More Markets, More Channels, More Payment Methods — More Fraud

Posted on December 17th, 2014 by Dan Rampe

Internet Retailers

New Study Shows 79 Percent of Online Merchants See Fraud as the Dark Cloud Hovering Over a Bright Sales Vista

Worldpay, a payment processing company that provides payment services for mail order and Internet retailers, as well as point of sale transactions, just released its Fragmentation of Fraud report. The report shows that fully half of all online merchants polled find it difficult to keep up with fraud trends with only 20 percent confident in their ability to handle those threats.

The following has been excerpted from the finextra.com article highlighting key points in the fraud report and edited to fit our format. You may find the full unedited article by clicking on this link.

More countries

International online merchants sell to an average of 14 countries, yet 70% admit they struggle to keep ahead of fraudulent activities within those different markets. With three quarters (76%) of online merchants stating that they expect international orders to make up a greater proportion of their customer orders in two years’ time, these issues are only set to intensify.

More payment methods more risk

[The] greater [the] variety of payment methods [the greater the risk of fraud]. 63% are struggling to keep ahead of fraudulent activities across different payment methods.

[For] merchants accepting [different] payment methods, [fraud concerns] are: credit cards (82%), virtual currencies (82%), e-wallets (78%) and mobile payments (75%).

Not enough resources

[Merchants] are concerned they do not have the resources to manage fraud effectively. The main barriers to being able to reduce fraudulent orders are not having a dedicated omni-channel fraud and loss prevention method (57%) and lack of time to investigate and implement methods that could better manage fraud (49%). 82% also feel that a partnership approach with a fraud expert is critical to keeping ahead of threats.

A little fraud costs a lot of money

Worldpay data shows that, on average merchants can reject up to 2.6% of transactions because of fraud. To a merchant with an annual turnover of $50 million that’s a loss of $1.3 million.

What is keeping online merchants up at night?

Merchants feel the key challenges when it comes to identifying and preventing fraud are:

  • The growth of mobile payments – 70%
  • Purchases from particular countries – 65%
  • The number of channels they use to sell – 60%
  • The number of countries operated in / sold to – 58%
  • The growth of ewallets – 54%

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

Open Sesame

Posted on December 16th, 2014 by Dan Rampe

Alibaba

Alibaba Hacked. Millions of User and Seller Accounts Exposed.

If you’re not familiar with the folk tale Ali-Baba and the Forty Thieves, Ali-Baba, a poor woodcutter, says “Open Sesame” and the mouth of a cave where forty thieves have hidden their treasure is opened for him to take the treasure.

Evidently some hackers did their own “Open Sesame” on Alibaba, the shopping website, allowing, as Sheera Frenkel wrote on buzzfeed.com, “anyone with basic computing skills to access both private user information and the account details of thousands of suppliers who sell goods through the Chinese-owned site.”

In her piece on buzzfeed.com, Frenkel describes how Israeli security analysts discovered the breach and how information about it was kept under wraps until fixes could be put in place. The following has been excerpted from Frenkel’s piece and edited to fit our format. You may find the full article by clicking on this link.

Months for Alibaba to heed the warning

The Israeli security analysts who discovered the breach [said] that it took months for the site to respond to their report warning of a serious security lapse.

Not serious about security

“They aren’t serious about their online security. They have patched-up the problems we showed them, but there are other parts of the site that are still wide-open,” said Amitay Dan, an Israeli cyber-security analyst…“It’s obvious that they don’t take the security seriously enough. It shouldn’t take days to fix this.”

Not the only security lapse

Dan discovered the vulnerability, which would allow anyone to steal the personal information [of] AliExpress or Alibaba users without knowing their account passwords, while Barak Tawily, an application security expert…discovered a separate issue that allowed hackers to easily access the accounts of tens of thousands of merchandisers who sold through Alibaba.

“By sending the merchandiser a message with a basic script you can easily get into their account. When the merchandiser opens the message, it runs the script and the user can easily go in and control the account,” said Tawily. He said everything from company data to financial information was easily viewed. A person could easily go in, find a $1,000 item, change the price to $1 and purchase it for themselves.

Bigger doesn’t always mean safer

“Everyone makes mistakes and has lapses, but in something [as] big as Alibaba you don’t expect these kinds of easily fixed security lapses to exist,” said Tawily. “I told them almost two months ago, and it was only today that it got fixed.”

