Archive for the ‘US economy’ Category

We all read about the Target security breach that compromised tens of million of customers. Target is back in the news today.

(LA Times) Target Corp. is hiring an IT expert from General Motors Co. to beef up its data security following a massive breach that continues to weigh on its reputation.

Brad Maiorino will head up technology risk and information strategy, a newly created position.

It’s the latest move by Target to tighten security over its huge amount of shopper data. The Minneapolis company has increased monitoring of accounts and implemented new safeguards at its point-of-sale systems.

~~snip~~

Target, the nation’s third-largest retailer, has been struggling with the fallout from its disclosure in December that hackers stole credit and debit card information from tens of millions of customers.

Its revenue dropped 5% in the crucial fourth quarter and its chief executive, Gregg Steinhafel, stepped down last month. That followed the exit of Beth Jacob, the retailer’s former chief information officer.

You may recall that the breaches, they were big news this past December, but how exactly did the theft take place?

(Bloomberg Business) The biggest retail hack in U.S. history wasn’t particularly inventive, nor did it appear destined for success. In the days prior to Thanksgiving 2013, someone installed malware in Target’s (TGT) security and payments system designed to steal every credit card used at the company’s 1,797 U.S. stores. At the critical moment—when the Christmas gifts had been scanned and bagged and the cashier asked for a swipe—the malware would step in, capture the shopper’s credit card number, and store it on a Target server commandeered by the hackers.

It’s a measure of how common these crimes have become, and how conventional the hackers’ approach in this case, that Target was prepared for such an attack. Six months earlier the company began installing a $1.6 million malware detection tool made by the computer security firm FireEye (FEYE), whose customers also include the CIA and the Pentagon. Target had a team of security specialists in Bangalore to monitor its computers around the clock. If Bangalore noticed anything suspicious, Target’s security operations center in Minneapolis would be notified.

On Saturday, Nov. 30, the hackers had set their traps and had just one thing to do before starting the attack: plan the data’s escape route. As they uploaded exfiltration malware to move stolen credit card numbers—first to staging points spread around the U.S. to cover their tracks, then into their computers in Russia—FireEye spotted them. Bangalore got an alert and flagged the security team in Minneapolis. And then …

Nothing happened.

OK, so Target blew it.

Their focus being directed at realizing sales during the year’s biggest shopping weekend, the company’s security team missed the theft of millions of credit card numbers.

How much was stolen?

Estimates has those numbers at 40 million credit card numbers,  along with 70 million addresses, phone numbers and an unknown amount of card holder’s personal information simply flying out of a hacked Target server.

These were not Target credit cards.

The hackers stole every card number swiped in a Target store during 2013’s Black Friday weekend. So if you shopped at any Target store on or about last Thanksgiving, your information was very likely stolen.

Bloomberg Business goes on.

In testimony before Congress, Target has said that it was only after the U.S. Department of Justice notified the retailer about the breach in mid-December that company investigators went back to figure out what happened. What it hasn’t publicly revealed: Poring over computer logs, Target found FireEye’s alerts from Nov. 30 and more from Dec. 2, when hackers installed yet another version of the malware. Not only should those alarms have been impossible to miss, they went off early enough that the hackers hadn’t begun transmitting the stolen card data out of Target’s network. Had the company’s security team responded when it was supposed to, the theft that has since engulfed Target, touched as many as one in three American consumers, and led to an international manhunt for the hackers never would have happened at all.

They missed it not once, but twice.

Here’s a visual to help you along.

feat_target12_brokein_630inline

Security guru Brian Krebs (first to report the Target breach) reported that the HVAC vendor whose credentials were used by the hackers to breach the Target network was Fazio Mechanical Services, located in Western Pennsylvania. According to Fazio Mechanical’s response to the revelation of their part in the hack, their data connection to Target was used for billing, contract submissions and project management. The hackers obviously exploited weaknesses in Target’s firewalls and introduced a cloaked bad code (they used the name of a legitimate piece of software used by companies to protect card user’s information) on November 30th.

OK, so that’s the part we all may have heard about with perhaps a little more fill and color, but (as Paul Harvey may ask) what’s the rest of the story?

What do hackers do with 40 million stolen credit card numbers with billions of dollars of purchasing power?

What does McDonald’s have to do with any of this?

Here is… the rest of the story.

Welcome to the world of carding.

Krebs is now reporting on the industry behind the business of stolen credit card information.

Hang on to your socks.

Peek Inside a Professional Carding Shop

(Krebs on Security) Over the past year, I’ve spent a great deal of time trolling a variety of underground stores that sell “dumps” — street slang for stolen credit card data that buyers can use to counterfeit new cards and go shopping in big-box stores for high-dollar merchandise that can be resold quickly for cash. By way of explaining this bizarro world, this post takes the reader on a tour of a rather exclusive and professional dumps shop that caters to professional thieves, high-volume buyers and organized crime gangs.

