Tag: identity protection
Visit The Register's storage hub
It isn't just legitimate services - from genealogy sites to public records and social media - that can be mined and exploited for nefarious purposes. Openly malicious criminal activities are also happening on the public Internet. True, much of the cybercrime underground consists of private and established communities that don't appear in a normal search engine and are not accessible by regular users without special authorization. However, according to the team at identity protection and fraud detection provider CSID, there are different levels of cybercriminal resources - and not all are so tightly protected.
The quality and quantity of the more easily accessible forums are still high, say the CSID team, and anyone can access content such as stolen credit cards, cyberattack tools, and even advanced malware, which can be leveraged with minimal technical know-how required. Adam Tyler, chief innovation officer at CSID, describes how black-market organizations are becoming more like traditional online businesses we visit and buy from every day. “For example," he says, "many sites now have their own Facebook, Twitter and even YouTube pages to advise their member base on new attacks and tools that are available.” Data sold on criminal marketplaces “age quickly, meaning that once the information is stolen, it has to be used for fraudulent purposes quickly,” says Christopher Doman, consulting analyst at Vectra Networks. “The more times the information is abused for fraud, the more the information will be devalued.” “Companies should have these marketplaces monitored, looking for trends in data breaches and attacks as well as to see if any of their data has been compromised,” says Carefree Solutions’s CEO Paul San Soucie. “One point that I’m not sure is evident is that there is more public and Dark Web research than any one IT person can handle. Researching and absorbing this information requires significant training and experience.
Even large US banks that have dedicated security staff are not able to do some of the research and analysis that specialized reconnaissance teams can perform.” San Soucie nevertheless suggests treading carefully when doing this research. "While you can get to most of these sites using standard https, I still consider them dark and strongly recommend accessing them via a VPN as both criminal and government sources track access in some cases.” Read on for a collection of some of the popular sites where private data, credentials, and attack tools are up for sale, or even for free download. Sean Martin is an information security veteran of nearly 25 years and a four-term CISSP with articles published globally covering security management, cloud computing, enterprise mobility, governance, risk, and compliance—with a focus on specialized industries such as ...
View Full Bio 1 of 10 More Insights
Symantec's acquisition of LifeLock is a big boost to the company's consumer business, but Norton Executive Vice President Fran Rosch said partners should expect to see some benefits to the enterprise security portfolio, as well.
Symantec announced late Sunday that it would acquire LifeLock for $2.3 billion, with the deal expected to close in the first quarter of 2017. LifeLock offers a collection of identity protection and remediation services for consumers.
In an interview with CRN, Rosch said the LifeLock acquisition moves Symantec into more value-added services, above and beyond its traditional Norton antivirus portfolio. Rosch said Symantec was drawn to LifeLock because of its ID analytics capabilities, high customer rankings and strong partner channel.
"In the past, we have seen a lot of our customers most worried about PC-based malware and viruses, which they now expect to be solved. Now, their hottest topics are around identity theft, the privacy of their information and where it is," Rosch said.
"This market is such a fast-growing market.
In the Norton space, there is a lot of competition and identity protection is a faster growing market.
Combining [these two companies], the consumer business will be growing and maintaining strong profitability. We're really excited about the positive growth this will bring for Norton and for our partners," he said.
Rosch said the benefits of the deal, while primarily focused on the company's consumer business, will also bleed into the enterprise side of the house. He said LifeLock's ID analytics business could appeal to enterprise customers, as well as its fraud mitigation service. He said the company's big data analytics capabilities could ultimately connect with Symantec's threat intelligence database.
"That's something we want to nurture, but the consumer side will be the focus," Rosch said.
For partners, Rosch said he sees "natural" opportunity for service provider and telco partners, who are looking for additional services prospects. He said the LifeLock acquisition also opens a new channel of partners for Symantec for employee benefit program brokers, of which there are dozens.