Unknown if hackers stole data

It was unclear if and when any hackers took advantage of the security lapses. Tawily and Dan said it would have been easy for hackers to trove the millions of accounts unnoticed.

Companies selling through site exposed

Dan discovered a separate flaw which exposes the companies selling through the site. The Chinese e-commerce site boasts that it has more than 300 million active users from 200 countries for its too-good-to-believe prices on bulk and wholesale goods.

[A] user could go into the section of the site that allowed them to change or edit their shipping address and contact information. At the end of the URL was a stream of numbers, indicating that individual’s specific account; by simply going up or down a few numbers, he could view the accounts of any individual who had used the site.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

 

 

 

 

File This Under “You Gotta Be Kidding”

Posted on December 15th, 2014 by Dan Rampe

Sony

Recently Hacked Sony’s IT Department Hid Company Passwords in a File Named…”Password.”

At first sight, hiding passwords in a file titled “Password” sounds, for want of a better description, “you’e gotta be kidding.”  To quote no less an authority than the world’s greatest consulting detective, Sherlock Holmes, on the subject of hiding something in plain sight, “It’s so overt, it’s covert.”

What Sony IT didn’t take into account was that the hackers could be so literal. When they i.e., the hackers, saw a file folder named “Password,” they assumed it contained passwords. Thereby the stupidity of the hackers defeated the brilliant security ploy by Sony IT.

In her piece on gizmodo.com (link to article), Ashley Feinberg writes, “Facebook, MySpace (an ancient form of Facebook), YouTube, and Twitter [were filed under] ‘usernames and passwords for major motion picture social accounts’ [within] a huge file called ‘Password’ [containing] even more passwords called things like ‘Facebook login password.’”

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

 

 

How to Avoid a £225 Million Fraud Hit This Festive Period

Posted on December 12th, 2014 by Dan Rampe

Standard-Header-Tony

UK retailers usually look forward to the busy Christmas shopping period with a curious mixture of excitement and apprehension. Why? Because they know that while the coming few weeks represent their biggest opportunity of the year to drive revenue, such efforts can also be undermined by online fraudsters. What they might not be aware of, however, is that by failing to choose the right kind of tools to combat the bad guys they might be doing more to harm the bottom line than the fraudsters ever could.

Real and present danger

We all know that cyber criminals always follow the money, and when market watcher Mintel is predicting there’s going to be £4.7 billion spent this December, you can be sure they’re ready and waiting to take a cut. There are several ways to do this, of course. Many of the biggest cyber security stories this year have focused on large scale retail data breaches – where online attackers have managed to lift personal and financial information through point of sale or other systems in huge quantities.

There’s no doubt this has been very damaging, although the majority of cases have been in the U.S. as retailers there still use magstripe data, which is easier to steal and use fraudulently. It could be even more damaging for them early next year, when card data stolen over the past few months seeps onto the black market to be traded and then actively used.

However, cyber criminals are increasingly turning to account takeover fraud, using details covertly obtained from individual victims, because this has a better chance of success than using a known stolen card. Online shoppers aren’t doing themselves any favours here by failing to keep a close eye on bank and credit card accounts, and by using the same log-ins for multiple online accounts. They should be more careful online, avoiding clicking on links in unsolicited email or social media messages, and be more savvy about where they download apps from.

But that’s only half the story.

A lost opportunity

Retailers are reacting to this menace by implementing fraud prevention solutions which either present usability problems so acute as to cause shopping card abandonment, or which generate false positives which block legitimate sales. The ThreatMetrix Global Trust Intelligence Network analyses over 850 million transactions each month generated by 3,000 customers across the globe and we can see that cart abandonment due to user friction is 10 times more costly than online fraud itself.

Factoring in the potential value of retail sales this Christmas and IMRG figures on basket abandonment, we believe that UK retailers could lose up to £225 million as a result of poor investments in fraud prevention tools.

A better way

This really doesn’t need to happen. Retailers – and in fact all organisations from banks to social media sites – need to take a step back and understand what’s at stake here. By investing in intelligent, contextual fraud prevention which crunches anonymised device, identity and behavioural analytics to provide a real-time decision on whether a user is who they say they are, they can have their cake and eat it.

This is multi-layered fraud prevention that works and that is completely transparent to the user, slashing retailers’ losses from online crime and card abandonment. It could be the best early Christmas present you could give to your organisation.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

ThreatMetrix’s Faulkner Talks with CCTV About Company’s Unique Approach to Fighting Cybercrime

Posted on December 11th, 2014 by Dan Rampe

Standard-Header-AF

What Can Stop a Cybercrime Epidemic That Cost U.S. Businesses Double What They Did Just 4 Years Ago? Alisdair Faulkner Says a Global Trust Intelligence Network.