The subject of this post is “McDumpals,” a leading dumps shop that first went online in late April 2013.  Featuring the familiar golden arches and the bastardized logo, “i’m swipin’ it,”  the site’s mascot is a gangstered-up Ronald McDonald pointing a handgun at the viewer.

Nevermind that this shop is violating a ridiculous number of McDonald’s trademarks in one fell swoop: It’s currently selling cards stolen from data breaches at main street stores in nearly every U.S. state.

Like many other dumps shops, McDumpals recently began requiring potential new customers to pay a deposit (~$100) via Bitcoin before being allowed to view the goods for sale. Also typical of most card shops, this store’s home page features the latest news about new batches of stolen cards that have just been added, as well as price reductions on older batches of cards that are less reliable as instruments of fraud.

wholesale

Really?

McDumpal’s?

These guys are brazen!

Krebs goes on.

I’ve put together a slideshow (below) that steps through many of the updates that have been added to this shop since its inception. One big takeaway from this slideshow is that many shops are now categorizing their goods for sale by the state or region of the victim company.

This was a major innovation that we saw prominently on display in the card shop that was principally responsible for selling cards stolen in the Target and Sally Beauty retail breaches: In those cases, buyers were offered the ability to search for cards by the city, state and ZIP of the Target and Sally Beauty stores from which those cards were stolen. Experienced carders (as buyers are called) know that banks will often flag transactions as suspicious if they take place outside of the legitimate cardholder’s regular geographic purchasing patterns, and so carders tend to favor cards stolen from consumers who live nearby.

This “Business” has its own unique terminology, as detailed by Krebs in the article linked.

I strongly recommend that you follow the article’s link, read the terminology, and watch the slide show.

It’s not only fascinating, but frightening as well.

Technological companies are hard at work looking for ways to secure the sensitive nature of electronic payments in a world that long ago decided that cash was a secondary mode of payment, and new software is being developed both for securing the buyer’s information at the store level, and for making payments in a more secure manner.

Mobile wallets apps like LOOP and COIN have begun to enter into the market, albeit with issues.

The past week’s launch of The Wocket, a smart wallet with a re-programmable single credit card device that operates under a secured system using biometrics, may in fact herald the dawn of a new age in personal financial transactions, as well as the beginning of the end for that ugly bulge on the seat of men’s pants where an overstuffed wallet normally resides.

That’s all good and dandy, but I keep reverting back to that old saying… crime doesn’t pay, and secured technology is only secured until it is hacked, so criminals will always find ways to not pay for stuff, or rather, to have us pay for their stuff.

I just don’t think that those boys at McDumpals, and their suppliers will simply give up on the easy money, no matter how secure we try to make our electronic money.

mcdumpalsjoined

And that’s the last wire for Saturday, June 14, 2014.

Everything that was news before this moment, is now history.

H/T EL.

 

 

Advertisements

(Bloomberg) – A group of 44 former high-ranking U.S diplomats, civil servants, military officers and Cuban-American businessmen is calling on President Barack Obama to further loosen a half-century embargo on the Communist regime in Cuba.

In an open letter sent to Obama, the group, which includes former Director of National Intelligence John Negroponte, former head of the U.S. Southern Command Admiral James Stavridis and Andres Fanjul, co-owner of sugarcane producer Fanjul Corp., called on Obama to expand the roster of groups allowed to organize travel to the island, authorize import and export licenses between the two countries’ private sectors and encourage the expansion of telecommunications in Cuba by permitting the sale of hardware.

“The U.S. is finding itself increasingly isolated internationally in its Cuba policy,” the group said in the letter. “The Obama administration has an unprecedented opportunity to usher in significant progress using its executive authority at a time when public opinion on Cuba policy has shifted toward greater engagement with the Cuban people while continuing to pressure the Cuban government on human rights.”

I think that someone should put this myth to bed once and for all.

There is no US embargo on Cuba.

Did everyone get that?

Let me say it again.

THERE. IS. NO. U.S. EMBARGO. ON. CUBA.

I can prove that easily.

Go here and read the dollar value of direct U.S. sales to Cuba. In the last ten years (2004 through 2013) U.S. direct exports to Cuba have exceeded $4.35 billion dollars.

The U.S. is one of Cuba’s top ten trading partners. Hard feat to accomplish with an embargo in place, wouldn’t you say?

Here’s an insight from the U.S. Department of State:

Although economic sanctions are in place, in 2012, the United States was Cuba’s primary supplier of food and agricultural products, and humanitarian goods, a significant supplier of medicines and medical products, and Cuba’s seventh overall largest trading partner in goods.

