Posts Tagged ‘device fingerprinting’

Documents obtained by The New York Times said the European Commission is proposing a regulation that compels “Web sites to tell consumers why their data is being collected and retain it for only as long as necessary. If data is stolen, sites would have to notify regulators within 24 hours. It also offer[ed] consumers the right to transport their data from one service to another — to deactivate a Facebook account, for example, and take one’s trove of pictures and posts and contacts to Google Plus.”

Legal systems in every part of the world are working to come to grips with who owns online personal data, what happens to it after it’s posted, and what’s fair game to use for marketing.

Viviane Reding, the European Commission’s vice president for justice, told The Times, “Companies must be transparent about what they are doing, clear about which data is being used for what.”

If the European Parliament passes the new law, it would still not go into effect before 2014 and would not directly affect American consumers. As to American companies…well, they would only have to deal with one privacy law for the European Continent instead of the current twenty-seven different ones; Germany, a special case, has different data protection laws for each of its sixteen federal states. On the other hand, penalties for breaking the law could be as high as two percent of a company’s annual global revenue.

Plus, it’s not always easy to adhere to the letter of newly proposed law. Microsoft’s Ronald Zink, chief operating officer for European affairs, brought up concerns in discussing Microsoft’s Xbox Kinect system, which stores body measurements so it can visually recognize repeat players. He questioned whether the law would require players to provide consent every time they played a game, even if the information never left the game console. “We have designed the product to be private. We put a lot of thought into how this controls our work in terms of privacy by design.”

One of the law’s most controversial provisions is an Internet user’s right to demand that his or her accumulated data on a particular site be deleted forever. Viviane Reding states, “When a citizen has asked to get [personal data] back, then the data has to be given back. When an individual no longer wants his data to be processed, it will be deleted.”

In her New York Times article, Somini Sengupta cites critics who say deleting an individual’s personal data is not that simple and clear cut. “Data does not always stay in one place; if it is transferred to another company it cannot easily be withdrawn. A company might license some of the data it collects to a third party to analyze market sentiments or social trends: reviews of kebab joints in Amsterdam or public opinion about burqas. Moreover, it may be less feasible to erase someone’s credit history, for instance, or employment record than to, say, do away with her shopping history on Amazon.”

German Green Party member, Malte Spitz, said the proposed law should restrict how companies hold onto personal information. “Lots of companies are collecting as much information as possible, and lots of this information isn’t really necessary.”

According to Reuters, Facebook, which has been investigated by European regulators for the way it retains data, warned against rules that might not keep up with the pace of change on the Internet, saying, “There is a risk that an excessively litigious environment would impede the development of innovative services that can bring real benefit to European citizens.”

Europe, the U.S., or anywhere in the world, you can count on ThreatMetrix™ to provide both online security and custom data privacy.

Without relying on passwords, user names and cookies to protect its clients, the ThreatMetrix™ Cybercrime Defender Platform uses anonymous data from the computer, its connection to the Internet and contextual data from a transaction to sniff out cybercriminals. The ThreatMetrix Cybercrime Defender Platform is the first industry solution that integrates sophisticated malware detection and advanced device identification technologies in a single, unified platform. This unified approach to cybersecurity is a game changer. By integrating malware detection and device identification with shared, centralized intelligence, ThreatMetrix delivers the unique ability to protect the integrity of entire online transactions.

It may be big news, but it’s not exactly news. Likely the only people who didn’t know it was coming are two Bushmen in Tanzania and some San Quentin cons stuck in solitary. Yes, it has arrived. Facebook has filed to go public.

The IPO, or Initial Public Offering, is for $5 billion. And, according to CNBC “[t]he company is currently looking at a valuation of $75 billion to $100 billion, which would be one of the largest initial public offerings in U.S. history.” Oh and one more thing. Again according to CNBC, “[t]he current winner in the race for Facebook equity, with nearly $500 million, is Russian entrepreneur Yuri Milner, head of investment group DST.”

This is the kind of nuts and bolts you can read about anywhere.

Now, here’s something that’s really news. As Facebook goes public, the public’s privacy just goes.

Of Facebook’s latest move, ThreatMetrix’s Chief Products Officer, a highly-respected industry security expert, Alisdair Faulkner, says, “You can’t put a value on your privacy, but with Facebook filing for an IPO you can now put a price on your friends. That may just become the rallying cry that privacy advocates need to force greater government intervention.”

“Unfortunately, Facebook and its advertisers aren’t the only ones making money from this social network,” continued Faulkner. “Users have come to feel Facebook is secure and they can trust it to protect both their personal data and that of their friends. Hackers are taking advantage of that misplaced trust.”

“In January alone, 45,000 usernames and passwords were stolen by Ramnit malware and the traditionally banking-focused Trojan, Carberp, started targeting Facebook users to trick them into handing over e-cash,” said Faulkner.

