Retailers Follow the Leader: ThreatMetrix. Will Share Cyberthreat Data along the Lines of ThreatMetrix’s Global Trust Intelligence Network Which Analyzes Half-a-Billion Transactions Monthly.

Posted on April 17th, 2014 by Dan Rampe

National Retail Federation

Does Macy’s tell Gimbels? Okay Gimbels, a major retailer and one of Macy’s chief competitors, has gone the way of the Oldsmobile, Blockbuster and Windows XP. But at one time “Does Macy’s tell Gimbels?” was another way of saying “top secret;” competitors don’t share information with the competition.

Now, with the Target, Neiman-Marcus, Michaels and other retail breaches fresh in their minds and with pressure from Congress to improve security, U.S. retailers have taken a major step toward improving security.

In a story on zdnet.com, Natalie Gagliordi reports that the National Retail Federation (NRF) in consultation with the Financial Services Forum for Security Threats is establishing a retailer-specific Information Sharing and Analysis Center (ISAC). This joint cybersecurity cooperative would offer retailers access to “critical information on threats identified by fellow retailers, government agencies, law enforcement and partners in the financial services sector.”

NRF President and CEO Matthew Shay said, “We believe a heightened and well coordinated information sharing platform such as a retail ISAC is a vital component for helping retailers in their fight against cyber attacks.

“Establishing a new program takes time, but time is not our friend when it comes to stopping these sophisticated and unpredictable criminals. The willingness of the FS-ISAC to work with retailers provides our industry with a new and important tool as we explore all of the options available for merchants to protect their customers and their businesses.”

ThreatMetrix® builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

 

 

Tired of Hearing about Heartbleed? Do Something About It. ThreatMetrix Strategies for “Staunching” Heartbleed and Any Similar Threats in the Future.

Posted on April 16th, 2014 by Dan Rampe

Heartbleed

After going unnoticed for two years, researchers discovered Heartbleed, the flaw that could let a hacker defeat OpenSSL, the most common encryption technology on the Internet. Another way of saying it is Heartbleed put 66 percent of servers worldwide at the mercy of cybercriminals. And another way of saying that is email, instant messaging, e-commerce transactions and more were being jeopardized in every corner of the planet, exposing passwords, credit card numbers and other personal data.

The Heartbleed security flaw was a danger to websites and the mobile applications and networking equipment that connect homes and businesses to the Internet, including such things as routers and printers. In short, the flaw presented a danger to the entire Internet of Things, i.e., any device from air conditioners to refrigerators that could be connected online.

After putting in a patch to fix the flaw, many, if not most online businesses, only had one strategy to offer users: change your passwords.

“Today it’s Heartbleed and tomorrow it will be another data breach or vulnerability,” said Alisdair Faulkner, chief products officer, ThreatMetrix.

“Passwords are a static means of security and are frankly obsolete as a stand-alone authentication solution in today’s cybersecurity landscape. Once account login information is obtained, cybercriminals have access to personal data used for committing bank fraud or falsifying credit card transactions – the possibilities are endless. Security should not just rely on point-in-time authentication solutions. Instead, continuous evaluation of trust is required based on what the user is attempting to do.”

ThreatMetrix’s preventative cybersecurity strategies offer protection that goes well beyond passwords and other forms of static authentication:

Real-time trust analytics – Move beyond just big-data collection and improve effectiveness of controls with real-time analysis of device, location, identity and behavioral context for every authentication attempt. Real-time trust analytics offer unprecedented identity authentication policies for businesses and enterprises by comparing against global benchmarks derived from peers in their industry, the size and scale of the enterprise, geographic location and more.

Enhanced mobile identification – Detects jailbroken devices and offers location-based authentication, protecting mobile transactions by indicating when the mobile operating system has been breached and the security of applications has been compromised.

“To protect against future attacks like Heartbleed, businesses need to move beyond legacy verification and authentication solutions and recognize the benefits of leveraging a collective approach to cybersecurity,” said Faulkner. “The ThreatMetrix® Global Trust Intelligence Network (The Network) delivers real-time intelligence, providing customers with consistent risk assessments of data and creating a digital persona of users by mapping their online behaviors and devices.”

