Tag: Hong Kong
It typically involves forensic analysis to find evidence, also known as indicators of compromise (IOCs), and derive intelligence from them. Obviously, a lack of evidence or too little of it will make attribution much more difficult, even speculative.
But the opposite is just as true, and one should not assume that an abundance of IOCs will translate into an easy path to attribution. Let’s take a simple fictional example to illustrate: François is the chief information security officer (CISO) at a large US electric company that has just suffered a breach.
François’ IT department has found a malicious rootkit on a server which, after careful examination, shows that it was compiled on a system that supported pinyin characters. In addition, the intrusion detection system (IDS) logs show that the attacker may have been using an IP address located in China to exfiltrate data.
The egress communications show connections to a server in Hong Kong that took place over a weekend with several archives containing blueprints for a new billion-dollar project getting leaked. The logical conclusion might be that François’ company was compromised by Chinese hackers stealing industrial secrets.
After all, strong evidence points in that direction and the motives make perfect sense, given many documented precedents. This is one of the issues with attribution in that evidence can be crafted in such a way that it points to a likely attacker, in order to hide the real perpetrator’s identity.
To continue with our example, the attacker was in fact another US company and direct competitor.
The rootkit was bought on an underground forum and the server used to exfiltrate data was vulnerable to a SQL injection, and had been taken over by the actual threat actor as a relay point. Another common problem leading to erroneous attribution is when the wrong IOCs have been collected or when they come with little context. How can leaders make a sound decision with flawed or limited information? Failing to properly attribute a threat to the right adversary can have moderate to more serious consequences.
Chasing down the wrong perpetrator can result in wasted resources, not to mention being blinded to the more pressing danger. But threat attribution is also a geopolitical tool where flawed IOCs can come in handy to make assumptions and have an acceptable motive to apply economic sanctions.
Alternatively, it can also be convenient to refute strong IOCs and a clear threat actor under the pretext that attribution is a useless exercise. Despite its numerous pitfalls, threat attribution remains an important part of any incident response plan.
The famous “know your enemy” quote from the ancient Chinese general Sun Tzu, is often cited when it comes to computer security to illustrate that defending against the unknown can be challenging.
IOCs can help us bridge that gap by telling us if attackers are simply opportunistic or are the ones you did not expect. More Insights
Attorney’s Office.The three men targeted at least seven firms which advised companies involved in acquiring, or being acquired by, other companies, according to a statement released by Preet Bharara, the U.S.
Attorney for the Southern District of New York.After successfully compromising two law firms, the group then allegedly bought shares in companies that were about to be acquired or which planned to acquire the other firms.
They then sold the shares after the M&A deals were announced.“This case of cyber meets securities fraud should serve as a wake-up call for law firms around the world: you are and will be targets of cyber hacking, because you have information valuable to would-be criminals,” he said in the statement. The FBI and the U.S.
Attorney’s office worked with the Securities and Exchange Commission, the Office of International Affairs and Hong Kong law enforcement to investigate the group. One of the accused, Iat Hong, a resident of Macau, was arrested by local authorities on Dec. 25 and is awaiting extradition proceedings. The attacks, which occurred in 2014 and 2015, targeted the email accounts and data of law-firm partners, aiming to gain sensitive information about the acquisitions.In one case, the group allegedly compromised a law firm that was advising a company contemplating purchasing Intermune, a U.S.-based drug maker.
After stealing 40 gigabytes of data from the law firm, the three men began purchasing Intermune shares.
After the company announced it would be purchased by Roche AG on Aug. 25, 2014, the men sold the 18,000 shares for a profit of $380,000, according to the U.S.
Attorney’s statement.In a similar attack, the men also allegedly learned of Intel’s intent to acquire Altera, making a profit of $1.4 million on the resulting stock transaction.
The trio also made $841,000 after learning that Pitney Bowes intended to buy BorderFree, an e-commerce company.The attackers took similar measures in two other transactions, prosecutors claim.
In addition, they targeted at least five other law firms and two robotics companies—in the latter case, stealing confidential and proprietary information.The two other accused men, Chin Hung and Bo Zheng, are residents of Macau and Changsha, China, respectively.
By purchasing shares before the public announcements were made, they made $4m. In addition, the defendants are alleged to have repeatedly attempted unauthorised access to the networks and servers of five other firms.