A BBC story on the cybertheft reported security researchers saying, “We suspect that the attackers behind Ramnit are using the stolen credentials to login into victims’ Facebook accounts and to transmit malicious links to their friends, thereby magnifying the malware’s spread. They added that “cybercriminals are taking advantage of the fact that users tend to use the same password in various web-based services to gain remote access to corporate networks.”

Faulkner notes that “Twitter’s recent acquisition of Dasient, the anti-malware company, is an acknowledgement that social networks are not only a goldmine of personal data for hackers, but the best malware distribution platform ever invented.”

So if Facebook users can’t trust Facebook to protect their assets, who can they trust? They can trust any social network that uses the type of security ThreatMetrix™ provides.

Without relying on passwords, user names and cookies to protect its clients, the ThreatMetrix™ Cybercrime Defender Platform uses anonymous data from the computer, its connection to the Internet and contextual data from a transaction to sniff out cybercriminals. The ThreatMetrix Cybercrime Defender Platform is the first industry solution that integrates sophisticated malware detection and advanced device identification technologies in a single, unified platform. This unified approach to cybersecurity is a game changer. By integrating malware detection and device identification with shared, centralized intelligence, ThreatMetrix delivers the unique ability to protect the integrity of entire online transactions.

Casus belli is polite diplomatic Latin for an act of war. Except for maybe the Greeks getting a bit annoyed over losing Helen and attacking Troy, acts of war have pretty much been confined to blockades (naval and otherwise) and direct military strikes.

Now the Pentagon is in the process of officially redefining acts of war to include hacking that poses a significant threat to U.S. nuclear reactors, subways, pipelines, etc. In poker terms, what it comes down to is we’ll see your virus and raise you the U.S.S. Enterprise – and we ain’t talkin’ Star Trek.

Recently, the Wall Street Journal obtained unclassified portions of the Pentagon’s formal cyber strategy. In Siobhan Gorman and Julian E. Barnes’ WSJ article, they said attacks on Pentagon systems including military contractor, Lockheed Martin, and sabotage against Iran’s nuclear program using the Stuxnet computer worm spurred the U.S. military to action.

One nagging problem is determining where an attack originated. Another is, how strongly to retaliate once the source of the attack is determined. For example, if a cyberattack produces death, damage, destruction or high-level disruption, the offending party could get a visit from Seal Team Six, Predator Drones or the entire Fourth Infantry Division.

The Wall Street Journal story notes attacks that impacted nations since 2007:

• June 2009: First version of Stuxnet virus starts spreading, eventually sabotaging Iran’s nuclear program. Some experts suspect it was an Israeli attempt, possibly with American help.
• November 2008: A computer virus believed to have originated in Russia succeeds in penetrating at least one classified U.S. military computer network.
• August 2008: Online attack on websites of Georgian government agencies and financial institutions at start of brief war between Russia and Georgia.
• May 2007: Attack on Estonian banking and government websites occurs that is similar to the later one in Georgia but has greater impact because Estonia is more dependent on online banking.

The article notes that the “Pentagon itself was rattled by the 2008 attack, a breach significant enough that the Chairman of the Joint Chiefs briefed then-President George W. Bush. At the time, Pentagon officials said they believed the attack originated in Russia, although didn’t say whether they believed the attacks were connected to the government. Russia has denied involvement.”

Cyberwarfare isn’t governed by the traditional rules of armed conflict based on international treaties, i.e., the Geneva Conventions and customary international law.

“Act of war” according to retired Air Force Major General and Duke University law school professor Charles Dunlap is a political phrase rather than a legal term. He also argued that cyber attacks that have a violent effect are the legal equivalent of armed attacks, or what’s called in military parlance, “use of force” and should be governed by basically the same rules as any other kind of attack. In other words, the U.S. “would need to show that the cyber weapon used had an effect that was the equivalent of a conventional attack.”

Center for Strategic and International Studies’ computer security specialist James Lewis says many military planners believe retaliation should be judged by the amount of real or attempted damage the attack caused. Therefore, if a hack attack shut down as much commerce as a naval blockade, it would be considered an act of war the same way a naval blockade is.

The Gorman and Barnes WSJ story says the origin of the Stuxnet virus, meant to sabotage Iran’s nuclear centrifuges, could not be positively identified. “While some experts suspect it was an Israeli attack, because of coding characteristics, possibly with American assistance, that hasn’t been proven. Iran was the location of only 60% of the infections, according to a study by the computer security firm Symantec. Other locations included Indonesia, India, Pakistan and the U.S.” Cyberattacks on American online assets have often been attributed to China or Russia. The difficulty proving exactly where attacks originate have some Pentagon planners seeking to deter attacks by holding the countries that build cyberweapons, themselves, responsible for their use.