Consumers can protect their online identities and personal information from threats like Heartbleed by ensuring location information on social networks is encrypted and by using different passwords across sites and never storing them on devices.

ThreatMetrix® builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

Heartbleed Vulnerability Underscores the Need for Real-Time Trust Analytics in Place of Static Authentication

Posted on April 16th, 2014 by Dan Rampe

ThreatMetrix® Announces Strategies to Protect Consumers and Businesses from Future Vulnerabilities and Cybercrime Risks

San Jose, CA – April 16, 2014 – ThreatMetrix®, the fastest-growing provider of context-based security and advanced fraud prevention solutions, today announces several strategies for consumers to stay protected following the recent Heartbleed vulnerability, which has potentially exposed millions of passwords, credit card numbers and other personal identifiers. These strategies aim to help businesses and customers avoid being compromised by similar threats in the future.

Last week, a major lapse in Internet security – known as the Heartbleed vulnerability – was uncovered after going undetected for nearly two years. The flaw created an opening in OpenSSL, the most common encryption technology on the Internet. OpenSSL is designed to protect data in transit including email, instant messaging and e-commerce transactions. The vulnerability in OpenSSL enables hackers to access server memory that could allow hijacking of accounts or theft of private keys used to decrypt communications.

Since Heartbleed went undetected for so long, the scope of compromised information is still unclear, but many online businesses are urging users to change their passwords as a precautionary measure.

“Today it’s Heartbleed and tomorrow it will be another data breach or vulnerability,” said Alisdair Faulkner, chief products officer, ThreatMetrix. “Passwords are a static means of security and are frankly obsolete as a stand-alone authentication solution in today’s cybersecurity landscape. Once account login information is obtained, cybercriminals have access to personal data used for committing bank fraud or falsifying credit card transactions – the possibilities are endless. Security should not just rely on point-in-time authentication solutions. Instead, continuous evaluation of trust is required based on what the user is attempting to do.”

The Heartbleed security flaw does not only impact websites, but also mobile applications and networking equipment that connects homes and businesses to the Internet (also known as the Internet of Things), such as routers and printers. As more and more devices move online through the Internet of Things, hacks and cybersecurity breaches are becoming more common.

Businesses need to stay one step ahead of threats such as Heartbleed and implement preventative cybersecurity strategies in place of passwords and other forms of static authentication. Suggested strategies include:

Real-time trust analytics – Move beyond just big-data collection and improve effectiveness of controls with real-time analysis of device, location, identity and behavioral context for every authentication attempt. Real-time trust analytics offer unprecedented identity authentication policies for businesses and enterprises by comparing against global benchmarks derived from peers in their industry, the size and scale of the enterprise, geographic location and more.

Enhanced mobile identification – Detects jailbroken devices and offers location-based authentication, protecting mobile transactions by indicating when the mobile operating system has been breached and the security of applications has been compromised.

“To protect against future attacks like Heartbleed, businesses need to move beyond legacy verification and authentication solutions and recognize the benefits of leveraging a collective approach to cybersecurity,” said Faulkner. “The ThreatMetrix® Global Trust Intelligence Network (The Network) delivers real-time intelligence, providing customers with consistent risk assessments of data and creating a digital persona of users by mapping their online behaviors and devices.”

In addition to businesses implementing real-time trust analytics and other collective cybersecurity strategies, consumers can also take responsibility for protecting their online identities. Specifically, consumers can protect against threats such as Heartbleed by ensuring location information on social networks is encrypted, using different passwords across sites and not storing passwords on any devices.

About ThreatMetrix

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix™ Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

© 2014 ThreatMetrix. All rights reserved. ThreatMetrix, TrustDefender ID, TrustDefender Cloud, TrustDefender Mobile, TrustDefender Client, the TrustDefender Cybercrime Protection Platform, ThreatMetrix Labs, and the ThreatMetrix logo are trademarks or registered trademarks of ThreatMetrix in the United States and other countries. All other brand, service or product names are trademarks or registered trademarks of their respective companies or owners.