Mark Niu cites data from the Ponemon Institute that states the average cost of a security breach is $12.7 million. In his piece on cctv-america.com, Niu reports on approaches that can be effective in stopping this drain on business and the economy. The following has been excerpted from his piece and edited to fit our format. You may find the full article by clicking on this link.

Protecting companies in USA, China and around the world

Through its trusted intelligence network, ThreatMetrix protects some of the biggest e-commerce sites in the U.S. and some of the biggest payment companies in China.

3-5 percent of transactions fraudulent

[Alisdair Faulkner, the chief products officer of ThreatMetrix], said, on e-commerce sites, about 3-5 percent of transactions were instantly detected as fraud. He also said a growing problem was hackers attempting to take over online accounts, something that happens once in every 20 logins.

Real-time authentication

ThreatMetrix figured out whether it’s a human transacting or logging in, where it’s coming from, and whether the user or device has been seen in their network before.

Global intelligence

“What we’ve built is a global trust intelligence network where we allow companies to anonymously share information about trusted users and cyber threats. That’s what’s truly unique, because we feel that if you are [going to] fight a network, you need a network. Otherwise you are going to be a sitting duck,” Faulkner said.

Phone and tablet transactions doubled

Faulkner said during the Black Friday shopping holiday period, phone and tablet transactions doubled from a year ago, further emphasizing that the new face of a cyber attack has increasingly gone to mobile.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

Banks Didn’t Stop “Tor”-rent of Account Takeovers

Posted on December 10th, 2014 by Dan Rampe

US Treasury

Treasury Says Banks Failure to Block Tor Transactions Caused Most Account Takeovers by Cyberthieves This Past Decade

Tor is the global communications net that hides users’ true online locations and makes it possible for them to maintain their anonymity. Now a new report from the U.S. Treasury Department that KrebsOnSecurity characterizes as “non-public” has been obtained by Brian Krebs.

The report was produced by the Financial Crimes Enforcement Network (FinCEN), the Treasury Department bureau charged with collecting and analyzing data about financial transactions. FinCEN’s work is aimed at combating domestic and international money laundering, the financing of terrorism and other financial crimes. The following has been excerpted from the KrebsOnSecurity article and edited to fit our format. You may find the complete, unexpurgated piece by clicking on this link.

Based on SARs reports

FinCEN said it examined some 6,048 suspicious activity reports (SARs) filed by banks between August 2001 and July 2014, searching the reports for those involving one of more than 6,000 known Tor network nodes. Investigators found 975 hits corresponding to reports totaling nearly $24 million in likely fraudulent activity.

Banks unaware of fraud

FinCEN said it was clear from the SAR filings that most financial institutions were unaware that the IP address where the suspected fraudulent activity occurred was in fact a Tor node.

Rising number of account takeovers

The government also notes that there has been a fairly recent and rapid rise in the number of SAR filings over the last year involving bank fraud tied to Tor nodes.

“From October 2007 to March 2013, filings increased by 50 percent,” the report observed. “During the most recent period — March 1, 2013 to July 11, 2014 — filings rose 100 percent.”

No-win situation

[Nicholas Weaver, a researcher at the International Computer Science Institute (ICSI) and at the University of California, Berkeley noted] the problem of high volumes of fraudulent activity coming through the Tor Network presents something of a no-win situation for any website dealing with Tor users. “If you treat Tor as hostile, you cause collateral damage to real users, while the scum use many easy workarounds.  If you treat Tor as benign, the scum come flowing through,” Weaver said. “For some sites, such as Wikipedia, there is perhaps a middle ground. But for banks? That’s another story.”

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

Video: iTWire Talks to ThreatMetrix President and CEO, Reed Taussig, on Building Trust on the Net

Posted on December 8th, 2014 by Dan Rampe

iTWire, December 8, 2014

The “i”s Don’t Have It

Posted on December 8th, 2014 by Dan Rampe

Apple Pay

What are the Odds of an iPhone 6 User Using Apple Pay? 10 to 1 AGAINST. They Don’t “Get” the Tech or Know Which Stores Accept It

InfoScout, a shopper-research firm, tracked the behavior and opinions of 170,000 U.S. households, basing its findings on consumers who both own an iPhone 6 or 6 Plus and shopped at a retail store that accepts Apple Pay over the Thanksgiving weekend from Black Friday to Cyber Monday.