Between March and September 2015, they attempted to cause unauthorized more than 100,000 occasions. The three men charged with insider trading and hacking are Iat Hong, Bo Zheng and Chin Hung. The United States attorney’s office and the Federal Bureau of Investigation said Hong was arrested in Hong Kong on Christmas Day. Manhattan US attorney Preet Bharara said: "This case of cyber meets securities fraud should serve as a wake-up call for law firms around the world: you are and will be targets of cyber hacking, because you have information valuable to would-be criminals.” FBI assistant director-in-charge William Sweeney said: “The subjects charged in this case allegedly stole nonpublic information through unauthorized access to law firms’ computers, and used the information for their own personal gain. "The FBI works around the clock to keep these types of alleged securities fraudsters and cyber criminals from trading on stolen information, potentially manipulating the market at the cost of legitimate investors, and harm to corporations.” ® Sponsored: Customer Identity and Access Management
Both recycling companies purported to sell e-recycling services to companies and government organizations that needed to get rid of old electronics.
Brundage promised his clients that their old computers, TV monitors, and various other devices would be broken down into their component parts and recycled in keeping with federal guidelines. Instead, feds allege that Brundage shipped some of those electronics for illegal disposal in landfills overseas.
Those electronics included Cathode Ray Tubes (CRTs) from old computer and TV monitors, which contained “hazardous amounts of lead,” as well as batteries.
The electronics that weren't shipped to Asia were destroyed inappropriately on the premises of his businesses or stockpiled indefinitely in warehouses, which is forbidden by federal guidelines. According to the indictment, Brundage also improperly resold many of the electronics he acquired.
Between 2009 and 2015, Brundage received shipments of calculators from an unnamed technology company in Texas with instructions to disassemble the calculators and recycle them accordingly.
But Brundage apparently resold the calculators to another company based in Tampa, Florida, which purchased and sold used electronics. (The Chicago Tribune notes that one of Brundage’s clients was Texas Instruments, but the company didn't respond to Ars' request for comment on the matter.) In exchange for the shipments of calculators, Brundage allegedly had the company in Tampa directly pay some of Brundage’s personal expenses.
Those expense include between $31,000 and $39,000 per year for a nanny and $26,000 to $42,000 per year for a housekeeper, as well as tens of thousands of dollars for jewelry expenses and payments to an Indiana-based casino. Among the more colorful accusations in the US government’s indictment of Brundage: the businessman allegedly went to lengths to fool third-party auditors into giving his companies the certifications necessary to keep doing business as an e-recycler.
Brundage allegedly invited unknowing customers on sham tours of Intercon’s facility. Once there, he "directed Intercon's warehouse staff to set up a staged disassembly line to make it falsely appear as though Intercon regularly processed e-waste in a manner that was consistent with its public representations." The Chicago Tribune published a feature on Intercon in 2007.
In it, Brundage is quoted saying, “We put old products on a disassembly line. We break each item down to raw materials and send them off to be smelted and reused.” He added, “nothing that leaves here goes to a landfill.” The indictment against Brundage only reaches back as far as 2009, so it’s unclear whether Brundage’s statements in 2007 were actually the case or whether the Tribune had been duped.
Brundage has operated as an e-recycler since 2000 when he purchased Intercon Solutions from its previous owner. In fact, Brundage has faced accusations of improperly disposing of e-waste materials since 2011, when he applied for an e-Stewards Certification, a certification that says the recycler is held to high standards, through the Seattle-based Basel Action Network (BAN).
BAN is an environmental organization that fights toxic and electronic dumping.
Instead of simply certifying Intercon Solutions, BAN alleged that it found evidence that Intercon was shipping CRT monitors and batteries to Hong Kong.
Brundage denied the allegations.
In response, he sued BAN for defamation.
The case wound its way through the court and was dismissed by a Chicago federal judge in October 2015 (PDF). Last week’s indictment also accuses Brundage of shipping “large quantities of e-waste” to Hong Kong, adding that in May 2011, the Hong Kong Environmental Protection Department discovered a shipping container full of waste and sent the container back to the US.
The indictment alleges that after the May 2011 incident, Brundage destroyed business records pertaining to previous shipping agreements but continued to ship e-waste overseas, with fraudulent labels and shipping reports. Brundage allegedly took destruction of e-waste into his own hands, too. He allegedly smashed CRT glass “in outdoor areas, without taking measures to prevent the release of potentially hazardous material into the environment.” The US government says that Brundage earned “millions of dollars” from his illegal schemes.
The government is asking for a judgment requiring that he forfeit all property obtained “directly and indirectly” from the alleged dealings.
The relationship enables retailers to securely process payments in Asia-Pacific through Computop’s Paygate payment gateway using the payment methods that consumers in the region prefer and trust, helping to positively impact sales and the overall customer experience.A recent e-Marketer report noted that Asia-Pacific will remain the world’s largest retail e-commerce market, with sales expected to top $1 trillion in 2016 and more than double to $2.725 trillion by 2020.
Findings also noted that the region will see the fastest rise in retail e-commerce sales, increasing 31.5% this year.