Media Contacts
Dan Rampe
ThreatMetrix
Tel: 408-200-5716
Email: drampe@threatmetrix.com

Beth Kempton
WalkerSands Communications
Tel: 312.241.11178
Email: beth.kempton@walkersands.com

Heartbleed Part III: No Tourniquet for Heartbleed. Now the Flaw Turns Up in Devices (for Example Routers) That Connect to the Internet.

Posted on April 15th, 2014 by Dan Rampe

Heartbleed

If you thought you heard all the news there was about risks associated with Heartbleed — uh-uh. There’s more. But only hackers and masochists will be pleased to hear it. (On the very remote chance you haven’t heard about Heartbleed, the flaw found OpenSSL, which helps encrypt information on the Internet, please see our blog Heartbleed Part II.)

Here’s the latest. According to a story by Nicole Perlroth and Quentin Hardy in The New York Times, Heartbleed could cause damage to the guts of the Internet and the wide variety of devices that connect to it. (The following has been edited to fit our format.)

Cisco Systems, the dominant provider of gear to move traffic through the Internet, said its big routers and servers, as well as its online servers …were not affected. If they had been, that would have had a significant impact on virtually every major company that connects to the Internet.

Certain products the company makes were affected, it said — some kinds of phones that connect to the Internet, a kind of server that helps people conduct online meetings, and another kind of device used for office communications. Cisco also posted a list of products it had examined for the vulnerability, which it was updating as it continued inspecting its equipment.

Juniper Networks, also said its main products were not affected. The only problem it found was in a kind of device for creating private communications on the Internet.

“Besides [the] one product, the exposure for our customers is minimal, if any,” said Michael Busselen, vice president of corporate communications at Juniper.

Chuck Mulloy, a spokesman for Intel, said his company had been looking through its products for vulnerabilities for several days and so far had found nothing. He said, however, that the search was not yet done.

Qualcomm, a maker of mobile technology, said it was still checking its products….

For most people, the web — with sites like Facebook and Google — is the most visible part of the Internet. But hardware like home routers and printers is also connected to the Internet, and OpenSSL is built into some of this hardware.

“That’s why this is so nasty,” said [security expert] George Kurtz…. “OpenSSL goes far beyond just websites. It’s implemented in email protocols and all kinds of embedded devices.”

Most of the equipment made by Cisco and Juniper was unaffected because the companies did not use OpenSSL for their encryption.

[Other security] experts say personal home routers often incorporate OpenSSL, which could make them vulnerable. But they note that because many home routers are configured to block outside traffic, the risk of a hacker using the Heartbleed bug to lift data like passwords to online banking and email accounts is low. This is particularly so, they said, when there are still thousands of vulnerable websites where this data could be pulled from much more easily.

Nevertheless, Mr. Kurtz said, users would be wise to check with their home router manufacturers to upgrade their devices if they want to be absolutely secure.

Security researchers say that while hackers have been posting lists of vulnerable websites, there does not appear to have been an increase in black market sales of sensitive data, like passwords.

Security experts say that upgrading and cleaning up those systems, if they are affected, could take years.

“It’s one thing to get all of these servers at Yahoo, Google and everyone else fixed, but it’s a whole other thing to get these embedded devices fixed up,” Mr. Kurtz said. “I don’t see them getting updated any time soon.”

Here’s hoping there’s no need for a Heartbleed, Part IV.

ThreatMetrix® builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

Heartbleed Part II: Some Online Passwords That Do and Don’t Need Changing to Relieve Some of the Heartburn Caused by Heartbleed

Posted on April 11th, 2014 by Dan Rampe

Heartbleed

The Heartbleed flaw: In no time, it went from “That the name of a band?” to “The sky is falling. The sky is falling.” Now, if by chance you’ve been on Mars or in a marketing meeting (or in a marketing meeting on Mars) the last few days, Heartbleed is an encryption flaw in the Open SSL cryptographic software library.

Two-thirds of web servers worldwide use the Open SSL cryptographic software library to connect with end users and guard against digital eavesdropping. While the flaw was just discovered, it has been open to hackers for approximately two years. Best of all (that, of course is sarcasm) if a hacker were stealing data, nobody would know because the flaw made it possible to steal logins and passwords without leaving evidence the hacker was even there.