An article on thepaypers.com reports on InfoScout’s findings. The following has been excerpted from thepaypers.com piece and edited to fit our format. You may find the article in its entirety by clicking on this link.

A shade over 9 percent used Apple Pay

The report finds that just under 1 in 10 (9.1%) of the sample have ever used the service to make an NFC [Near Field Communication] payment and just under 5% made an Apple Pay purchase during the annual discount shopping bonanza.

Those that tried it liked it

The study also points out that 73% of those surveyed answered that Apple Pay had better ease of use, 67% said it had greater speed at checkout, 67% said it had better security and 67% said it offered more convenience.

Reasons for not using Apple Pay

To the question “why did only half of [consumers] use Apple Pay when given the chance on Black Friday”, the survey [reveals] that 31% answered they didn’t use Apple Pay that weekend because they didn’t know whether or not the store accepted it.

Moreover, 25% said they forgot to use it, 19% said they didn’t have their phone handy, 6% said they get rewards for using a different payment method, 6% were worried it might not work and a further 6% said it takes too long.

Many didn’t understand how the technology works

[Ninety percent] of iPhone 6 and 6 Plus users who have yet to try Apple Pay [say] the main reason for not choosing to do so was because they weren’t familiar with how it worked (32%).

Other reasons for not using Apple Pay

[Thirty percent] said they were satisfied with their current payment methods, while 19% said they were concerned about security, 11% said they hadn’t heard of Apple Pay before the survey and 5% said they tried to register a card with Apple Pay but it didn’t work.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

 

 

 

 

It Takes a Thief…

Posted on December 8th, 2014 by Dan Rampe

Identity theft

…to Catch a Thief. Sabrina Balkman-Bradwellaka Nellie Bell aka “Queen of ID Theft” Gets Time Off for Helping Feds

Sabrina Balkman-Bradwell made off with more than $3 million in three months using stolen identities to file fraudulent income tax returns and cash refund checks. To be precise, between January 15 and March 23, 2011, she filed false returns and received 948 income tax refund checks and electronic deposits worth more than $3,057,914. Hers, however, was a short-lived success. Balkman-Bradwell was busted and sentenced in January of last year to two-and-a-half years in federal prison. In addition, she was ordered to pay back the money she’d stolen.

Cooperating with the law

Her term was reduced when she began cooperating with federal authorities by contacting other criminals committing fraud and ID theft and helping agents build cases against them. Balkman-Bradwell provided so much assistance that prosecutors went to bat for her and asked the judge to shave time off her sentence.

Helping bust other frauds

Paula McMahon, writing on sun-sentinel.com, explained just how valuable Balkman-Bradwell has become to the government. The following has been excerpted from McMahon’s piece and edited to fit our format: You may find her full story on this link.

[Balkman-Bradwell] continuing cooperation helped prosecutors to file criminal charges against more than 15 other defendants, records show.

One of the biggest catches was Henry Dorvil, 36, of Hollywood, who ran a tax-preparation business and is now serving 4 1/2 years in federal prison. He was ordered to pay more than $2.5 million in restitution for his role in a stolen identity ring, authorities said.

Balkman-Bradwell was expected to testify against Dorvil and his former office manager, Ruth Cartwright, but both pleaded guilty to related charges before trial. Cartwright is scheduled to be sentenced next month.

Another woman, Natasha Munnings, 42…was sentenced to 8 months in prison after Balkman-Bradwell helped agents track her down and arrest her with more than $75,000 worth of fraudulent tax refund checks,12 fake driver licenses and 14 pre-paid debit cards in other people’s names.

Balkman-Bradwell is also working on another case with federal authorities in Palm Beach County and arrests are expected to be made in that case in the next few months, officials said.

“The information provided by the defendant Balkman-Bradwell has been helpful in identifying weaknesses in the system that have allowed stolen identity tax refund fraud to flourish in South Florida and elsewhere,” prosecutors wrote in their request to reduce her punishment.

The judge agreed and ordered…that Balkman-Bradwell should get an additional five months taken off her prison term — for a total sentence of two years and one month in prison.

She has already served about one year and eight months in prison and — with the standard 15 percent reduction that all well-behaved inmates qualify for — she could be released in about six weeks and would begin serving three years of probation.