In addition, according to a study by Kantar TNS, Asia-Pacific is leading the world in mobile payment with over half (53%) of connected consumers using their mobile phones to pay for goods or services at the point-of-sale via apps.
As such, the Computop and AsiaPay partnership enables retailers to capitalize on the growth opportunity that Asia-Pacific presents. “Expanding business into foreign markets may seem daunting, but working with companies that have a strong foothold in those regions and that understand the payment behaviors and preferences of consumers in those countries is key to retailer success,” said Ralf Gladis, CEO of Computop. “Through our partnership with AsiaPay, Computop is able to provide merchant customers with the opportunity to take advantage of Asia-Pacific consumers’ appetite for e-commerce. With Computop Paygate integrated with AsiaPay, retailers benefit from the secure payment options that southeast Asian consumers expect and trust.” “We are very honoured to be a strategic partner of Computop,” said Joseph Chan, CEO of AsiaPay. “Our company has more than 16 years of experience in credit card processing and international business service, giving us a solid position as a premier e-Payment player in the region.
Furthermore, we have a keen understanding of merchants’ payment requirements in the fast-paced e-commerce business environment. We believe that a strategic cooperation with Computop can help merchants improve their processing efficiency, thereby contributing to their business growth as well as support their global endeavor,” he added. Founded in 2000, AsiaPay offers secure and cost-effective electronic payment processing solutions and services to banks and e-businesses globally.
The company offers a variety of card payments, online bank transfers, e- wallets and cash payments across over 16 countries, including Hong Kong, China, India, Indonesia, Malaysia, Singapore, Philippines, Taiwan, Thailand and Vietnam.
It is a certified international 3-D secure vendor for VISA, MasterCard, American Express and JCB. Computop Paygate is a PCI-certified omnichannel payment platform that provides retailers with secure payment solutions and efficient fraud prevention for international markets.
Computop integrated AsiaPay into Paygate to offer merchants a wide range of payment methods in the Asia-Pacific region to support their cross-border and global commerce efforts. Payment methods available on Paygate include Alipay, American Express, JCB, Tenpay and WeChat, along with many other widely-accepted payment options that consumers in these countries use. About ComputopComputop is a leading global payment service provider (PSP) that provides compliant and secure solutions in the fields of e-commerce, POS, m-commerce and Mail Order and Telephone Order (MOTO).
The company, founded in 1997, is headquartered in Bamberg, Germany, with additional independent offices in China, the UK and the U.S.
Computop processes transactions totalling $24 billion per year for its client network of over 14,000 mid-size and large international merchants and global marketplace partners in industries such as retail, travel and gaming.
Global customers include C&A, Fossil, Metro Cash & Carry, Rakuten, Samsung and Swarovski.
Following the recent asset deal with the Otto Group, Computop is now processing payments for merchants that previously used EOS Payment, including all 100 Otto retail brands.
In cooperation with its network of financial and technology partners, which it has expanded over many years, Computop offers a comprehensive multichannel solution that is geared to the needs of today's market and provides merchants with seamlessly integrated payment processes. For further information, please visit www.computop.com. About AsiaPayFounded in 2000, AsiaPay, a premier electronic payment solution and technology vendor and payment service provider, strives to bring advanced, secure, integrated and cost-effective electronic payment processing solutions and services to banks, corporate and e-Businesses in the worldwide market, covering international credit card, China UnionPay (CUP) card, debit card and other prepaid card payments. AsiaPay is an accredited payment processor and payment gateway solution vendor for banks, certified IPSP for merchants, certified international 3-D Secure vendor for Visa, MasterCard, American Express and JCB.
AsiaPay offers its variety of award-winning payment solutions that are multi-currency, multi-lingual, multi-card and multi-channel, together with its advanced fraud detection and management solutions. Headquartered in Hong Kong, AsiaPay offers its professional e-Payment solution consultancy and quality local service support across its other 12 offices in Asia including: Thailand, Philippines, Singapore, Malaysia, Mainland China, Taiwan, Vietnam, Indonesia and India.
For more information, please visit www.asiapay.com and www.paydollar.com. ### For further information, please contact:Jessica MularczykAscendant Communications, for Computop in the U.S.Tel: 508-498-9300E-mail: email@example.com Charlotte HansonAscendant Communications, for Computop in the UKTel: +44 (0) 208 334 8041E-mail: firstname.lastname@example.org Valerie SanchezSenior Channel ManagerAsiaPayTel: (632) 887-2288E-mail: email@example.com Alvin ChanAssociate Director, Sales & MarketingAsiaPayTel: +852-2538 8278E-mail: firstname.lastname@example.org
Thales Releases Advanced Encryption Solutions for Secure Docker Containers, Simplified Deployment...