If you’re over 23 (give or take), you’re aware of the Y2K computer flaw when it was predicted that at 12:01 a.m. New Year’s Day 2000, planes would fall out of the sky, commerce would cease and there would be rioting, looting and chaos worldwide. And worst of all: no 2000 Super Bowl!

The point is no one exactly knows if data has been compromised or if hackers even knew about the flaw. Now, there is a fix and affected companies have either implemented it or are in the process of implementing it.

Mashable.com surveyed some of the most frequented sites on the web to find out the status of their fixes and whether they advised customers to change their passwords. Following is a partial list. You may find their complete list on mashable.com, “The Heartbleed Hit List: The Passwords You Need to Change Now.”

ThreatMetrix® builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

Let’s Put Our Cards on the Table. U.S. Briefs China on Cyberwarfare Plans.

Posted on April 10th, 2014 by Dan Rampe

China

The U.S. is briefing China’s military how it plans to defend against cyberattacks and use cybertechnology against adversaries. China, for its part, is saying nothing about its plans. Does this sound like playing poker with just your hold card showing? Anyway, you gotta hope somebody’s playing with a full deck.

In his piece in The New York Times, David E. Sanger explains the idea behind the American strategy and what the U.S. hopes to accomplish with the new cyber openness. (The story has been edited to fit our format.)

The idea was to allay Chinese concerns about plans to more than triple the number of American cyberwarriors to 6,000 by the end of 2016, a force that will include new teams the Pentagon plans to deploy to each military combatant command around the world. But the hope was to prompt the Chinese to give Washington a similar briefing about the many People’s Liberation Army units that are believed to be behind the escalating attacks on American corporations and government networks.

So far, the Chinese have not reciprocated.

The effort, senior Pentagon officials say, is to head off what Mr. Hagel and his advisers fear is the growing possibility of a fast-escalating series of cyberattacks and counterattacks between the United States and China. This is a concern especially at a time of mounting tensions over China’s expanding claims of control over what it argues are exclusive territories in the East and South China Seas, and over a new air defense zone. In interviews, American officials say their latest initiatives were inspired by Cold-War-era exchanges held with the Soviets so that each side understood the “red lines” for employing nuclear weapons against each other.

“Think of this in terms of the Cuban missile crisis,” one senior Pentagon official said. While the United States “suffers attacks every day,” he said, “the last thing we would want to do is misinterpret an attack and escalate to a real conflict.”

Mr. Hagel’s concern is spurred by the fact that in the year since President Obama explicitly brought up the barrage of Chinese-origin attacks on the United States with his newly installed counterpart, President Xi Jinping, the pace of those attacks has increased. Most continue to be aimed at stealing technology and other intellectual property from Silicon Valley, military contractors and energy firms. Many are believed to be linked to cyberwarfare units of the People’s Liberation Army acting on behalf of state-owned, or state-affiliated, Chinese companies.

“To the Chinese, this isn’t first and foremost a military weapon, it’s an economic weapon,” said Laura Galante, a former Defense Intelligence Agency cyberspecialist.

Administration officials acknowledge that Mr. Hagel, on his first trip to China as defense secretary, has a very difficult case to make, far more complicated than last year. The Pentagon plans to spend $26 billion on cybertechnology over the next five years — much of it for defense of the military’s networks, but billions for developing offensive weapons — and that sum does not include budgets for the intelligence community’s efforts in more covert operations. It is one of the few areas, along with drones and Special Operations forces, that are getting more investment at a time of overall Pentagon cutbacks.

Moreover, disclosures about America’s own focus on cyberweaponry — including American-led attacks on Iran’s nuclear infrastructure and National Security Agency documents revealed in the trove taken by Edward J. Snowden, the former agency contractor — detail the degree to which the United States has engaged in what the intelligence world calls “cyberexploitation” of targets in China.

The revelation by The New York Times and the German magazine Der Spiegel that the United States has pierced the networks of Huawei, China’s giant networking and telecommunications company, prompted Mr. Xi to raise the issue with Mr. Obama at a meeting in The Hague two weeks ago. The attack on Huawei, called Operation Shotgiant, was intended to determine whether the company was a front for the army, but also focused on learning how to get inside Huawei’s networks to conduct surveillance or cyberattacks against countries — Iran, Cuba, Pakistan and beyond — that buy the Chinese-made equipment. Other cyberattacks revealed in the documents focused on piercing China’s major telecommunications companies and wireless networks, particularly those used by the Chinese leadership and its most sensitive military units.

