Banks as New Dark Web Educators
June 15, 2016
The Dark Web and deep web can often get misidentified and confused by readers. To take a step back, Trans Union’s blog offers a brief read called, The Dark Web & Your Data: Facts to Know, that helpfully addresses some basic information on these topics. First, a definition of the Dark Web: sites accessible only when a physical computer’s unique IP address is hidden on multiple levels. Specific software is needed to access the Dark Web because that software is needed to encrypt the machine’s IP address. The article continues,
“Certain software programs allow the IP address to be hidden, which provides anonymity as to where, or by whom, the site is hosted. The anonymous nature of the dark web makes it a haven for online criminals selling illegal products and services, as well as a marketplace for stolen data. The dark web is often confused with the “deep web,” the latter of which makes up about 90 percent of the Internet. The deep web consists of sites not reachable by standard search engines, including encrypted networks or password-protected sites like email accounts. The dark web also exists within this space and accounts for approximately less than 1 percent of web content.”
For those not reading news about the Dark Web every day, this seems like a fine piece to help brush up on cybersecurity concerns relevant at the individual user level. Trans Union is on the pulse in educating their clients as banks are an evergreen target for cybercrime and security breaches. It seems the message from this posting to clients can be interpreted as one of the “good luck” variety.
Megan Feil, June 15, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
For Sale: Your Bank Information
March 21, 2016
One of the common commodities for sale on the Dark Web is bank, credit card, social security numbers, and other personal information. This information can sell for a few bucks to hundreds of dollars depending on the quality and quantity of the information. In order to buy personal information, usually the interested parties must journey to the Dark Web, but the International Business Times tells us that “Confidential Bank Details Available For Sale On Easily Found Web Site” is for sale on the general Web and the information is being sold for as little as a couple pounds (or dollars for the US folks). The Web site had a pretty simple set up, interested parties register, and then they have access to the stolen information for sale.
Keith Vaz, chairman of the home affairs select committee, wants the National Crime Agency (NCA) to use its power and fulfill its purpose to shut the Web site down.
“A statement from the NCA said: “We do not routinely confirm or deny investigations nor comment on individual sites. The NCA, alongside UK and international law enforcement partners and the private sector, are working to identify and as appropriate disrupt websites selling compromised card data. We will work closely with partners of the newly established Home Office Joint Fraud Task Force to strengthen the response.”
Online scams are getting worse and more powerful in stealing people’s information. Overall, British citizens lost a total of 670 million pounds (or $972 million). The government, however, believes the total losses are more in the range of 27 billion pounds (or $39.17 billion).
Scams are getting worse, because the criminals behind them are getting smarter and know how to get around security defenses. Users need to wise up and learn about the Dark Web, take better steps to protect their information, and educate themselves on how to recognize scams.
Whitney Grace, March 21, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Bank Exports IT to India
September 1, 2015
Computer World’s article, “As It Sets IT Layoffs, Citizens Bank Shifts Work To India Via Web” sounds like it should have been published five years ago. It was not that long ago when Americans were in an uproar about jobs being outsourced to China and India, but many of those jobs have returned to the US or replaced with an alternative. Despite falling out of interest with the mainstream media, jobs are still being outsourced to Asia. Citizens Bank is having their current IT employees train their replacements in a “knowledge transfer” and they will be terminated come December.
Citizens Bank signed a five-year services contract with IBM for IT services. IBM owns a large scale IT services company in India, which pays its workers a fraction of the current Citizens Bank IT workers.
As one can imagine, the Citizens Bank employees are in an uproar:
“The number of layoffs is in dispute. Employees said as many as 150 Citizen Bank IT workers were being laid off. But this number doesn’t include contractors. IBM will be consolidating the bank’s IT infrastructure services, and, as part of that, the bank is consolidating from four vendors to one vendor, IBM. This change will result in the elimination of some contractor jobs, and when contractors are added, the total layoff estimate by employees ranges from 250 to 350.”
It is reported that some IT workers are being offered comparable positions with IBM, while others are first in line for jobs in other branches of Citizens Bank. However, the IBM jobs appear to be short term and the other bank jobs do not appear to be turning up.
Other companies are shifting their IT work overseas much to the displeasure of IT workers, who thought they would be assured job security for the rest of their lives. IT workers place the blame on companies wanting to increase profits and not caring about their employees. What is going on with Citizens Bank and other companies is not new. It has been going on for decades, but that does not make the harm to Americans any less.
Whitney Grace, September 1, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
A Technical Shift in Banking Security
July 23, 2015
Banks may soon transition from asking for your mother’s maiden name to tracking your physical behavior in the name of keeping you (and their assets) safe. IT ProPortal examines “Fraud Prevention: Knowledge-Based Ananlytics in Steep Decline.” Writer Lara Lackie cites a recent report from the Aite Group that indicates a shift from knowledge-based analytics to behavioral analytics for virtual security checkpoints. Apparently, “behavioral analytics” is basically biometrics without the legal implications. Lackie writes:
“Examples of behavioural analytics/biometrics can include the way someone types, holds their device or otherwise interacts with it. When combined, continuous behavioural analysis, and compiled behavioural biometric data, deliver far more intelligence than traditionally available without interrupting the user’s experience….
Julie Conroy, research director, Aite Group, said in the report “When the biometric is paired with strong device authentication, it is even more difficult to defeat. Many biometric solutions also include liveliness checks, to ensure it’s a human being on the other end.’
“NuData Security’s NuDetect online fraud engine, which uses continuous behavioural analysis and compiled behavioral biometric data, is able to predict fraud as early as 15 days before a fraud attempt is made. The early detection offered by NuDetect provides organisations the time to monitor, understand and prevent fraudulent transactions from taking place.”
The Aite report shows over half the banks surveyed plan to move away from traditional security questions over the next year, and six of the 19 institutions plan to enable mobile-banking biometrics by the end of this year. Proponents of the approach laud behavioral analytics as the height of fraud detection. Are Swype patterns and indicators of “liveliness” covered by privacy rights? That seems like a philosophical question to me.
Cynthia Murrell, July 23, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
-
- Subscribe to Beyond Search
Feature archive
News archive
-