Whatever international law comes to recognize as a cyberspace act of war, a growing number of companies have already come to recognize that ThreatMetrix™ offers the best protection available. Without relying on passwords, user names and cookies to protect its clients, the ThreatMetrix™ Cybercrime Defender Platform uses anonymous data from the computer, its connection to the Internet and contextual data from a transaction to sniff out cybercriminals. The ThreatMetrix Cybercrime Defender Platform is the first industry solution that integrates sophisticated malware detection and advanced device identification technologies in a single, unified platform. This unified approach to cybersecurity is a game changer. By integrating malware detection and device identification with shared, centralized intelligence, ThreatMetrix delivers the unique ability to protect the integrity of entire online transactions.

Use Google?  Incidentally, does anybody out there know if Yahoo still does searches? Bing? Okay — some serious questions: Do you have a YouTube account? Use Gmail? Do you know what Google’s up to?

Everybody with an account on Gmail and YouTube already has an idea something’s in the works. That’s because they have to use the same name and password to logon to Gmail and YouTube. In fact, that’s the way it is across all Google platforms except for Google Wallet, Chrome and Google Books. So, what if you don’t feel like changing your user name or password?  Well, Google took a page from Mike C’s book.  Mike was a guy we used to play touch football with in college.  If he couldn’t play quarterback, he’d take his regulation professional ball and go home.

Mike played quarterback — a lot.  And, if you want to maintain both YouTube and Gmail accounts, you’ll have to play along, too.

So what’s this all about? Google says the move will help the company to better tailor its ads to users’ tastes, benefitting consumers. Notes Cecilia Kang in the Washington Post, “When someone is searching for the word “jaguar,” Google would have a better idea of whether the person was interested in the animal or the car. Or, the firm might suggest e-mailing contacts in New York when it learns you are planning a trip there.”

Common Sense Media chief executive James Steyer observes, “Google’s new privacy announcement is frustrating and a little frightening. Even if the company believes that tracking users across all platforms improves their services, consumers should still have the option to opt out — especially the kids and teens who are avid users of YouTube, Gmail and Google Search.”

Jeffrey Chester, executive director of the privacy advocacy group, the Center for Digital Democracy, says, “There is no way a user can comprehend the implication of Google collecting across platforms for information about your health, political opinions and financial concerns.”

Added Rep. Ed Markey (D-Mass): “It is imperative that users will be able to decide whether they want their information shared across the spectrum of Google’s offerings.”

In a touch of irony…okay, a red-hot branding iron of irony…Google is a partner in sponsoring Data Privacy Day, an annual international celebration designed to promote awareness about privacy and education about best privacy practices.

So, why would Google support Data Privacy Day and in the same calendar quarter change policy to gather even more consumer information?

“The change to its privacy policies,” says Kang in the Post article, “comes as Google is facing stiff competition for the fickle attention of Web surfers. It recently disappointed investors for the first time in several quarters, failing … to meet earnings predictions. Apple, in contrast, reported record earnings …that blew past even the most optimistic expectations.

“Some analysts said Google’s move is aimed squarely at Apple and Facebook — which have been successful in building a unified ecosystem of products that capture people’s attention. Google, in contrast, has adopted a more scattered approach, but an executive explained in interviews that the company wants to create a much more seamless environment across its variety of offerings.”

In addition to consumer privacy advocates, Google’s actions aren’t sitting too well with regulators in Washington. The Washington Post reports, “The company recently settled a privacy complaint by the Federal Trade Commission after it allowed users of its now defunct social network, Google Buzz, to see contacts’ lists from its e-mail program. And a previous decision to use its social network data in search results has been included in a broad Federal Trade Commission investigation, according to a person familiar with the matter who spoke on the condition of anonymity because the investigation is private.”  Well at least some things are still private…more irony…okay a hint of sarcasm.

To keep your company’s and its customers’ online private information private, select ThreatMetrix™. Without relying on passwords, user names and cookies to protect its clients, the ThreatMetrix™ Cybercrime Defender Platform uses anonymous data from the computer, its connection to the Internet and contextual data from a transaction to sniff out cybercriminals. The ThreatMetrix Cybercrime Defender Platform is the first industry solution that integrates sophisticated malware detection and advanced device identification technologies in a single, unified platform. This unified approach to cybersecurity is a game changer. By integrating malware detection and device identification with shared, centralized intelligence, ThreatMetrix delivers the unique ability to protect the integrity of entire online transactions.

“It” refers to data. Data Privacy Day, scheduled for January 28, is about keeping data to yourself and out of the hands of cybercriminals.  This annual international celebration is designed to promote awareness about privacy and education about privacy best practices. Official sponsors for Data Privacy Day are EBay and Intel, who are joined by a host of partners including Microsoft, Intuit, Comcast, MasterCard, AT&T, Facebook, Google, the International Association of Privacy Professionals, the State of West Virginia and….