Mr. Obama told the Chinese president that the United States, unlike China, did not use its technological powers to steal corporate data and give it to its own companies; its spying, one of Mr. Obama’s aides later told reporters, is solely for “national security priorities.” But to the Chinese, for whom national and economic security are one, that argument carries little weight.

“We clearly don’t occupy the moral high ground that we once thought we did,” said one senior administration official.

For that reason, the disclosures changed the discussion between the top officials at the Pentagon and the State Department and their Chinese counterparts in quiet meetings intended to work out what one official called “an understanding of rules of the road, norms of behavior,” for China and the United States.

The decision to conduct a briefing for the Chinese on American military doctrine for the use of cyberweapons was a controversial one, not least because the Obama administration has almost never done that for the American public, though elements of the doctrine can be pieced together from statements by senior officials and a dense “Presidential Decision Directive” on such activities signed by Mr. Obama in 2012. (The White House released declassified excerpts at the time; Mr. Snowden released the whole document.)

Mr. Hagel alluded to the doctrine a week ago when he went to the retirement ceremony for Gen. Keith B. Alexander, the first military officer to jointly command the N.S.A. and the military’s Cyber Command. General Alexander was succeeded last week by Adm. Michael S. Rogers, who as the head of the Navy’s Fleet Cyber Command was a central player in developing a corps of experts who could conduct cyberwarfare alongside more traditional Navy forces.

“The United States does not seek to militarize cyberspace,” Mr. Hagel said at the ceremony, held at the N.S.A.’s headquarters at Fort Meade, Md. He went on to describe a doctrine of “minimal use” of cyberweaponry against other states. The statement was meant to assure other nations — not just China — that the United States would not routinely use its growing arsenal against them.

In Beijing, the defense secretary “is going to stress to the Chinese that we in the military are going to be as transparent as possible,” said Rear Adm. John Kirby, the Pentagon press secretary, “and we want the same openness and transparency and restraint from them.”

Experts here and in China point out that a lot was left out of Mr. Hagel’s statement last week. The United States separates offensive operations of the kind that disabled roughly 1,000 centrifuges in Iran’s nuclear program, America’s best-known (and still unacknowledged) cyberattack against another state, from the far more common computer-enabled espionage of the kind carried out against the Chinese to gather information about a potential adversary.

“It’s clear that cyberspace is already militarized, because we’ve seen countries using cyber for military purposes for 15 years,” said James Lewis, an expert at the Center for Strategic and International Studies. “The Chinese have had offensive capabilities for years as well,” he said, along with “more than a dozen countries that admit they are developing them.”

ThreatMetrix® builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix™ Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

Connecticut and Illinois Attorneys General Investigating the Experian Breach That Compromised 200 Million Americans’ Personal and Financial Data

Posted on April 7th, 2014 by Dan Rampe

Experian

A Reuters story quoted Illinois Attorney General Lisa Madigan saying the Experian breach has become part of “a multistate investigation.” And Connecticut’s Attorney General said that his state was also looking into the matter.

Brian Krebs, the security guru of KrebsOnSecurity, who originally broke the story of the Vietnamese cybercriminal who bought the financial records of millions of Americans from a company owned by the credit bureau, now provides an update (edited to fit our format).

Hieu Minh Ngo, a 24-year-old Vietnamese national, pleaded guilty last month to running an identity theft service out of his home in Vietnam. Ngo was arrested last year in Guam by U.S. Secret Service agents after he was lured into visiting the U.S. territory to consummate a business deal with a man he believed could deliver huge volumes of consumers’ personal and financial data for resale.

But according to prosecutors, Ngo had already struck deals with one of the world’s biggest data brokers: Experian. Court records just released last week show that Ngo tricked an Experian subsidiary into giving him direct access to personal and financial data on more than 200 million Americans.