Jason Eberhardt, vice president of strategic alliances at Chicago-based Conventus, said he is "very excited" to see Symantec continue to expand its security offerings with "an extremely strong product" from LifeLock. He said that is important because his business "will be able to offer more protection to our customers" with the combination of Symantec and LifeLock offerings.
"Cybersecurity is ever-changing and constantly evolving.
These are the types of moves that keep us in the forefront.
This will be great for the partners as they will be able to now offer more solutions to our joint clients," Eberhardt said.
The deal is expected to close...
In its second blockbuster deal in less than a year, Symantec unveiled plans to acquire LifeLock for $2.3 billion.
The buy primarily expands Symantec's consumer business, adding identity protection and remediation services.
“People’s identity and data are prime targets of cybercrime.
The security industry must step up and defend through innovation and vigilance,” Dan Schulman, Symantec’s chairman of the board, said in a statement. “With the acquisition of LifeLock, Symantec adds a new dimension to its protection capabilities to address the expanding needs of the consumer marketplace.”
[Related: 10 Companies Symantec Could Buy Next]
The deal is expected to close in the first calendar quarter of 2017, at which time the combined company would be the largest consumer security business.
The acquisition news comes after a week of rumors that Symantec was looking to buy the company, following a Bloomberg report that said LifeLock was being eyed by Symantec, buyout group Permira or private equity group TPD, which in the process of closing a deal on competitor Intel Security.
Elliott Management owns an 11 percent stake in LifeLock.
Elliott Management also reportedly has a large stake in Symantec.
While the deal focuses on building Symantec's consumer business, Jane Wright, principal analyst at Technology Business Research, said it could provide some ancillary benefits to the company's enterprise security business. Wright said the consumer business provides the bulk of Symantec's operating profits, money it then uses to funnel investments into its less profitable enterprise division.
"I think it’s a really good idea. … Symantec probably looked at this [acquisition] and said it will give us our funding for the new things we want to do in the enterprise and with Blue Coat," Wright said, referring to Symantec's $4.65 billion blockbuster acquisition of Blue Coat Systems, which closed in August. "I fully expected them to have to do something to keep the consumer side of the business going.
This is a strong advance in this idea."
From a product perspective, Wright said the acquisition helps Symantec expand its Norton security line beyond just products, as antivirus and other transactional security products become commoditized. Wright said she also believes the LifeLock products could extend into the enterprise side of the portfolio down the road, particularly around Internet of Things security.
That deal saw Clark—who had been Blue Coat’s CEO—take the helm at Symantec.
The company's former boss, Michael Brown, was ousted earlier this year following disappointing financial results. This post originated on Ars Technica UK
The security giant said it plans to finance the transaction with cash supplemented by $750m of new debt.
The deal – which is subject to LifeLock stockholder approval and US regulatory approval – is not expected to affect Symantec's FY17 results. Symantec's share price dropped marginally on the announcement of a deal that effectively involves it "doubling down" on the consumer security market.
Data breaches and the identity theft that sometimes results are a growing problem but whether the sometimes controversial LifeLock offers a comprehensive defence is far from convincing. LifeLock's identity theft protection system is designed to alert subscribers about fraudulent applications for loans, credit cards or other financial services. The $2.3bn price tag ($24 per share) offered from Symantec represents a 16 per cent premium on LifeLock's Friday closing share price of $20.75, itself a year-long high. LifeLock was also reportedly being pursued by private equity firms Permira, TPG, and Evergreen Coast Capital, as well as Symantec. Symantec sold data storage software firm Veritas to Carlyle Group for $7.4bn earlier this year.
Since then it has purchased Blue Coat for $4.65bn and now LifeLock for $2.3 billion in a bid to redefine itself as a pure play cybersecurity firm. The purchase price looks high even though LifeLock is profitable.
The company's net income for 3Q16 came out at $14.4m on sales of $170.3m. Last year LifeLock was obliged to pay $100 million to settle charges (PDF) of failing to maintain a comprehensive information security program and deceptive advertising.