Did we leave anybody out? Probably. But it’s a long list because Data Privacy Day is an excellent cause. Without it, literally the financial, social and political structure of society is at risk. HOLD ON. Just remembered somebody we left out —ThreatMetrix™.  ThreatMetrix strongly supports Data Privacy Day.

“We have entered a world of unprecedented identity theft and surveillance for monetary gain,” said Alisdair Faulkner, chief products officer, ThreatMetrix. “Every site we visit, everything we search for, to everything we now do, buy and share online is tracked by a growing number of powerful players. Unfortunately the evidence suggests that no data is unreachable or un-exploitable by adversaries or advertisers. Whether it be due to data breaches, phishing attacks or over-sharing, the implication is that identity can no longer be relied-on to authenticate a customer online. The distribution of our identities across the net not only threatens our privacy but also makes us all preposterously easy to impersonate.”

We  should all be concerned about data security being at risk in today’s cybercrime infested environment. And the list of companies and institutions that have had data compromised continues to grow at an alarming rate. From the criminals’ perspective, it just makes good sense. Why try knocking over a bank with a gun and a good chance of getting caught or killed when you can sit back on a beach six time zones away and with your trusty laptop steal more money in one day than bank robbers Willie Sutton, John Dillinger and Baby Face Nelson and Bonnie and Clyde did in their whole lives?
Just a cursory glance at the number and types of recent breaches that compromised personal data from finance to health records and employment histories underscores the importance of calling attention to this Pandora’s Box.

• Facebook (Social Networks): A computer worm stole 45,000 login credentials from Facebook accounts in the UK and France.

• Yale University (Academic Institutions): 43,000 Yale University faculty, staff, students and alumni names and Social Security numbers were made public via Google because a File Transfer Protocol (FTP) where data was stored became searchable.

• Cyworld (Online Gaming): 35-million records including phone numbers, email addresses, names and encrypted information about the sites’ members were taken from South Korea’s largest social networking site, Cyworld.

• PBS (Communities): Thousands of user names and passwords were compromised when a PBS Website was hacked.

• Patco Construction (Online Banking): $300,000 was stolen from Patco Construction Company’s online bank account when hackers gained access to the company’s account credentials by sending employees email with Zeus, a password stealing trojan, that infected the company’s computers.

• Citbank (Financial Services): 360,000 Citibank customers (originally Citibank said it was 210,000 customers) had their account numbers and contact information stolen by hackers.

• Pittsford, N.Y. (Government): $139,000 was stolen from the hamlet of Pittsford, a town of 25,000 near Rochester, N.Y. when cyberthieves logged onto the town’s online commercial bank account. Initiating a small batch of automated clearing house (ACH) transfers, the thieves covering their tracks by sending the transfers to “money mules” around the country.

• Comerica Bank (Banking): $560,000 of Experi-Metal Inc. (EMI) hard-earned cash slipped away when Comerica Bank let fraudsters waltz away with it.

• Sony PlayStation (Online Gaming): 70-million Sony customers were put at risk when hackers broke into Sony’s PlayStation Network (PSN) and stole credit card details. The security breech caused Sony to take down the network for “maintenance.” Subsequently, 93,000 Sony customer accounts were hacked in a separate incident. Sony believed those customers used the same Sony login credentials to logon to other sites and that the other sites were hacked, providing access to the customers’ PII (personally identifiable information).

• Sega (Online Gaming): 1.3 million users had personal information put at risk by a Sega online network breach causing the company to temporarily shut down its online network.

• Washington Post (Media): Either 1.27 million, 1.3 million or 1.6 million user IDs and email addresses were ripped off from the Washington Post’s job section.

• Pentagon (Government): 24,000 military files were stolen from a defense contractor doing business with the Pentagon in a cyberattack. On a side note, the Pentagon is now consider cyberattacks as an act of war.

• Zappos (E-Commerce): 24 million customers’ personal information was put at risk when Zappos, the online shoe outlet owned by Amazon, was hacked.

• Toshiba (Computer Manufacturing): 7,520 Toshiba customers’ email addresses, telephone numbers and passwords were stolen by cybercriminals.

• NATO (Government/Military): A Gigabyte of NATO data was stolen by Anonymous which had accessed NATO servers.

• FTC (Government): More than 18,000 cases of child identity theft were reported to the Federal Trade Commission. Children’s identities provide the kind of clean backgrounds that make it possible for thieves to create entire fictional credit histories. Often the theft is not found until the person turns 18 and starts college or looks for a job.

• Credit Card Fraud: Restaurant workers, bank tellers and other service employees skimmed, swiped and scammed millions of dollars worth of personal credit information from thousands of American and European consumers. The cost to victims, financial institutions and retail business?  More than $13 million over a 16-month period.

• RSA (Security): After a junior employee at security firm RSA fell prey to a run-of-the-mill phishing attack, hackers were able to make their way into the company’s network and hack into its SecurID servers. The attack compromised RSA tokens requiring users to enter a unique number generated by the token each time they connected to their networks. Facebook, Amazon, Abbot Laboratories, Charles Schwab, Microsoft — In all 20% of the Fortune 100 had been compromised.