According to U.S. government investigators, the data was not obtained directly from Experian, but rather via Columbus, Ohio-based US Info Search. US Info Search had a contractual agreement with a California company named Court Ventures, whereby customers of Court Ventures had access to the US Info Search data as well as Court Ventures’ data, and vice versa. Experian came into the picture in March 2012, when it purchased Court Ventures (along with all of its customers — including Mr. Ngo). For almost ten months after Experian completed that acquisition, Ngo continued siphoning consumer data and making his wire transfers.

A transcript (PDF) of Ngo’s guilty plea proceedings obtained by KrebsOnSecurity shows that his ID theft business attracted more than 1,300 customers who paid at least $1.9 million between 2007 and February 2013 to look up Social Security numbers, dates of birth, addresses, previous addresses, phone numbers, email addresses and other sensitive data on more than three million Americans.

ThreatMetrix® builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix™ Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

ThreatMetrix to Exhibit Advanced Fraud Prevention Solutions at NACHA PAYMENTS 2014

Posted on April 4th, 2014 by Dan Rampe

The ThreatMetrix Global Trust Intelligence Network Provides Payments Professionals with a Collective Approach to Cybersecurity

San Jose, CA – April 4, 2014 – ThreatMetrix®, the fastest-growing provider of context-based security and advanced fraud prevention solutions, announced today it is exhibiting in booth 613 at NACHA PAYMENTS 2014, the largest and most comprehensive education event for the payments industry, April 6 – 9 at the Orlando World Center Marriott.

NACHA, The Electronic Payments Association, manages the development, administration and governance of the ACH Network – the backbone for the electronic movement of money and data. The ACH Network provides a safe, secure and reliable network for direct account-to-account consumer, business and government payments.

NACHA PAYMENTS 2014 brings together more than 2,300 payments professionals and nearly 100 industry leaders at an interactive conference that provides attendees with the right tools to drive the right solutions and revenue opportunities.

“Wherever money flows, payment fraud is likely to follow,” said Bert Rankin, chief marketing officer, ThreatMetrix. “Through our participation at NACHA PAYMENTS, attendees can learn how to move beyond legacy verification and authentication solutions and leverage a collective approach to cybersecurity – the ThreatMetrix® Global Trust Intelligence Network (The Network) – to prevent payment fraud.”

The ThreatMetrix TrustDefender™ Cybercrime Protection Platform leverages the collective power of The Network and is the leading payment fraud prevention solution. It enables companies to implement payment fraud prevention and security strategies that drive incremental revenue, increase customer confidence and reduce chargebacks. With the TrustDefender Cybercrime Protection Platform, businesses can:

• Profile devices and identify threats

• Examine users’ identities and activity

• Configure business rules to reflect their exact requirements

• Validate business policies to minimize customer friction

• Generate detailed analysis and reports

About ThreatMetrix

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix™ Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

© 2014 ThreatMetrix. All rights reserved. ThreatMetrix, TrustDefender ID, TrustDefender Cloud, TrustDefender Mobile, TrustDefender Client, the TrustDefender Cybercrime Protection Platform, ThreatMetrix Labs, and the ThreatMetrix logo are trademarks or registered trademarks of ThreatMetrix in the United States and other countries. All other brand, service or product names are trademarks or registered trademarks of their respective companies or owners.

Media Contacts
Dan Rampe
ThreatMetrix
Tel: 408-200-5716
Email: drampe@threatmetrix.com

Beth Kempton
WalkerSands Communications
Tel: 312.241.11178
Email: beth.kempton@walkersands.com

How Dumb Can You Be? Here Are 10 of the Dumbest Ways of Making Your ID “Easy Pickin’s” for Cybercriminals.

Posted on April 4th, 2014 by Dan Rampe

ID Theft

Because reading our blogs is a clear indication of your high intelligence, this piece is not for you. However, you might want to pass it along to somebody you know who may not quite “measure up,” but who could definitely use this information. In any case, please don’t tell them why you decided to send it.

Personal finance editor and writer Kathryn Tuggle checked with a number of experts to discover ways people put themselves at risk of having their identities stolen. In her story on thestreet.com, she identifies the top ten dumbest ways. (The following has been edited to fit our format.)