The court order followed FTC enforcement action against LifeLock for alleged violations of an earlier 2010 order. ® Sponsored: Customer Identity and Access Management
It took the ZoneAlarm crew years to get out the message that consumers need firewall protection too.
Executives from the nation's two largest cable companies testified in a hearing in response to a Senate investigation detailing the industry's shortcomings. Comcast Cable Senior VP of Customer Service Tom Karinshak detailed some customer service initiatives, mostly ones that are already in progress.
Transcripts of the companies' testimony along with Senate investigative reports are available here.
AT&T (owner of DirecTV) and Dish also testified. "At Comcast, we understand why we are here," Karinshak said. "We and the industry as a whole have not always made customer service the high priority it should have been. We regret that history and have committed to our customers that we will lead the way with initiatives to change it; we are committed to making every part of our customers’ experience better, and we have already begun to do so." Comcast said it has come up with a customer "Bill of Rights" with principles including these: more training and technology for employees; fair prices for customers; being on time and minimizing wait times; enabling self-service; keeping bills simple and transparent; re-assessing policies and fees that frustrate customers; crediting customers proactively for outages and billing errors; allowing customers to end their service without a hassle; [and] measuring employees on customer satisfaction. A Senate investigative report found that Charter and its new subsidiary, Time Warner Cable (TWC), have been overcharging customers at least $7.2 million per year for equipment and service. While Comcast apparently isn't as big an offender in that area, Senate Democrats released a second report detailing other failures common to Comcast and fellow pay-TV operators. The report gave special attention to the various fees that raise prices above advertised rates and how cable companies make it hard for customers to downgrade or cancel service. Comcast has been particularly infamous in this regard, with "retention agents" refusing to process cancelation requests until Comcast customers convince agents that they really do have a good reason to cancel. In response to senators' criticism, Karinshak said Comcast has "provided additional guidance to our retention representatives about the disconnect process for our customers and continue to work on ways to further streamline disconnect requests.
For example, we’re piloting a program to make it easier to cancel service online.
As part of the pilot, customers can now log on, enter a request, and cancel their service. We follow up by phone within two days just to verify the request, which we have to do for privacy and identity protection reasons (e.g., to verify the identity and credentials of the individual who canceled the account), and we will even make arrangements for them so all they have to do is drop any equipment they have at a local UPS store and have it sent back to us at no charge. We are continuing to explore other ways to make this process even simpler for our customers." Even this process can't be fully completed online and requires customers to explain why they're canceling, we noted in a previous story about California legislation that would require ISPs to let customers cancel online. Enlarge US Senate As for fees, Karinshak said Comcast recently stopped charging "change-of-service fees" but said it continues to charge many others.
Charging for "optional add-on services like our DVR service or for enabling HD technology" allows customers to get a lower bill if they don't want those services, he said. Comcast has extended the time in which customers can dispute charges from 60 to 120 days, given "front-line agents" the authority to issue credits of up to $100, and "afforded customers who say that they returned equipment the benefit of the doubt without requiring a receipt," he said. Other ongoing Comcast customer service initiatives described by Karinshak include the following: Creating more than 5,500 US-based customer service jobs over three years. Automatically crediting customers $20 when technicians arrive late. Giving employees a new cloud-based platform with "a better, holistic view of the customer’s account history so they have everything they need... to help customers faster and you won’t need to start over each time you talk to a different agent." Renovating and opening hundreds of retail stores. Devoting 125 employees to handle complaints on social media. Providing an interactive troubleshooting guide for customers within the "My Account" app. Karinshak also said that pay plans for employees, including top executives, now depend on customer satisfaction scores—which are pretty low, at least when measured by third-party research firms.