• Online Advertising: An East European cybergang hijacked at least four million computers in over 100 countries. Included in the half-million hijacked computers in the United States were some at NASA.  Using these computers, the gang stole $14 million in four years with a PPC and ad scheme based on redirecting traffic and replacing genuine ads with their own.

• Steam (Online Video Game Distribution): In a major hack, 35 million user accounts at Steam, one of the world’s largest distribution networks for online video games, may have been compromised exposing credit card details and billing addresses.

• Stratfor Global Intelligence Service (Security): Stratfor Global Intelligence Service, a company which helps clients with security and is famous for its secrecy and its top-secret client list was hacked resulting in names, emails, credit card details, passwords and home addresses for some 4,000 people being compromised. Additionally, this information was used to have clients involuntarily donate to charity to the tune of a million bucks.  The hackers also said they had details for more than 90,000 credit card accounts.

• San Francisco City College (Education): For more than a decade San Francisco City College servers have been stealing personal banking information and other data from thousands, or even tens of thousands, of students, faculty and administrators in what the San Francisco Chronicle refers to as “an infestation” of computer viruses with origins in criminal networks in Russia, China et al.

• South Africa’s Postbank (Government): $6.7 million was stolen from South Africa’s Postbank when cyberthieves accessed a computer from a remote location and hacked into Postbank’s server system using stolen login details for a Postbank teller and a call-center agent.

• Epsilon (Email Marketing Services): Epsilon, a large email marketing services company, reported a data breach that could affect the email addresses of thousands of customers of major banks, retail and hotel chains. This impacted financial services institutions such as Capital One, US Bank, JPMorgan Chase, Citi and Barclays Bank of Delaware. However, the only Barclays Bank of Delaware customers affected were the ones who have an LL Bean VISA card. In addition to the banks, other impacted companies included hotel brands Ritz-Carlton Rewards and Marriott Rewards, and retail heavyweights Home Shopping Network, Walgreens, Brookstone, New York & Company and Kroger. TiVo is also included in this list.

• WordPress.com (Blogs): WordPress.com, which hosts more than 19 million blogs, had its servers compromised and sensitive data taken.

• The State of Texas (Government): 3.5 million Texans had their names and Social Security numbers (and in some cases their dates of birth and driver’s license numbers publicly posted in a data breach at the Texas state comptroller’s office.

• International Monetary Fund (Banking/Government): Damage still not assessed or admitted to by the International Monetary Fund which fell victim to a large and sophisticated cyberattack that led the IMF to cut the link that allowed it and the World Bank to share confidential information.

Keep it to yourself. Protect your data with ThreatMetrix solutions. Without relying on passwords, user names and cookies to protect its clients, the ThreatMetrix™ Cybercrime Defender Platform uses anonymous data from the computer, its connection to the Internet and contextual data from a transaction to sniff out cybercriminals. The ThreatMetrix Cybercrime Defender Platform is the first industry solution that integrates sophisticated malware detection and advanced device identification technologies in a single, unified platform. This unified approach to cybersecurity is a game changer. By integrating malware detection and device identification with shared, centralized intelligence, ThreatMetrix delivers the unique ability to protect the integrity of entire online transactions.

Perhaps a little birdie told Twitter to buy a malware company or maybe they took a page from the ThreatMetrix™ playbook. On January 10, ThreatMetrix acquired Australia-based TrustDefender, which provides secure browsing technology to protect against malware and man-in-the-browser (MitB) attacks. Or maybe it was done in advance of Twitter’s new advertising launch? Say, didn’t one of the company’s founders say Twitter would never use advertising as a way to monetize the company? Nah, must’ve been another company with the same name. 

In any case, in preparation for its new ad service, Twitter announced the acquisition of spam and malware protection service, Dasient. Rachael Horwitz, a Twitter spokesperson told Mashable.com that Dasient would be integrated into Twitter’s “revenue engineering team because they have a deep understanding of advertising-platform security issues.” Considering the cybercrime-ridden environment into which Twitter is starting its new ad service, it would seem prudent that first and foremost the company would address security.

According to an Aite Group report (“Know Your Enemy: Successful Online Fraud Mitigation Strategies”), 25 million new, unique strains of malware were released in 2011. That number is projected to grow to 87 million strains by the end of 2015.

A Gartner Group report (“The Five Layers of Fraud Prevention and Using Them to Beat Malware”) containing a survey of 76 U.S. banks found malware was the number one cyberthreat.

Of the advertising platform, Mashable.com reports, “The self-serve platform lets advertisers purchase ads without going through a sales representative. Anyone with a credit card and the desire to utilize ‘Promoted Products’ to boost their brand recognition can get on-board with this service. However, the service is not yet available to the public.”

eMarketer, which does market research and statistics, projected Twitter’s ad-generated revenue could earn the company $399.5 million by 2013. With that kind of money on the table, Twitter would appear to be a magnet for cyberthieves.

