Courtesy of its billion-dollar acquisition of security innovator Trusteer in 2013, IBM willadd behavioral biometric analysis to its digital banking fraud prevention solution, IBM Security Trusteer Pinpoint Detect, the company announced on Thursday. “Given enough time and resources, cyber criminals can defeat passwords and security questions,” VP of Strategy for IBM Security, Ravi Srinivasan said. With the addition of behavioral biometric technology, IBM’s security solution will be that much more effective against fraudsters using stolen credentials to get unauthorized access to bank accounts. (more…)
In the parallel universe of Ethereum Classic, the DAO saga continues with the DAO hacker, whose IP may have recently been identified, converting almost 100,000 ETC into 144.92992187 bitcoin, worth almost $100,000. (more…)
cronis, a technology firm synonymous with backup and recovery software has announced a new storage solution called Acronis Storage, wherein data will be secured and authenticated with Ethereum’s public blockchain. (more…)
VocaLink, the global payment partner to banks, corporates and governments, today launched “The Millennial Influence”, a report examining the payments behavior of millennials (i.e. those aged between 18-35) in the United States.(more…)
Banking customers can now securely access their financial information in real-time and safely conduct almost any financial transaction with popular Virtual Personal Assistants (VPAs), using only the sound of their voice.(more…)
Yesterday’s attack on the internet domain directory Dyn, which took major sites like Twitter and Paypal offline, was historic in scale. But the motivation for the attack may seem opaque, since no valuable information seems to have been stolen. A group called New World Hackers is claiming credit, but giving conflicting accounts of their motives—and security experts have called them “impostors.”
So why else might someone have done it? This class of hack, known as a distributed denial of service (DDoS) attack, has been around for a while. And while many DDoS attacks are indeed motivated by politics, revenge, or pettytrolling, there’s frequently money involved.
For instance, DDoS attacks are often used as leverage for blackmail. Once a hacking group has a reputation for being able to field a large and dangerous botnet to knock servers offline, they can demand huge ‘protection’ payments from businesses afraid of facing their wrath. In fact, they don’t even have to do the hacking in the first place—in one recent case, someone posing as a notorious cabal merely emailedblackmail messages and managed to pocket tens of thousands of dollars before they were exposed.
In the current case, there are rumors that Dyn was a target of extortion attempts before the attack. And the hackers behind what may be the biggest DDoS attack in history could demand a pretty penny to leave other companies alone. A wave of impostors will likely give it a shot, too.
There’s another, even darker money-driven application of DDoS attacks—industrial sabotage. Companies seeking to undermine their competition can hire hackers to take the other guys offline. DDoS services are often contracted through so-called “booter” portals where anyone can hire a hacker’s botnet in increments as small as 15 minutes. Researchers found last year that three of the most prominent booter services at the time had over 6,000 subscribers in total, and had launched over 600,000 attacks. (And despite the criminal reputation of Bitcoin, by far the largest method used to pay for DDoS-for-hire was Paypal.)
But it’s unlikely that this was some sort of hit called in by a competitor of Dyn—that tactic seems to primarily appeal to already-shady dealers, including online gambling operations.
For more on security, watch our video.
Finally, DDoS attacks can serve as a kind of smokescreen for more directly lucrative crimes. While a security team is struggling to deal with an army of zombie DVRspummeling their system, attackers can grab passwords, credit card numbers, or identity information.
In weighing possible explanations for Friday’s attack, it’s important to note the massive scale of the thing. Even if their claims of responsibility aren’t credible, New World Hackers’ description of about 1.2 terabits of data per secondthrown at Dyn’s servers is both vaguely plausible and utterly mind-boggling. That’s around twice as powerful as the huge 620 gigabit per second attack that knocked out a single website, Krebs on Security, last month. Dyn has also described the attack as sophisticated, arriving in three separate waves that targeted different parts of their systems.
That kind of operation could have been pulled off by a gang of kids doing it for kicks—and maybe that’s the scarier scenario. But such a massive undertaking suggests bigger, and possibly more lucrative, motivations.
As the second day of FinDEVr 2016 comes to an end and attendants brush through business cards collected from interesting encounters, there are quite a few things one will certainly take out from the event. (more…)
DocuSign built a $3 billion valuation by providing a simple way to execute an electronic signature. That has worked well as far as it goes, but in order to separate from the growing pack of competitor companies, it announced today that it’s allowing users to add a payment to be collected digitally at signing. (more…)
On the surface, starting an ecommerce business seems pretty straightforward. However, merchants face a litany of issues to deal with, including fraud. For small businesses, fraud protection can be an expensive service that gives little information to make corrective actions. Stripe has spent years developing and fine-tuning its in-house fraud detection service, and today, it’s making that available to its customers. (more…)
Today LexisNexis Risk Solutions releases its comprehensive Millennial Study: Privacy vs. Customer Experience report, which charts the digital consumer preferences and behaviors of Millennials in seven global markets—the U.S., U.K., Germany, Hong Kong, Malaysia, Mexico and Brazil. (more…)
The Money20/20 agenda is always packed; the event inspires insightful discussion, debate and collaboration every year. And this year promises to be no exception. I’m especially looking forward to chewing over these three topical trends in Las Vegas: (more…)
You might want to take a mental snapshot of what insurance looks like, because children born today could make up first generation that won’t know what insurance is. That’s not because insurance won’t be a thing; it will just look a lot different in 20 years. (more…)
Although only recently introduced, the trend lines for the adoption of mobile wallet technologies like Apple Pay, Google Wallet and Android Pay resemble those of smartphones—hockey-stick growth curves. (more…)