Posts Tagged ‘fraud prevention’

Documents obtained by The New York Times said the European Commission is proposing a regulation that compels “Web sites to tell consumers why their data is being collected and retain it for only as long as necessary. If data is stolen, sites would have to notify regulators within 24 hours. It also offer[ed] consumers the right to transport their data from one service to another — to deactivate a Facebook account, for example, and take one’s trove of pictures and posts and contacts to Google Plus.”

Legal systems in every part of the world are working to come to grips with who owns online personal data, what happens to it after it’s posted, and what’s fair game to use for marketing.

Viviane Reding, the European Commission’s vice president for justice, told The Times, “Companies must be transparent about what they are doing, clear about which data is being used for what.”

If the European Parliament passes the new law, it would still not go into effect before 2014 and would not directly affect American consumers. As to American companies…well, they would only have to deal with one privacy law for the European Continent instead of the current twenty-seven different ones; Germany, a special case, has different data protection laws for each of its sixteen federal states. On the other hand, penalties for breaking the law could be as high as two percent of a company’s annual global revenue.

Plus, it’s not always easy to adhere to the letter of newly proposed law. Microsoft’s Ronald Zink, chief operating officer for European affairs, brought up concerns in discussing Microsoft’s Xbox Kinect system, which stores body measurements so it can visually recognize repeat players. He questioned whether the law would require players to provide consent every time they played a game, even if the information never left the game console. “We have designed the product to be private. We put a lot of thought into how this controls our work in terms of privacy by design.”

One of the law’s most controversial provisions is an Internet user’s right to demand that his or her accumulated data on a particular site be deleted forever. Viviane Reding states, “When a citizen has asked to get [personal data] back, then the data has to be given back. When an individual no longer wants his data to be processed, it will be deleted.”

In her New York Times article, Somini Sengupta cites critics who say deleting an individual’s personal data is not that simple and clear cut. “Data does not always stay in one place; if it is transferred to another company it cannot easily be withdrawn. A company might license some of the data it collects to a third party to analyze market sentiments or social trends: reviews of kebab joints in Amsterdam or public opinion about burqas. Moreover, it may be less feasible to erase someone’s credit history, for instance, or employment record than to, say, do away with her shopping history on Amazon.”

German Green Party member, Malte Spitz, said the proposed law should restrict how companies hold onto personal information. “Lots of companies are collecting as much information as possible, and lots of this information isn’t really necessary.”

According to Reuters, Facebook, which has been investigated by European regulators for the way it retains data, warned against rules that might not keep up with the pace of change on the Internet, saying, “There is a risk that an excessively litigious environment would impede the development of innovative services that can bring real benefit to European citizens.”

Europe, the U.S., or anywhere in the world, you can count on ThreatMetrix™ to provide both online security and custom data privacy.

Without relying on passwords, user names and cookies to protect its clients, the ThreatMetrix™ Cybercrime Defender Platform uses anonymous data from the computer, its connection to the Internet and contextual data from a transaction to sniff out cybercriminals. The ThreatMetrix Cybercrime Defender Platform is the first industry solution that integrates sophisticated malware detection and advanced device identification technologies in a single, unified platform. This unified approach to cybersecurity is a game changer. By integrating malware detection and device identification with shared, centralized intelligence, ThreatMetrix delivers the unique ability to protect the integrity of entire online transactions.

Use Google?  Incidentally, does anybody out there know if Yahoo still does searches? Bing? Okay — some serious questions: Do you have a YouTube account? Use Gmail? Do you know what Google’s up to?

Everybody with an account on Gmail and YouTube already has an idea something’s in the works. That’s because they have to use the same name and password to logon to Gmail and YouTube. In fact, that’s the way it is across all Google platforms except for Google Wallet, Chrome and Google Books. So, what if you don’t feel like changing your user name or password?  Well, Google took a page from Mike C’s book.  Mike was a guy we used to play touch football with in college.  If he couldn’t play quarterback, he’d take his regulation professional ball and go home.

Mike played quarterback — a lot.  And, if you want to maintain both YouTube and Gmail accounts, you’ll have to play along, too.

So what’s this all about? Google says the move will help the company to better tailor its ads to users’ tastes, benefitting consumers. Notes Cecilia Kang in the Washington Post, “When someone is searching for the word “jaguar,” Google would have a better idea of whether the person was interested in the animal or the car. Or, the firm might suggest e-mailing contacts in New York when it learns you are planning a trip there.”