But Comcast uses internal metrics to judge its employees and set pay, the company told Ars. Charter's plan and more details on overcharges Charter, meanwhile, has its work cut out for it because it's still in the early stages of integrating Time Warner Cable (TWC) after an acquisition that made the company nearly four times larger. Charter has been trying to improve customer service since 2012, in part by "insourc[ing] thousands of Americans jobs that had previously been located overseas," said Charter Executive VP of Customer Operations Kathleen Mayo. Charter expects to hire another 20,000 US citizens as it continues to in-source service operations. "Today, nearly 90 percent of our customer calls are handled onshore and in-house, and 95 percent of our in-home service visits are performed by Charter employees, rather than third-party contractors," Mayo said. "By bringing those jobs in-house, Charter is better able to manage and train the people who work directly with our customers." As we reported yesterday, Charter has agreed—under pressure from senators—to identify billing overcharges and automatically credit customers. Out of 11 million Charter boxes in customers' homes (excluding TWC), Charter found 63,000 instances where customers were overbilled for the boxes at some point over the past 9 months.
Since Charter acknowledged that it has overcharged customers at least $442,691 per month, that works out to average overcharges of $63.28 for each box victimized by over-billing.
Before the TWC merger, Charter had 6.8 million subscribers, so there's more than one box per customer. "We were pleased that our accuracy rate [more than 99 percent] was as high as it was, but I will never be satisfied until we have zero instances of over-billing," Mayo said. "For the affected customers we identified over the course of this review, we will explain in their next bill that they were overcharged and will be issued a 12-month credit for those equipment fees.
During the course of this process, we also discovered approximately 9,000 boxes for which customers were not billed, though they should have been. We will correct and explain the discrepancy moving forward but will not seek to collect those fees that should have been charged." To eliminate this type of billing problem going forward, Charter has implemented "controls to catch any box/customer mismatch on a daily basis." The Senate report said this is progress, but added that it doesn't offer a complete solution.
Charter has not yet completed all the work necessary to determine how much it has over-billed customers, the report said.
That's why the numbers are described as the minimum that Charter has overcharged customers, rather than the full amount. Charter also "estimates that it has annually overcharged approximately 5,897 Missouri customers a total of $494,000 each year," nearly $84 per customer.
This data came in response to a query by Sen.
Claire McCaskill (D-Mo.). TWC—which was still independent when the Senate began its investigation—has started performing monthly audits to find overcharges and issue automatic credits, and it will move from monthly to daily audits under Charter ownership.
But the changes won't involve refunds to customers for all of the overcharges they've paid over the years. Neither Charter nor TWC automatically refunded or credited customers during the 6.5-year span studied by the Senate investigation. Time Warner Cable's total overcharges worked out to $1.9 million a year, affecting a small fraction of the 37 million pieces of equipment in service. "Our equipment billing error rate for video subscribers is a very small .07 percent and for Internet subscribers, .03 percent," TWC Chief Operating Officer John Keib said. (Keib left the company after the Charter acquisition.) Mayo said Charter is trying to be "a different kind of cable company." "To improve the customer experience and focus instead on our products, we don’t charge common industry fees like additional modem fees, sports surcharges, separate USF [Universal Service Fund] fees, or early termination charges," Mayo said. Charter says its metrics show a 12-percent increase in customer satisfaction since 2011. While senators pointed out that customers often cannot get their problems resolved on the first phone call, Charter said it is resolving problems on the first call 80 percent of the time. There's still a ways to go for both Charter and Comcast: a recent Temkin Group customer survey rated ISPs and pay-TV providers as the nation's least-liked industries.
As we previously reported, "Among eight ISPs rated, four got very poor ratings: Time Warner Cable (48 percent), Charter (48 percent), Cablevision (47 percent), and Comcast (40 percent)." Comcast scores remain low even though Comcast Executive VP David Cohen pledged major changes in front of a Senate hearing more than two years ago. Disclosure: The Advance/Newhouse Partnership, which owns about 13 percent of Charter, is part of Advance Publications.
Advance Publications owns Condé Nast, which owns Ars Technica.