or no? Think before you answer – someone could well ask the same question about your profession… So?

More: A vinyl-age law for Internet? …

Call for Action: Internet Should Become a Military-Free Zone.

What is the difference between a nuclear missile and malware?

It’s not a trick question – malware can seize control of a missile, but a missile can’t be used to destroy malware. With the right tools a missile can be diverted by malware, but no amount of firepower can divert rogue software once it is active.

Unlike traditional weaponry, malware can replicate itself ad infinitum. And while a missile can often be controlled in some way, malware tends to attack indiscriminately: nobody knows who it will harm, which corners it will worm its way into. On the inscrutable trajectories of the web, as soon as some black hat launches a malicious program to make some quick cash anything can happen. It’s impossible to calculate what effect it will have, what might be affected by accident and how it could even boomerang back to harm its creators. People tend to make mistakes in everything they do – and writing code, malicious or otherwise, is no exception. There are numerous examples of this kind of “collateral damage” – read my previous post about the fortunes of the Internet .

At least we are now seeing some joint efforts to combat cybercriminals.

The security industry is tightening the screws on them, and the big boys like Microsoft are getting involved. Other different non-commercial and intergovernmental organizations are joining in as well. Governments are beginning to understand that the Internet can be a highway to hell, and are waking up to the need to do something about it. So we are seeing some progress.

However, I’m more concerned about another side of Internet security. The tricks of a cybercriminal will seem trifling compared to a large-scale cyberwar on the web. Yes, you read it correctly – a web cyberwar! This is where things start getting much more complicated and murky.

These are the facts.

More > The military is gradually turning the Internet into one big minefield

Ni Hao Compulsory Internet IDs.

Innovations at Beijing airport (Terminal 2)

1. To get a log-in and password for Wi-Fi, you need to put your passport (or Chinese ID if you have one) into a special machine, which scans the main page, determines the full name of the owner and document number, and then prints out a user name and password. Looks like a forerunner to compulsory Internet IDs.

Here is a photo of the Wi-Fi vending machine

Wi-Fi vending machine in Beijing

Wi-Fi permission and two more innovations >