Common Sense Media chief executive James Steyer observes, “Google’s new privacy announcement is frustrating and a little frightening. Even if the company believes that tracking users across all platforms improves their services, consumers should still have the option to opt out — especially the kids and teens who are avid users of YouTube, Gmail and Google Search.”

Jeffrey Chester, executive director of the privacy advocacy group, the Center for Digital Democracy, says, “There is no way a user can comprehend the implication of Google collecting across platforms for information about your health, political opinions and financial concerns.”

Added Rep. Ed Markey (D-Mass): “It is imperative that users will be able to decide whether they want their information shared across the spectrum of Google’s offerings.”

In a touch of irony…okay, a red-hot branding iron of irony…Google is a partner in sponsoring Data Privacy Day, an annual international celebration designed to promote awareness about privacy and education about best privacy practices.

So, why would Google support Data Privacy Day and in the same calendar quarter change policy to gather even more consumer information?

“The change to its privacy policies,” says Kang in the Post article, “comes as Google is facing stiff competition for the fickle attention of Web surfers. It recently disappointed investors for the first time in several quarters, failing … to meet earnings predictions. Apple, in contrast, reported record earnings …that blew past even the most optimistic expectations.

“Some analysts said Google’s move is aimed squarely at Apple and Facebook — which have been successful in building a unified ecosystem of products that capture people’s attention. Google, in contrast, has adopted a more scattered approach, but an executive explained in interviews that the company wants to create a much more seamless environment across its variety of offerings.”

In addition to consumer privacy advocates, Google’s actions aren’t sitting too well with regulators in Washington. The Washington Post reports, “The company recently settled a privacy complaint by the Federal Trade Commission after it allowed users of its now defunct social network, Google Buzz, to see contacts’ lists from its e-mail program. And a previous decision to use its social network data in search results has been included in a broad Federal Trade Commission investigation, according to a person familiar with the matter who spoke on the condition of anonymity because the investigation is private.”  Well at least some things are still private…more irony…okay a hint of sarcasm.

To keep your company’s and its customers’ online private information private, select ThreatMetrix™. Without relying on passwords, user names and cookies to protect its clients, the ThreatMetrix™ Cybercrime Defender Platform uses anonymous data from the computer, its connection to the Internet and contextual data from a transaction to sniff out cybercriminals. The ThreatMetrix Cybercrime Defender Platform is the first industry solution that integrates sophisticated malware detection and advanced device identification technologies in a single, unified platform. This unified approach to cybersecurity is a game changer. By integrating malware detection and device identification with shared, centralized intelligence, ThreatMetrix delivers the unique ability to protect the integrity of entire online transactions.

Okay, the Chinese probably didn’t say “Je suis innocent.” (I am innocent). French Army Captain Alfred Dreyfus famously did upon being convicted of spying for the Germans in 1894 and sent to Devil’s Island.  Ultimately, Dreyfus was proven innocent.  However, the same may not be said of the Chinese about the attacks on the Chamber of Commerce — though they claimed they didn’t do it.

Reports the Wall Street Journal, “A spokesman for the Chinese Embassy in Washington, Geng Shuang, said [presumably not in French] cyberattacks are prohibited by Chinese law and China itself is a victim of attacks. He said the allegation that the attack against the Chamber originated in China ‘lacks proof and evidence and is irresponsible, adding that the hacking issue shouldn’t be ‘politicized.’”

However, somebody did hack the Chamber and people who should know from Richard Clarke, former White House counter-terrorism adviser, to congressional leaders to the FBI either hint or come right out and state the attacks came from China.

Clarke told ABC News, “The Chinese have attacked every major U.S. company, every government agency, and NGOs [non-governmental organizations]. Their attacking the Chamber of Commerce is part of a pattern of their attacking everything in the US. If you’re working on U.S.-China relations with an NGO [or] government agency, you can be sure the Chinese are reading your emails on your computer.” He went on to say, “I don’t think the Chamber of Commerce has anything worth stealing, but it’s part of a pattern of the Chinese stealing everything they can, and that’s worrying.”

The Wall Street Journal characterized the attack as “one of the boldest known infiltrations in what has become a regular confrontation between U.S. companies and Chinese hackers. The complex operation, which involved at least 300 Internet addresses, was discovered and quietly shut down in May 2010.”