Her lawyer said he didn’t want to comment outside court because he didn’t want to jeopardize any of the investigations. But in court, he told the judge that his client is continuing to cooperate all over South Florida and had earned what he called the “generous” sentence reductions. “She’s continued to be a font of information at her own personal risk.”

Balkman-Bradwell, dressed in bright blue jail scrubs, thanked the prosecutor in court for making her “believe again” and thanked her mother for “always praying for me and loving me through the shame and disgrace that I put on her name.”

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.

 

 

 

Trailer Hitch?

Posted on December 5th, 2014 by Dan Rampe

North Korea

Did a Movie Trailer Cause North Korea to Attack Sony Films Crashing Systems, Giving Away Movies, and Leaking SSN’s and Salaries?

After seeing a trailer for Sony’s “The Interview,” a comedy about the CIA recruiting two American newsmen to off Kim Jong-un, the Foreign Ministry of North Korea called the movie “the most undisguised terrorism” and said it would cause “a strong and merciless countermeasure.” Tough words. Not nearly as tough as what movie critics are likely to say.

So was Sony hacked because some dictators just can’t take a joke — even a bad joke? In their nytimes.com piece, Brooks Barnes and Nicole Perlroth explore who might be responsible for the Sony attack, the danger to other companies posed by similar attacks, fallout from the attack and more. The following has been excerpted from their article and edited to fit our format. To see the complete, unedited story, click on this link.

#GOP releases “Annie”

[After Sony recovered from a] breach by a group calling itself #GOP, for Guardians of Peace [executives] at the entertainment company said they were making progress in fighting the apparently related Internet pirating of five complete films, including the unreleased “Annie.”

Exec salaries released

But Sony was newly rattled by the leak of internal documents, one of which contained the pre-bonus annual salaries of senior executives, showing 17 who earn more than $1 million a year. The documents were published …on Pastebin, the anonymous Internet posting site.

Hackers sent a message

[Cybersecurity expert Tom Kellermann] said that unlike stealth attacks from China and Russia, Sony’s hackers not only aimed to steal data, but also to send a clear message. “This was like a home invasion where after taking the family jewels the hackers set the house ablaze….”

An omen

[New] details about a spate of coordinated cyberattacks from Iran…have security experts and law enforcement authorities rattled, worried that Sony’s difficulties may be a harbinger of many more to come.

Fed bulletin warns of malware that wipes data beyond repair

The F.B.I. issued a private bulletin…to a wide range of companies…. The agency did not name the companies attacked, or say whether the bulletin was linked to the Sony attack, but the description mirrored the findings at Sony. [The F.B.I.] confirmed that it was working with the company to investigate the attack.

Two people with knowledge of the advisory’s contents said the bulletin warned companies of malware that could destroy data on their hard drives and prevent computers from rebooting. The malware overwrites data in such a way that it can be nearly impossible to recover using standard means.

Hackers claim release of tens of terabytes of Sony internal data

On Pastebin, hackers released…what they said were “tens of terabytes” worth of internal Sony data. The post — titled “Gift of G.O.P.” — included links to various archives that appeared to contain Sony employees’ passwords, Social Security numbers, salaries and performance reviews. (The password to open many of the files was “diespe123” (presumably an abridgment of “Die Sony Pictures Entertainment”). The studio has offered to enroll employees in a fraud protection program.

“If you don’t obey us”

[Just] as Sony employees were settling into their work day, the hacking group took over many of the studio’s internal systems. Some screens included images of a menacing red skeleton with the warning, “If you don’t obey us, we’ll release data shown below to the world.”

The hackers also took over certain Twitter feeds for Sony films. For instance, an account for “Starship Troopers,” a science fiction series, was hacked to say, “You, the criminals including Michael Lynton will surely go to hell. Nobody can help you.” Mr. Lynton is Sony’s chief executive.

Attack similar to other attacks

The destructive attack at Sony mirrors similar attacks last year on computers inside South Korea that paralyzed the computer networks at three major South Korean banks and two of the country’s largest broadcasters. Those attacks were traced back to computer addresses inside China, though many suspected that hackers inside China were working on behalf of North Korea, retaliating against South Korea for conducting military exercises with the United States, and for supporting recent American-led sanctions against the north.

For those into huge, convoluted conspiracy theories that don’t make a whole lot of sense, how about this? It’s all been a publicity stunt to get people to see “The Interview.” Okay, even Truthers wouldn’t buy that into one.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.