Mashable.com observes that Twitter is already the object of malware threats going back to 2010, when “the FTC ruled that Twitter would be subject to a bi-annual security audit after 55 celebrity accounts were hacked, including the accounts of Barack Obama, Britney Spears and Facebook. Spammers have also taken advantage of Twitter’s trending topics in order to target a large amount of people.”

Till now, Twitter’s reputation was on the line with the possibility of a search engine blacklisting any site “overrun” by malware.  However, adding big advertising dollars to the mix raises the stakes considerably and makes the Dasient acquisition a very smart move.

Is buying and integrating a malware company into your company a bit “over the top?”  No worries.  You can still get the best protection on the planet from malware and the full range of cyberthreats from ThreatMetrix.

Without relying on passwords, user names and cookies to protect its clients, the ThreatMetrix™ Cybercrime Defender Platform uses anonymous data from the computer, its connection to the Internet and contextual data from a transaction to sniff out cybercriminals. The ThreatMetrix Cybercrime Defender Platform is the first industry solution that integrates sophisticated malware detection and advanced device identification technologies in a single, unified platform. This unified approach to cybersecurity is a game changer. By integrating malware detection and device identification with shared, centralized intelligence, ThreatMetrix delivers the unique ability to protect the integrity of entire online transactions.

Is this the latest round in a fight against McCarthy-ism and fifties-style blacklisting or an overreaction to a law that protects intellectual property, privacy and copyright?

Basically, according to Wikipedia, the Stop Online Piracy Act (SOPA) allows the U.S. Department of Justice, as well as copyright holders, to seek court orders against websites accused of enabling or facilitating copyright infringement. Depending on who requests the court orders, the actions could include barring online advertising networks and payment facilitators such as PayPal from doing business with an infringing website. The bill also includes barring search engines from linking to such sites, and requires Internet service providers to block access.  Additionally, SOPA makes unauthorized streaming of copyrighted content a felony while offering immunity to Internet services that voluntarily take action against websites dedicated to infringement.

SOPA proponents say it protects the intellectual property market and corresponding industry, jobs and revenue, and is necessary to bolster enforcement of copyright laws especially against foreign websites.

Opponents, like the Electronic Frontier Foundation (EFF), hold that SOPA would create blacklists for online censorship, harm cybersecurity efforts, set bad international precedent, and lead to a fractured Internet.

Whatever side you take in regard to SOPA or if you believe both sides have valid points, the one area everyone agrees on is protection of online assets from fraud, theft and other cybercrimes.  And, nobody protects those assets better than ThreatMetrix™.

ThreatMetrix doesn’t rely on passwords, user names and cookies to protect its clients.  Instead the ThreatMetrix™ Cybercrime Defender Platform uses anonymous data from the computer, its connection to the Internet and contextual data from a transaction to sniff out cybercriminals whether they’re in San Jose, Shanghai or St. Petersburg. The ThreatMetrix Cybercrime Defender Platform is the first industry solution that integrates sophisticated malware detection and advanced device identification technologies in a single, unified platform. This unified approach to cybersecurity is a game changer. By integrating malware detection and device identification with shared, centralized intelligence, ThreatMetrix delivers the unique ability to protect the integrity of entire online transactions.

PrECISE (Promoting and Enhancing Cybersecurity and Information Sharing Effectiveness) is the cybersecurity bill introduced by members of the House Homeland Security Committee.  PrECISE establishes a quasi-governmental entity to oversee information-sharing with the private sector.

Wouldn’t you like to have sat in on the meeting where they decided on the acronym, PrECISE?  (Probably more like multiple meetings with emails flying back and forth for months):

Staffers: “How about Cybersecurity Information Sharing (CIS)?”

Committee: “CIS?  Too close to CIA, which is supposed to gather information, not spread it. Leaves the wrong impression.”

Staffers: “How about Promoting and Enhancing Cybersecurity and Information Sharing Effectiveness (PECISE)?”

Committee:  “That’d be pronounced Pea-size. Does Pea-size sound like the taxpayers are getting any bang for their buck?”

Staffers:  “How about we put in an “R” for Research? “Promoting Research and Enhancing Cybersecurity and Information Sharing Effectiveness.” Then we’ve got PRECISE. “

Committee: “PRECISE.  Like it.  But we’re not doing Research. That makes PRECISE imprecise.”

Staffers:  “Okay, we can take the “R” from “Promoting” to make it “PRECISE.” And to differentiate it from the rest of the acronym, we can make the “R” an “r”.

Committee:  “But what do we do about the “a”s in the “ands” in “Promoting Research and Enhancing Cybersecurity and Information Sharing Effectiveness?”