It isn’t clear how much of the compromised data was viewed by the hackers. Chamber officials say internal investigators found evidence that hackers had focused on four Chamber employees who worked on Asia policy, and that six weeks of their email had been stolen.

Another report had it that the penetration into the Chamber of Commerce was so complete that a Chamber thermostat was communicating with a computer in China. Another time, Chamber employees were surprised to see one of their printers printing in Chinese.  Of course it might not have been Chinese. Ever see an inkjet suddenly go haywire?  Sure looks like Chinese.

Anyway…

The Chamber’s Chief Operating Officer David Chavern observed, “What was unusual about it was that this was clearly somebody very sophisticated, who knew exactly who we are and who targeted specific people and used sophisticated tools to try to gather intelligence.”

A Bloomberg report stated that “two people familiar with the Chamber investigation said certain technical aspects of the attack suggested it was carried out by a known group operating out of China. It isn’t clear exactly how the hackers broke in to the Chamber’s systems. Evidence suggests they were in the network at least from November 2009 to May 2010.”

Learning of the break-in, Chamber security experts didn’t tip their hands.  According to Bloomberg, “They first watched the hackers in action to assess the operation. The intruders, in what appeared to be an effort to ensure continued access to the Chamber’s systems, had built at least a half-dozen so-called back doors that allowed them to come and go as they pleased….They also built in mechanisms that would quietly communicate with computers in China every week or two.

“The hackers used tools that allowed them to search for key words across a range of documents on the Chamber’s network, including searches for financial and budget information.”

Cyberspies, who have access to a network for many months, often take measures to cover their tracks and to conceal what they’ve stolen.

According to Bloomberg, “To beef up security, the Chamber installed more sophisticated detection equipment and barred employees from taking the portable devices they use every day to certain countries, including China, where the risk of infiltration is considered high. Instead, Chamber employees are issued different equipment before their trips — equipment that is checked thoroughly upon their return.

Chamber officials say they haven’t been able to keep intruders completely out of their system, but now can detect and isolate attacks quickly.”

The Chamber eventually shut down the hackers by unplugging and destroying some computers and overhauling the security system, which was timed for a 36-hour period over one weekend when the hackers, who kept regular working hours were expected to be off duty. (Not a good idea to mess with hackers about overtime — tough union.)

The Bloomberg story went on to say “U.S. intelligence officials and lawmakers have become alarmed by the growing number of cyber break-ins with roots in China. Last month, the U.S. counterintelligence chief issued a blunt critique of China’s theft of American corporate intellectual property and economic data, calling China “the world’s most active and persistent perpetrators of economic espionage” and warning that large-scale industrial espionage threatens U.S. competitiveness and national security.”

About ongoing hacking of American corporations, Senator Sheldon Whitehouse of Rhode Island observed, “I think there’s a case to be made that this may be the greatest transfer of wealth through theft and piracy in the history of the world and we are on the losing end of it.”

Before your intellectual property or business plans become a casualty of cyberspies, get the best protection available.  Get ThreatMetrix™.

ThreatMetrix doesn’t rely on passwords, user names and cookies to protect its clients.  Instead the ThreatMetrix™ Cybercrime Defender Platform uses anonymous data from the computer, its connection to the Internet and contextual data from a transaction to sniff out cybercriminals. The ThreatMetrix Cybercrime Defender Platform is the first industry solution that integrates sophisticated malware detection and advanced device identification technologies in a single, unified platform. This unified approach to cybersecurity is a game changer. By integrating malware detection and device identification with shared, centralized intelligence, ThreatMetrix delivers the unique ability to protect the integrity of entire online transactions.

Perhaps a little birdie told Twitter to buy a malware company or maybe they took a page from the ThreatMetrix™ playbook. On January 10, ThreatMetrix acquired Australia-based TrustDefender, which provides secure browsing technology to protect against malware and man-in-the-browser (MitB) attacks. Or maybe it was done in advance of Twitter’s new advertising launch? Say, didn’t one of the company’s founders say Twitter would never use advertising as a way to monetize the company? Nah, must’ve been another company with the same name. 

In any case, in preparation for its new ad service, Twitter announced the acquisition of spam and malware protection service, Dasient. Rachael Horwitz, a Twitter spokesperson told Mashable.com that Dasient would be integrated into Twitter’s “revenue engineering team because they have a deep understanding of advertising-platform security issues.” Considering the cybercrime-ridden environment into which Twitter is starting its new ad service, it would seem prudent that first and foremost the company would address security.