Vormetric Data Security Platform expansion includes patented, non-disruptive encryption deployment and advanced Docker encryption
December 8, 2016 – Thales, a leader in critical information systems, cybersecurity and data security, today announced the release of new capabilities for its leading Vormetric Data Security Platform.
These advances extend data-at-rest security capabilities with deeply integrated Docker encryption and access controls, the ability to encrypt and re-key data without having to take applications offline, FIPS certified remote administration and management of data security policies and protections, and the ability to accelerate the deployment of tokenization, static data masking and application encryption.
Announced today by Thales:
- General availability of Vormetric Transparent Encryption Live Data Transformation Extension: A patented solution that enables organisations to deploy and maintain encryption with minimal downtime.
Enables initial encryption and rekeying of previously encrypted data while in use.
Available previously as a pilot – now generally available.
- Vormetric Transparent Encryption Docker Extension: Extends Vormetric Transparent Encryption’s OS-level policy-based encryption, data access controls and data access logging capabilities to internal Docker container users, processes and resource sets.
Deploys and protects without the need to alter containers or applications.
Enables compliance and best practices for encryption, control of data access, and data access auditing for container accessible information.
Find additional information here: https://www.vormetric.com/products/containers.
- FIPS 140-2 level 3 certified remote data security management and policy control for Vormetric Data Security Manager V6100 appliance.
This innovation enables organisations with the most stringent compliance and best practice requirements to easily manage the full Thales line of Vormetric data security platform solutions without physical visits to data centers.
- Batch Data Transformation: Eases initial encryption or tokenization of sensitive database columns in environments that are protected with Vormetric Application Encryption or Vormetric Tokenization.
Also supports Static Data Masking requirements.
"IT system downtime is costly for any business, even when it is planned," said Bob Tarzey of UK-based Quocirca. "The financial consequences of IT disruptions arise from lost sales and productivity; in addition, consequent reputational damage can have a longer term knock-on effect," he added. "Downtime need not be caused by system outage, it can be due to data processing, which includes encryption.
The idea behind Vormetric's Live Data Transformation is to solve this problem, even for large databases with high transaction volumes.
Any organisation which needs to ensure both constant data security and availability should take a look at such technology."
Compliance requirements and best practices increasingly call for organisations to encrypt and control access to sensitive data, while also logging and auditing information about sensitive data access.
The company’s recent 2016 Vormetric Data Threat Report revealed that perceived “complexity” is the number-one reason that enterprises do not adopt data security tools and techniques that support these capabilities more widely.
These advanced data security controls directly address this problem by enabling enterprises to confidently support their digital transformation more easily and simply, and in more environments, than ever before.
“Thales continues to innovate by providing advanced data security solutions and services that delivers trust wherever information is created, shared, or stored,” said Vice President of Product Management for Thales e-Security, Derek Tumulak. “No other organisation offers the depth and breadth of integrated data security solutions, or enables enterprises to confidently accelerate their organisation’s digital transformation, like Thales.”
Availability: All new offerings are planned to be available in Q1 2017
About Thales e-Security
Thales e-Security + Vormetric have combined to form the leading global data protection and digital trust management company.
Together, we enable companies to compete confidently and quickly by securing data at-rest, in-motion, and in-use to effectively deliver secure and compliant solutions with the highest levels of management, speed and trust across physical, virtual, and cloud environments.
By deploying our leading solutions and services, targeted attacks are thwarted and sensitive data risk exposure is reduced with the least business disruption and at the lowest life cycle cost.
Thales e-Security and Vormetric are part of Thales Group. www.thales-esecurity.com
Thales is a global technology leader for the Aerospace, Transport, Defence and Security markets. With 62,000 employees in 56 countries, Thales reported sales of €14 billion in 2015. With over 22,000 engineers and researchers, Thales has a unique capability to design and deploy equipment, systems and services to meet the most complex security requirements.
Its exceptional international footprint allows it to work closely with its customers all over the world.
Positioned as a value-added systems integrator, equipment supplier and service provider, Thales is one of Europe’s leading players in the security market.
The Group’s security teams work with government agencies, local authorities and enterprise customers to develop and deploy integrated, resilient solutions to protect citizens, sensitive data and critical infrastructure.
Thales offers world-class cryptographic capabilities and is a global leader in cybersecurity solutions for defence, government, critical infrastructure providers, telecom companies, industry and the financial services sector. With a value proposition addressing the entire data security chain, Thales offers a comprehensive range of services and solutions ranging from security consulting, data protection, digital trust management and design, development, integration, certification and security maintenance of cybersecured systems, to cyberthreat management, intrusion detection and security supervision through cybersecurity Operation Centres in France, the United Kingdom, The Netherlands and soon in Hong Kong.
Thales Media Relations – Security
+33 (0)1 57 77 90 89
Thales e-Security Media Relations
+44 (0)1223 723612