So then, what embargo are Negroponte, Stavridis and Fanjul talking about?

What ‘sanctions” is the Department of State talking about?

What politicians and business tycoons alike, along with the despots in charge in the island itself are arguing for is the lifting of the trade credit terms imposed on Castro’s Cuba which deny credit terms to the Cuban government, and forces them to pay COD for any goods they wish to buy lest the seller wishes to absorb any losses related to non-payment of the goods.

From Capitol Hill Cubans, June 2011:

The Paris Club, a group composed of the world’s 19 largest creditors nations, has released its annual list of outstanding claims (debtors).

Its largest debtor is Indonesia, which owes $40.679 billion.

Second is China, which owes $30.573 billion.

Castro’s Cuba has the third largest debt of $30.471 billion.

Calculated on a per capita basis — that’s a debt of $23 per Chinese national, $177 per Indonesian and $2,650 per Cuban.

Debt for repression — that’s quite a bargain Castro has made for himself, at the cost of the Cuban people.

In a country were a cardiologist earns less than $150 a month, the debt per citizen is $2,650.

So, again… what is it that Negroponte, Stavridis and Fanjul are asking for?

They want the U.S. government to allow Cuba and U.S. industry access to the securities granted by the U.S. Export-Import Bank on credit sales to foreign countries.

Castro’s Cuba is a notoriously bad credit risk.

The island owes billions to the Russian government but refuses to pay them because they say that the country that they owe money to (the U.S.S.R.) no longer exists. They refuse to be members of any international financial body such as the IMF or the World Bank, and will not disclose information about their international reserves to creditors.

They just want us to send them stuff that they may pay for someday.

Should the Negropontes. Stavridis and Fanjuls of thie nation get their way, they will be able to sell boundless good and services to the Cuban government on credit, with their receivables being guaranteed by the U.S. taxpayer.

Did you get that?

U.S. taxpayers would guarantee all debts incurred by one of the worst credit risk nations in the world for goods and services sold to them by U.S. companies.

The ExIm Bank:

The Export-Import Bank of the United States (Ex-Im Bank) is the official export credit agency of the United States. Ex-Im Bank’s mission is to assist in financing the export of U.S. goods and services to international markets.

Ex-Im Bank enables U.S. companies — large and small — to turn export opportunities into real sales that help to maintain and create U.S. jobs and contribute to a stronger national economy.

Ex-Im Bank does not compete with private sector lenders but provides export financing products that fill gaps in trade financing. We assume credit and country risks that the private sector is unable or unwilling to accept. We also help to level the playing field for U.S. exporters by matching the financing that other governments provide to their exporters.

In return for the taxpayers covering the Cuban government’s debt risk, U.S. manufacturers get to negotiate with the Castro government for labor should they decide to build manufacturing facilities in the island.

How does that work?

(HAVANA TIMES) — Ana Teresa Igarza, director general of the Mariel Special Development Zone (ZEDM) Regulations Office, recently announced that a special hard-currency exchange rate had been established for Zone employees.

Contracted employees will receive 80 percent of the salaries agreed to by Cuban employment agencies and investors, and payments are to be made in regular Cuban pesos (CUP), at a “special” exchange rate of 1 Cuban Convertible Peso (CUC) to 10 CUP. This is as “special” as the Special Period.

That is to say, if the employment agency negotiates a 1,000 CUC salary (or its equivalent in US dollars) for a Cuban worker, the agency will pocket the 1,000 CUC (or its equivalent in US dollars) and pay the Cuban worker (in CUP) 80 percent of the sum agreed to, at the special exchange rate of 10 CUP to 1 CUC.

If mathematics hasn’t also been deformed by “State socialism”, this means the worker will receive 10 Cuban pesos for each CUC, which means that their salary would be 8,000 CUP (10 x 800).

When that worker comes out of the ZEDM, in order to purchase anything at the hard-currency stores operated by Cuba’s military monopoly, they will have to resort to government exchange locales (or CADECAS), where they are required to buy CUC at an exchange rate of 25 to 1. Thus, their 8,000 Cuban pesos become 320 CUC

In short, Cuba sells her people as laborers and keeps the lion’s share of the wages.

That’s the country of my birth, but what truly concerns me about the idea of trade with a despotic government like Cuba’s, is that it indirectly soils us as a nation.

It is unconscionable to think that the United States would allow American businesses to engage in what constitutes short-hand rightless serfdom.

It is an inexcusable proposition that would make the U.S. taxpayer liable for the bad debts incurred by one of the world’s worst credit risk nations.

And that’s the last wire for May 21, 2014.

What was news before this moment, is now history.

Good night.