According to an Aite Group report (“Know Your Enemy: Successful Online Fraud Mitigation Strategies”), 25 million new, unique strains of malware were released in 2011. That number is projected to grow to 87 million strains by the end of 2015.

A Gartner Group report (“The Five Layers of Fraud Prevention and Using Them to Beat Malware”) containing a survey of 76 U.S. banks found malware was the number one cyberthreat.

Of the advertising platform, Mashable.com reports, “The self-serve platform lets advertisers purchase ads without going through a sales representative. Anyone with a credit card and the desire to utilize ‘Promoted Products’ to boost their brand recognition can get on-board with this service. However, the service is not yet available to the public.”

eMarketer, which does market research and statistics, projected Twitter’s ad-generated revenue could earn the company $399.5 million by 2013. With that kind of money on the table, Twitter would appear to be a magnet for cyberthieves.

Mashable.com observes that Twitter is already the object of malware threats going back to 2010, when “the FTC ruled that Twitter would be subject to a bi-annual security audit after 55 celebrity accounts were hacked, including the accounts of Barack Obama, Britney Spears and Facebook. Spammers have also taken advantage of Twitter’s trending topics in order to target a large amount of people.”

Till now, Twitter’s reputation was on the line with the possibility of a search engine blacklisting any site “overrun” by malware.  However, adding big advertising dollars to the mix raises the stakes considerably and makes the Dasient acquisition a very smart move.

Is buying and integrating a malware company into your company a bit “over the top?”  No worries.  You can still get the best protection on the planet from malware and the full range of cyberthreats from ThreatMetrix.

Without relying on passwords, user names and cookies to protect its clients, the ThreatMetrix™ Cybercrime Defender Platform uses anonymous data from the computer, its connection to the Internet and contextual data from a transaction to sniff out cybercriminals. The ThreatMetrix Cybercrime Defender Platform is the first industry solution that integrates sophisticated malware detection and advanced device identification technologies in a single, unified platform. This unified approach to cybersecurity is a game changer. By integrating malware detection and device identification with shared, centralized intelligence, ThreatMetrix delivers the unique ability to protect the integrity of entire online transactions.

Zappos, the online shoe outlet owned by Amazon, was hacked putting some 24-million customers’ personal information at risk. PCWorld.com reported that Zappos CEO, Tony Hsieh, told customers that, “names, email addresses, billing and shipping addresses, phone numbers, the last four digits of credit card numbers, and encrypted passwords may have been exposed.”  He added that the good news was that the database storing actual credit card and payment data had not been breached.

Nevertheless, the New York Daily News reported that the company had put out a statement informing customers of the incident and asking them to change their passwords. Customers, who attempted to phone Zappos for information, were met with the sounds of silence. Zappos’ CEO said in a memo, “We have made the hard decision to turn off our phones and direct customers to contact us by email because our phone systems simply aren’t capable of handling so much volume. (If 5% of our customers call, that would be over 1 million phone calls, most of which would not even make it into our phone system in the first place.).”

In an email to employees, which was posted to the Zappos blog, the company said the cyberattack came from a criminal who had gained access to parts of the company’s internal network and systems through a server in Kentucky.

Andrew Storms, director of security operations at nCircle, told PCWorld.com that Zappos’ response to the incident seemed to be appropriate in so far as it had notified customers, and reset all passwords to force customers to create new ones to replace those that may be exposed or cracked as a result of the breach.

Security expert, Neil Roiter, research director for Corero Network Security, observed, “Companies such as Zappos should have technology in place that monitors activity on their networks and reports in real time on suspicious activity or activity that does not conform to security policy. The sooner an organization detects a breach, the more quickly it can contain it.”

ThreatMetrix, the fastest-growing provider of integrated cybercrime prevention solutions, offers superior solutions that can’t be compromised by break-ins. The ThreatMetrix™ Cybercrime Defender Platform helps companies protect customer data and secure transactions against fraud, malware, data breaches, as well as man-in-the browser (MitB) and Trojan attacks. The Platform consists of advanced cybersecurity technologies, including TrustDefender™ ID, which is cloud-based, real-time device identification, as well as malware protection with TrustDefender™ Cloud and TrustDefender™ Client. The company serves a rapidly growing global customer base across a variety of industries, including financial services, e-commerce, payments,social networks, government, and healthcare.