Staffers:  “Lower case ands are always silent.” 

Committee:  “Precisely.”

However the PrECISE Act got its name, The Hill’s “Hillicon Valley Technology Blog” reports that it’s designed to encourage “private firms to share information on cyber threats [stopping] short of mandating new security standards for sectors deemed critical to national security” following other cybersecurity bills offered by House Republicans.

The bill lays out the Department of Homeland Security’s cybersecurity functions which would require DHS to evaluate cybersecurity risks for critical infrastructure firms and determine the best way to mitigate the risks.

“Cybersecurity is truly a team sport, and this bill gives DHS needed authorities to play its part in the federal government’s cybersecurity mission and enables the private sector to play its part by giving them the information and access to technical support they need to protect critical infrastructure,” said House Cybersecurity subcommittee Chairman Dan Lungren (R-Calif.).

Hillicon Valley Technology Blog observes, “By authorizing DHS to oversee civilian cybersecurity, the legislation aligns with proposals from both the Senate and the White House, but it is unclear how much authority DHS would have to enforce its security standards. Democrats have argued DHS needs some enforcement authority to ensure firms beef up their network protections.”

While there hasn’t been a whole lot of bi-partisan support for any measure recently, this bill appears to come close. Bennie Thompson (D-Miss.) said, “Introduction of this legislation represents a solid and significant step forward in the effort to secure our nation’s cyber infrastructure. While I am not prepared to give my full support to the bill at this time, there’s a lot to like in this bill. I am pleased that it gives DHS the authority and resources it needs to fulfill its cybersecurity mission instead of creating a whole new bureaucracy or complicated regulatory framework.”

Offers Cybersecurity sub-panel ranking member Yvette Clarke (D-N.Y.), “While we continue to review this legislation, I look forward to working with my colleagues in a more collaborative way to strengthen this bill.”

You may have to wait for Congress to work out the precise language of PrECISE before it’s enacted.  But, you don’t have to wait to achieve the most effective protection for your online assets.  That protection is available today from ThreatMetrix™.

The first perimeter and the most effective element in a multi-layered defense against cybercriminals is device identification.  Offering transaction security from hidden proxies, scripted attacks and cookie and browser manipulation, the ThreatMetrix™ Cloud-Based Fraud Prevention Platform  lets companies authenticate payments, new accounts and returning customers in real time. And it doesn’t matter what device is being used from smartphones to PCs to tablets. Combined with aggregated fraud intelligence in the cloud, ThreatMetrix device identification offers companies maximum protection without the need to collect Social Security numbers, email addresses or bank account information.

1917:  The Foreign Secretary of the German Empire, Arthur Zimmermann sent a diplomatic proposal from the German Empire to Mexico to make war against the United States. Intercepted by British intelligence and forwarded on to the United States, the Zimmermann Note angered Americans, adding another reason for the U.S. declaration of war against Germany in World War I.

2011: U.S. officials investigate reports that Iranian and Venezuelan diplomats in Mexico are involved in planned cyberattacks against U.S. targets, including nuclear power plants.

According to the Washington Times, a documentary that aired on the Spanish-language TV network, Univision, included secretly recorded footage of Iranian and Venezuelan diplomats being briefed on planned attacks and promising to pass information to their respective governments.

A former computer instructor at the National Autonomous University of Mexico told Univision that he was recruited by a professor there in 2006 to organize a group of student hackers to carry out cyberattacks against the United States, initially at the behest of the Cuban Embassy.

In an undercover sting, an instructor and several students infiltrated the hackers, secretly videotaping Iranian and Venezuelan diplomats.

State Department spokesperson William Ostick called the reports “disturbing,” but added that U.S. officials “don’t have any information at this point to corroborate them.”  However, earlier this year, U.S. prosecutors charged an Iranian official based in Tehran with trying to recruit a Mexican drug cartel to kill the Saudi ambassador to the United States by bombing a Washington restaurant. Ostick noted, “We constantly monitor for possible connections between terrorists and transnational criminals.”

An aide to New Jersey Senator Robert Menendez, chairman of the Senate Foreign Relations subcommittee on the Western Hemisphere told the Washington Times that the Univision report, which also said that Iranian extremists were recruiting young Latin American Muslims, is “one of a variety of concerns we have about Iran’s efforts to engage with countries and other actors in the region.”

Stating the obvious: technology has changed dramatically since 1917. People haven’t.  To ensure your company is protected against attack from people, who are out to cause harm or perpetrate fraud, the best solutions come from ThreatMetrix. Without requiring personal identifiable information, such as Social Security Numbers, that can be compromised, ThreatMetrix solutions nab criminals in real-time before they can do real damage. The ThreatMetrix™ Cloud-Based Fraud Prevention Platform uses anonymous data from the computer, its connection to the Internet and contextual data from a transaction to stop criminals whether in Toledo or Tehran.