1. Using the same password for everything

If you’re using the same password for everything, you’re setting yourself up for disaster, says Bill Carey, vice president of marketing for Siber Systems, creators of password management tool RoboForm. “You have to use a unique password for every website you log into. If you think about all the stuff that has gone on lately with hacking attacks at major companies, it seems inevitable that one of the companies you do business with is eventually going to get hacked,” he explains. Unfortunately, if you use the same password for every site, once hackers get one of your passwords, they’ve got them all.

2. Giving out personal information over the phone

“A lot of people have this thing where when someone calls them on the phone and represents to them that they are an official with the government or a credit card company or a broker’s firm, they believe it’s real,” says Adam Levin, chairman and co-founder of Credit.com. The truth is, the IRS, your bank or any other official organization is never going to call you and ask for your Social Security number, Levin says. Your bank might call to alert you to suspicious activity on your credit card, but they will never ask you to confirm such sensitive personal information.

“If you get a call like this, hang up the phone and find the official number of the organization. Then you make the call to them,” Levin says.

3. Not using a password on your smartphone

“Your smartphone isn’t just a phone anymore. It’s a personal computer, and if it’s not password protected people can gain access to your email, your bank account, everything,” Carey says.

If you lose your device and you’re still logged in to apps such as PayPal or eBay, you could be in for a world of trouble.

“The more people know about you, the more likely they can hack in and steal your identity on other sites,” he says.

4. Logging into financial accounts from an Internet cafe or unsecured connection

Internet cafes are great for browsing the Web and may be fine for doing less sensitive things such as printing tickets or boarding passes, but they’re not secure enough for managing your stock portfolio or savings account, Carey says.

“You can check email, Facebook or sports scores, but you don’t want to leave yourself open to someone picking off your banking passwords,” Carey says. “Internet cafes are super convenient, but you don’t want to be doing any sensitive financial transacting.”

5. Not having a private profile on social media

“It still surprises me the number of people who don’t keep their profiles private,” says Stacey Vogler, managing director of ProtectYourBubble.com, a company that insures smartphones, laptops and other communication devices. When you have your birth date, your phone number or your address on your profile, it’s an invitation for hackers to come in and use it in a malicious way, she says.

“It’s an entry into your life and who you are,” she says. “It would be easy to figure things out after following a few posts from you on a non-private profile.”

6. Following a phishing email — even if you’re “just curious”

If you get an email letting you know you’ve won $1 million for a contest you never entered, you shouldn’t follow the link or provide any information. Many people know emails like this are a scam, but they still follow along for a bit. This is a huge mistake. “Some people are curious, so they start a correspondence with the person to see if there’s something there or to see what kind of a scam it is,” Vogler says. “Unfortunately, any entry into who you are or where you live opens the door. It suddenly becomes really easy for them to hack into your life.”

7. Failing to monitor your bank statements and credit card statements

It’s surprising the amount of people who don’t monitor their credit card statements or banking statements to check for fraudulent activity, Vogler says. If you keep an eye on your statements, you can catch fraud early on.

“Check all your transactions to make sure they’re ones you have made. The dates and times, the merchants should all be ones you’re familiar with,” she says. “Look for anything that doesn’t seem typical to your normal behavior and notify your bank or credit card company immediately if something doesn’t check out.”

8. Carrying your Social Security card or Medicare card in your purse or wallet

“You don’t need to do it. It’s unnecessary,” Levin says. “You’re totally exposed.”

The elderly are already prime targets for identity thieves, and since your Medicare ID is your Social Security number, you’re leaving yourself at risk by carrying either.

“You never want to have something in your purse or wallet that has your Social Security number on it,” he says. “If you need to present it to a doctor or other agency one day, then carry it to the appointment and go straight home. Don’t leave it in your wallet for weeks or months on end.”

9. Putting too much information on social media

“Don’t take a selfie with your address in the background,” Levin says.

It may sound ridiculous, but some people will take a picture of their first drivers’ license that displays their full name and address. Others might take a photo of their final credit card statement announcing that they’ve just paid off their bills — unintentionally displaying their account number and other personal details.

“You don’t take a picture saying, ‘Look at my incredibly valuable new car in my front yard,’ and show everyone your address,” Levin says. “Your Facebook friends are not all looking out for you. Identity theft and property theft occurs even with family and friends. Why open yourself up to pain?”