To meet the ever mounting threat posed by malware, ThreatMetrix™, the fastest-growing provider of integrated cybercrime prevention solutions, announced today that it has acquired the Australian-based company TrustDefender™, a recognized leader of secure browsing technology to stop man-in-the-browser (MitB) attacks and provide malware protection.

The ThreatMetrix™ Cybercrime Defender Platform is the first industry solution that integrates sophisticated malware detection and advanced device identification technologies in a single, unified platform.

This unified approach to cybersecurity is a game changer. By integrating malware detection and device identification with shared, centralized intelligence, ThreatMetrix delivers the unique ability to protect the integrity of entire online transactions.

The combined companies will operate under the ThreatMetrix name with global operations in the United States, Australia and Europe. The corporate headquarters will be located in San Jose, California.

“The natural synergies between device identification and secure browsing are very obvious,” said Reed Taussig, president and CEO, ThreatMetrix. “Successful transaction profiling requires sophisticated malware detection and intelligent device identification to determine if the device is compromised or if the transaction is at risk of being fraudulent. While our customers have recognized this for a long time, the only available solution – until now – was to implement multiple products across different vendors. By integrating advanced device identification and secure browsing into a single, competitively priced, easy-to-install and easy-to-use product, ThreatMetrix is delivering the most complete online fraud management solution available in the market today.”

The Growing Global Malware Threat 

According to an Aite Group report (“Know Your Enemy: Successful Online Fraud Mitigation Strategies”), 25 million new, unique strains of malware were released in 2011. That number is projected to grow to 87 million strains by the end of 2015.

A Gartner Group report (“The Five Layers of Fraud Prevention and Using Them to Beat Malware”) containing a survey of 76 U.S. banks found malware was the number one cyberthreat.  Gartner’s recommendation:  banks and financial institutions implement a layered approach to fraud prevention to prevent and contain against cybercriminal attacks.

According to Andreas Baumhof, co-founder and CEO of TrustDefender, who now joins ThreatMetrix as CTO, the acquisition addresses the growing global malware threat.

“In 2011 we saw a huge increase in sophisticated MitB Trojan activities supporting fraudulent transactions with stolen identities,” said Baumhof. “Malware protection and fraud prevention are closely related, yet no truly integrated solutions were available in the market. The merger allows ThreatMetrix to address fraud prevention and malware protection as a single problem and deliver real benefits to customers at a lower cost.”

ThreatMetrix Cybercrime Defender Platform

With the acquisition, the ThreatMetrix™ Cybercrime Defender Platform now consists of the following product solutions and associated benefits:

• TrustDefender™ ID — TrustDefender ID is a cloud-based, real-time device identification solution that protects companies against cybercriminals and helps validate valuable returning customers. TrustDefender ID provides businesses with a crucial first perimeter of defense to protect online transactions, including account creation, login authentication and payment authorization.
• TrustDefender™ Cloud – TrustDefender Cloud is a cloud-based, real-time solution that helps companies protect customer data and defend against fraud, malware, MitB and Trojan attacks, and data breaches. It mitigates the risk of hidden malware compromising authenticated sessions to steal data, identities or money.
  
• TrustDefender™ Client — TrustDefender Client is a client-based, real-time solution that mitigates the risk of hidden malware compromising authenticated sessions to steal data, identities or money. A small client component installed on end-user computers identifies and isolates malware, verifies legitimate websites, protects the online session with the business, and communicates with the business to identify potential fraud.

“Combining endpoint centric fraud prevention products is cost effective,” said Avivah Litan, vice president and distinguished analyst, Gartner. “Device identification and malware detection in particular, are two of the most prevalent and required endpoint protection products in the market today. Device identification provides a strong foundation against fraud while malware protection closes a loophole in fraud prevention caused by man-in-the-browser attacks. Combining these solutions will streamline the fraud prevention, management and administrative processes for organizations combating today’s cyberthreats.”

Additional Resources

• ThreatMetrix™ Cybercrime Defender Platform
• TrustDefender™ Client Datasheet
  
• TrustDefender™ Cloud Datasheet
  
• TrustDefender ™ID Datasheet 

PrECISE (Promoting and Enhancing Cybersecurity and Information Sharing Effectiveness) is the cybersecurity bill introduced by members of the House Homeland Security Committee.  PrECISE establishes a quasi-governmental entity to oversee information-sharing with the private sector.