Just released in a second edition, Inside Cyber Warfare: Mapping the Cyber Underworld by Jeffrey Carr, is a wide-ranging overview of virtually every type of online illicit activity from cyber spying and cyber stealing to malicious malware attacks and identity theft.

Carr, a cyber intelligence expert is a columnist for Symantec’s Security Focus. A writer who specializes in investigating cyber attacks against governments and infrastructures, he’s been quoted in The New York Times, Washington Post, The Guardian, Business Week, Parameters, and Wired. Carr was also principal Investigator for Project Grey Goose, an Open Source intelligence investigation into the Russian cyber attacks on Georgia in August, 2008.

With a foreword by former Secretary of Homeland Security, Michael Chertoff and guest essays, including an essay by former senior advisor to the Director of National Intelligence and Cyber Coordination Executive,  Melissa Hathaway, Inside Cyber Warfare is encyclopedic in scope as it takes up :

·      The Conficker Worm: The Cyber Equivalent of an Extinction Event?

·      Africa: The Future Home of the World’s Largest Botnet?

·      The StopGeorgia.ru Project Forum

·      The Russian Information War

·      The Gaza Cyber War between Israeli and Arabic Hackers during Operation Cast Lead

·      Control the Voice of the Opposition by Controlling the Content in Cyberspace: Nigeria

·      Are Non-state Hackers a Protected Asset?

·     The Legal Status of Cyber Warfare

·      The Antarctic Treaty System and Space Law

·      The Law of Armed Conflict

·      Is This an Act of Cyber Warfare?

·      Responding to International Cyber Attacks as Acts of War

·      Analyzing Cyber Attacks under Jus ad Bellum – whether entering into a war would be a just war

·      The Korean DDoS Attacks (July 2009)

·      One Year After the RU-GE War (the War between Russia and Georgia)  Social Networking Sites Fall to DDoS Attack

·      Ingushetia Conflict, August 2009

·      Pakistani Hackers and Facebook

·      TwitterGate: A Real-World Example of a Social Engineering Attack with Dire Consequences

·      False Identities

·      Components of a Bulletproof Network

·      The Bulletproof Network of StopGeorgia.ru

·      SORM-2

·      The Kremlin and the Russian Internet

·      A Three-Tier Model of Command and Control

·      Organized Crime in Cyberspace

·      Russian Organized Crime and the Kremlin

·      Using Open Source Internet Data

·      Team Cymru and Its Darknet Report

·      Using WHOIS

·      Weaponizing Malware

·      The Role of Cyber in Military Doctrine

·      China Military Doctrine

·      A Cyber Early Warning Model

·      Advice for Policymakers from the Field

·      When It Comes to Cyber Warfare: Shoot the Hostage

·      The United States Should Use Active Defenses to Defend Its Critical Information Systems

·      Scenarios and Options to Responding to Cyber Attacks

·      Whole-of-Nation Cyber Security

·      Conducting Operations in the Cyber-Space-Time Continuum

·      Anarchist Clusters: Anonymous, LulzSec, and the Anti-Sec Movement

·      Social Networks: The Geopolitical Strategy of Russian Investment in Social Media

·      Globalization: How Huawei Bypassed US Monitoring by Partnering with Symantec

·      The Russian Federation: Information Warfare Framework

·      Russia: The Information Security State

·      Russian Ministry of Defense

·      Internal Security Services: Federal Security Service (FSB), Ministry of Interior (MVD), and Federal Security Organization (FSO)

·      Russian Federation Ministry of Communications and Mass Communications (Minsvyaz)

·      Cyber Warfare Capabilities for: Australia – Brazil – Canada – Czech Republic – Democratic People’s Republic of Korea – Estonia – European Union – France – Germany – India – Iran – Israel – Italy – Kenya – Myanmar – NATO – Netherlands – Nigeria – Pakistan – People’s Republic of China – Poland – Republic of Korea – Russian Federation – Singapore – South Africa – Sweden – Taiwan (Republic of China) – Turkey – United Kingdom

·      US Department of Defense Cyber Command and Organizational Structure

·      Active Defense for Cyber: A Legal Framework for Covert Countermeasures

·      Covert Action

·      Cyber Active Defenses as Covert Action Under International Law

The book covers much more in 316 pages that are topical while, at the same time, providing in-depth analyses of the often dark underbelly of cyberspace.

For maximum protection from cyberspace’s dark underbelly, there’s one company that stands out — ThreatMetrix. ThreatMetrix offers superior solutions that can’t be compromised by break-ins. ThreatMetrix solutions protect against bad scripts and fraudulent account logins, payments and transactions.  With customized rules for each, ThreatMetrix solutions are designed to interdict attacks of fraud and other criminal behavior in real-time, while passively and transparently profiling users — without collecting extraneous personal identity information such as Social Security Numbers, birth dates and mother’s maiden names.