10. Storing confidential info on your smartphone

Don’t keep passwords, PINs or your Social Security number stored on your smartphone — even in your email account. In other words, don’t save an email called “Passwords” or “Social.” This applies to your personal information as well as the personal information of your children or family members. “There are people out there with all good intentions who are helping their children or parents deal with a financial issue, so they store all this personal information on their phone so they’ll have it handy,” Levin says. “Your phone is a communication device — not a storage device.”

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix™ Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

Now Available! The ThreatMetrix Spring 2014 Extension to ThreatMetrix’s TrustDefender Cybercrime Protection Platform — Greatly Improves Telling the Difference between Users You Can Trust and Cybercriminals.

Posted on April 3rd, 2014 by Dan Rampe

Falcon-PR-Blog

Immediately available, the ThreatMetrix® Spring 2014 Release is an extension of ThreatMetrix’s TrustDefender™ Cybercrime Protection Platform that delivers enhanced data collection and real-time trust analytics for improving the process of differentiating between trusted users and cyberthreats.

This next generation in shared global intelligence enhances the recognition of devices, identities and behaviors across the ThreatMetrix® Global Trust Intelligence Network (The Network). And new capabilities offered by the Spring 2014 release add to the types of data that are collected and analyzed for creating an online persona.

“With most of today’s end users conducting business transactions online, cybercrime prevention is all about differentiating between trusted identities and potential fraudsters,” said Mustafa Rassiwala, senior director of product management, ThreatMetrix. “The Network delivers real-time intelligence that’s not available in other solutions, providing customers with consistent risk assessments of data across a global network and creating a digital persona of users by mapping their online personas and devices.”

The Spring 2014 Release enhances ThreatMetrix’s context-based security and advanced fraud prevention solutions through:

• Endpoint Intelligence – Advanced endpoint intelligence enables businesses to detect returning, authentic customers and flag identity and device anomalies indicating malicious behavior. Specifically, enhancements include:

o Next-generation true IP address detection when customers use proxies. This provides a complementary solution to existing proxy-piercing technology.

o Improved font detection for more accurate device identification.

o ThreatMetrix SmartID™ upgrade to enable additional attributes to be integrated into cookieless device ID analysis.

o IP geo upgrade offering more precise, granular geolocation.

o ThreatMetrix TrustDefender™ Client upgrades offering the power of a dedicated endpoint protection client to real-time cybercrime prevention. Using TrustDefender Client, customers are able to create security posture rules with an added protective layer, to their existing rules. Therefore, it’s possible to examine the status of security such as the presence or absence of security software. Additionally, the rules can examine the strength of the password used to authenticate the user on the device and presence of malware, adware, spyware and more.

• Behavior Intelligence – Various contextual factors come together to uniquely identify each identity and ThreatMetrix leverages cross-correlation and analytics across contextual factors to provide better indicators of malicious actions. The Spring 2014 Release enables ThreatMetrix™ Trust Tags to be dynamically updated with values derived from attributes as part of the transaction. For example, a user’s identity can now be tagged with his or her mobile phone number when he or she successfully completes authentication via a mobile phone.

• Trust Analytics – Leveraging global trust analytics, ThreatMetrix examines every transaction across a consistent set of ThreatMetrix-defined identity authentication rules in addition to individual enterprise-defined rules. Analyzing over 500 million transactions a month using a consistent set of rules enables ThreatMetrix to benchmark, baseline and detect long-term trends for fraudulent activities such as identity spoofing, device spoofing, IP address/geolocation spoofing and the presence of malware (man-in-the-browser) attacks. ThreatMetrix can now provide unprecedented analytics to enterprises and improve their identity authentication policies by comparing them against global benchmarks derived from peers in their industry, the size and scale of the enterprise, geographic location and more.

“The ThreatMetrix solution is much more effective than traditional recognition capabilities because it leverages billions of data points from The Network, sharing anonymized information across business boundaries to identify patterns for authentic returning customers and cybercriminals,” said Rassiwala. “Overall, the next-generation solution from ThreatMetrix will effectively reduce friction for returning customers while keeping cybercriminals out in real time.”

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix™ Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.