Wouldn’t you like to have sat in on the meeting where they decided on the acronym, PrECISE?  (Probably more like multiple meetings with emails flying back and forth for months):

Staffers: “How about Cybersecurity Information Sharing (CIS)?”

Committee: “CIS?  Too close to CIA, which is supposed to gather information, not spread it. Leaves the wrong impression.”

Staffers: “How about Promoting and Enhancing Cybersecurity and Information Sharing Effectiveness (PECISE)?”

Committee:  “That’d be pronounced Pea-size. Does Pea-size sound like the taxpayers are getting any bang for their buck?”

Staffers:  “How about we put in an “R” for Research? “Promoting Research and Enhancing Cybersecurity and Information Sharing Effectiveness.” Then we’ve got PRECISE. “

Committee: “PRECISE.  Like it.  But we’re not doing Research. That makes PRECISE imprecise.”

Staffers:  “Okay, we can take the “R” from “Promoting” to make it “PRECISE.” And to differentiate it from the rest of the acronym, we can make the “R” an “r”.

Committee:  “But what do we do about the “a”s in the “ands” in “Promoting Research and Enhancing Cybersecurity and Information Sharing Effectiveness?”

Staffers:  “Lower case ands are always silent.” 

Committee:  “Precisely.”

However the PrECISE Act got its name, The Hill’s “Hillicon Valley Technology Blog” reports that it’s designed to encourage “private firms to share information on cyber threats [stopping] short of mandating new security standards for sectors deemed critical to national security” following other cybersecurity bills offered by House Republicans.

The bill lays out the Department of Homeland Security’s cybersecurity functions which would require DHS to evaluate cybersecurity risks for critical infrastructure firms and determine the best way to mitigate the risks.

“Cybersecurity is truly a team sport, and this bill gives DHS needed authorities to play its part in the federal government’s cybersecurity mission and enables the private sector to play its part by giving them the information and access to technical support they need to protect critical infrastructure,” said House Cybersecurity subcommittee Chairman Dan Lungren (R-Calif.).

Hillicon Valley Technology Blog observes, “By authorizing DHS to oversee civilian cybersecurity, the legislation aligns with proposals from both the Senate and the White House, but it is unclear how much authority DHS would have to enforce its security standards. Democrats have argued DHS needs some enforcement authority to ensure firms beef up their network protections.”

While there hasn’t been a whole lot of bi-partisan support for any measure recently, this bill appears to come close. Bennie Thompson (D-Miss.) said, “Introduction of this legislation represents a solid and significant step forward in the effort to secure our nation’s cyber infrastructure. While I am not prepared to give my full support to the bill at this time, there’s a lot to like in this bill. I am pleased that it gives DHS the authority and resources it needs to fulfill its cybersecurity mission instead of creating a whole new bureaucracy or complicated regulatory framework.”

Offers Cybersecurity sub-panel ranking member Yvette Clarke (D-N.Y.), “While we continue to review this legislation, I look forward to working with my colleagues in a more collaborative way to strengthen this bill.”

You may have to wait for Congress to work out the precise language of PrECISE before it’s enacted.  But, you don’t have to wait to achieve the most effective protection for your online assets.  That protection is available today from ThreatMetrix™.

The first perimeter and the most effective element in a multi-layered defense against cybercriminals is device identification.  Offering transaction security from hidden proxies, scripted attacks and cookie and browser manipulation, the ThreatMetrix™ Cloud-Based Fraud Prevention Platform  lets companies authenticate payments, new accounts and returning customers in real time. And it doesn’t matter what device is being used from smartphones to PCs to tablets. Combined with aggregated fraud intelligence in the cloud, ThreatMetrix device identification offers companies maximum protection without the need to collect Social Security numbers, email addresses or bank account information.

1917:  The Foreign Secretary of the German Empire, Arthur Zimmermann sent a diplomatic proposal from the German Empire to Mexico to make war against the United States. Intercepted by British intelligence and forwarded on to the United States, the Zimmermann Note angered Americans, adding another reason for the U.S. declaration of war against Germany in World War I.

2011: U.S. officials investigate reports that Iranian and Venezuelan diplomats in Mexico are involved in planned cyberattacks against U.S. targets, including nuclear power plants.

According to the Washington Times, a documentary that aired on the Spanish-language TV network, Univision, included secretly recorded footage of Iranian and Venezuelan diplomats being briefed on planned attacks and promising to pass information to their respective governments.

A former computer instructor at the National Autonomous University of Mexico told Univision that he was recruited by a professor there in 2006 to organize a group of student hackers to carry out cyberattacks against the United States, initially at the behest of the Cuban Embassy.

In an undercover sting, an instructor and several students infiltrated the hackers, secretly videotaping Iranian and Venezuelan diplomats.

State Department spokesperson William Ostick called the reports “disturbing,” but added that U.S. officials “don’t have any information at this point to corroborate them.”  However, earlier this year, U.S. prosecutors charged an Iranian official based in Tehran with trying to recruit a Mexican drug cartel to kill the Saudi ambassador to the United States by bombing a Washington restaurant. Ostick noted, “We constantly monitor for possible connections between terrorists and transnational criminals.”

An aide to New Jersey Senator Robert Menendez, chairman of the Senate Foreign Relations subcommittee on the Western Hemisphere told the Washington Times that the Univision report, which also said that Iranian extremists were recruiting young Latin American Muslims, is “one of a variety of concerns we have about Iran’s efforts to engage with countries and other actors in the region.”

Stating the obvious: technology has changed dramatically since 1917. People haven’t.  To ensure your company is protected against attack from people, who are out to cause harm or perpetrate fraud, the best solutions come from ThreatMetrix. Without requiring personal identifiable information, such as Social Security Numbers, that can be compromised, ThreatMetrix solutions nab criminals in real-time before they can do real damage. The ThreatMetrix™ Cloud-Based Fraud Prevention Platform uses anonymous data from the computer, its connection to the Internet and contextual data from a transaction to stop criminals whether in Toledo or Tehran.

Just released in a second edition, Inside Cyber Warfare: Mapping the Cyber Underworld by Jeffrey Carr, is a wide-ranging overview of virtually every type of online illicit activity from cyber spying and cyber stealing to malicious malware attacks and identity theft.

Carr, a cyber intelligence expert is a columnist for Symantec’s Security Focus. A writer who specializes in investigating cyber attacks against governments and infrastructures, he’s been quoted in The New York Times, Washington Post, The Guardian, Business Week, Parameters, and Wired. Carr was also principal Investigator for Project Grey Goose, an Open Source intelligence investigation into the Russian cyber attacks on Georgia in August, 2008.

With a foreword by former Secretary of Homeland Security, Michael Chertoff and guest essays, including an essay by former senior advisor to the Director of National Intelligence and Cyber Coordination Executive,  Melissa Hathaway, Inside Cyber Warfare is encyclopedic in scope as it takes up :

·      The Conficker Worm: The Cyber Equivalent of an Extinction Event?

·      Africa: The Future Home of the World’s Largest Botnet?

·      The StopGeorgia.ru Project Forum

·      The Russian Information War

·      The Gaza Cyber War between Israeli and Arabic Hackers during Operation Cast Lead

·      Control the Voice of the Opposition by Controlling the Content in Cyberspace: Nigeria

·      Are Non-state Hackers a Protected Asset?

·     The Legal Status of Cyber Warfare

·      The Antarctic Treaty System and Space Law

·      The Law of Armed Conflict

·      Is This an Act of Cyber Warfare?

·      Responding to International Cyber Attacks as Acts of War

·      Analyzing Cyber Attacks under Jus ad Bellum – whether entering into a war would be a just war

·      The Korean DDoS Attacks (July 2009)

·      One Year After the RU-GE War (the War between Russia and Georgia)  Social Networking Sites Fall to DDoS Attack

·      Ingushetia Conflict, August 2009

·      Pakistani Hackers and Facebook

·      TwitterGate: A Real-World Example of a Social Engineering Attack with Dire Consequences

·      False Identities

·      Components of a Bulletproof Network

·      The Bulletproof Network of StopGeorgia.ru

·      SORM-2

·      The Kremlin and the Russian Internet

·      A Three-Tier Model of Command and Control

·      Organized Crime in Cyberspace

·      Russian Organized Crime and the Kremlin

·      Using Open Source Internet Data

·      Team Cymru and Its Darknet Report

·      Using WHOIS

·      Weaponizing Malware

·      The Role of Cyber in Military Doctrine

·      China Military Doctrine

·      A Cyber Early Warning Model

·      Advice for Policymakers from the Field

·      When It Comes to Cyber Warfare: Shoot the Hostage

·      The United States Should Use Active Defenses to Defend Its Critical Information Systems

·      Scenarios and Options to Responding to Cyber Attacks

·      Whole-of-Nation Cyber Security

·      Conducting Operations in the Cyber-Space-Time Continuum

·      Anarchist Clusters: Anonymous, LulzSec, and the Anti-Sec Movement

·      Social Networks: The Geopolitical Strategy of Russian Investment in Social Media

·      Globalization: How Huawei Bypassed US Monitoring by Partnering with Symantec

·      The Russian Federation: Information Warfare Framework

·      Russia: The Information Security State

·      Russian Ministry of Defense

·      Internal Security Services: Federal Security Service (FSB), Ministry of Interior (MVD), and Federal Security Organization (FSO)

·      Russian Federation Ministry of Communications and Mass Communications (Minsvyaz)

·      Cyber Warfare Capabilities for: Australia – Brazil – Canada – Czech Republic – Democratic People’s Republic of Korea – Estonia – European Union – France – Germany – India – Iran – Israel – Italy – Kenya – Myanmar – NATO – Netherlands – Nigeria – Pakistan – People’s Republic of China – Poland – Republic of Korea – Russian Federation – Singapore – South Africa – Sweden – Taiwan (Republic of China) – Turkey – United Kingdom

·      US Department of Defense Cyber Command and Organizational Structure

·      Active Defense for Cyber: A Legal Framework for Covert Countermeasures

·      Covert Action

·      Cyber Active Defenses as Covert Action Under International Law

The book covers much more in 316 pages that are topical while, at the same time, providing in-depth analyses of the often dark underbelly of cyberspace.

For maximum protection from cyberspace’s dark underbelly, there’s one company that stands out — ThreatMetrix. ThreatMetrix offers superior solutions that can’t be compromised by break-ins. ThreatMetrix solutions protect against bad scripts and fraudulent account logins, payments and transactions.  With customized rules for each, ThreatMetrix solutions are designed to interdict attacks of fraud and other criminal behavior in real-time, while passively and transparently profiling users — without collecting extraneous personal identity information such as Social Security Numbers, birth dates and mother’s maiden names.

At the request of the U.S. Secret Service, ThreatMetrix’s Chief Products Officer, Alisdair Faulkner and other leading industry security experts met at the San Francisco ECTF (Electronic Crimes Task Force) Quarterly Conference for an open and wide-ranging discussion covering:

• Fraud patterns specific to the mobile channel and potential defenses
• Mobile/non-mobile combined fraud patterns and defenses
• Mechanisms that can be reused to augment security and prevent mobile-related fraud
• New and upcoming technologies that are specific to mobile and could help detect or prevent mobile fraud

The program was comprised of two presentations, a panel discussion and an audience Q & A. Derrick Donnelly of Blackbag Technologies delivered a presentation titled “iOS Forensics: A Comprehensive Approach” and Mark Schaeffer of Granite Key delivered another presentation on “Applying Security Technologies and Best Practices to Achieve Measurable Business Objectives.”

Taking part in the panel discussion titled, “Fundamental Differences in Mobile vs. Non-Mobile Fraud” were, in addition to Alisdair Faulkner of ThreatMetrix, Lee Freedman, Apple’s Senior Manager of Cyber Investigations for its Global Security Team; Mitch Zollinger of Netflix; Bob Morris of ARM Holdings; and Hadi Nahari (formerly of PayPal).

The only stipulation the Secret Service imposed on conference participants was that there would be “no product pitching.”  Fortunately, we do not suffer under the same constraints. So, here’s why your company should choose ThreatMetrix solutions.

ThreatMetrix’s flexible and powerful rules-based engine and scoring stops fraud the first time, providing added visibility into a user’s account information and online behavior – without relying on personally identifiable information (PII) such as birth dates, maiden names and Social Security numbers. The ThreatMetrix™ Cloud-Based Fraud Prevention Platform lets companies authenticate payments, new accounts and returning customers in real time. And it doesn’t matter what device is being used from PCs, to tablets to smartphones.

For more information, visit “Top 5+ Reasons” you should use ThreatMetrix now.