Tag Archives: Twitter

Gigant Social Media Security Hole in Banking

Did you know that you can log into an American online banking service from outside the US, using only your Facebook log-in credentials? Well, now you do. And so does about a million criminal hackers from around the world…

“That’s the very, very, very risky thing about social networks. The idea of using them as an authentication platform really has its drawbacks. I really think it’s a bad idea.”

Dr. Ken Baylor

shawshank-1

Facebook and access to millions of people through a single social login process . All customers right there on the platform. And aid in registering and creating new online accounts. This “dream of a bank marketer’s” may soon turn into a horrible nightmare for the decision makers in the international banking industry.

I have suspected for a while that this may be the case:

But, last week it was confirmed through an article written by the banking industry itself and published on their own website, AmericanBanker.com.

image_17Not the fact that some banks have already started to allow users to access their bank accounts with a Facebook account as the only form for identification, but the fact that any breach of security that a user encounters on social networks could potentially spread to that person’s online bank account, and from there, leak into to highly connected global system of online banking.

According to vice president at information security research and advisory company NSS Labs. Dr. Ken Baylo, the social networking as an authentication factor have “just proven to be highly susceptible to malware, multiple times.”

Additionally. many unsophisticated users wouldn’t think twice about clicking on a malicious link, making it particularly enticing for criminals hackers.

“That’s the very, very, very risky thing about social networks,” says Dr. Ken Baylor.

“The idea of using them as an authentication platform really has its drawbacks. I really think it’s a bad idea.”

“Banks outside the US are starting to allow direct access to online banking through Facebook and that’s where there should be a concern about Facebook hacking,”  says Nicole Sturgill, research director in the cards and retail banking practice at CEB Towergroup.

“Facebook should be used as a gateway to online banking, but there should be an extra layer of security. No one should be able to log in to online banking with nothing but their Facebook ID and password,” Nicole Sturgill says.

Most banks in the US, though, are still  just using Twitter and Facebook for marketing and customer service messaging, rather than as a portal to online banking.

In addition to Facebook, banks are also planning to allow people to tie their bank accounts directly to Twitter.

“The benefits, for us, outweigh the potential risk,” says King.

“The fact is that Facebook’s login platform is still magnitudes more robust than most Internet banks.”

FULL POST @ RATIONAL ARROGANCE

3 Comments

Filed under International Econnomic Politics, Laws and Regulations, National Economic Politics, Technology

Microsoft Confirm: We’ve Been Hacked, too

We are not surprised, Microsoft writes in a statement released friday afternoon.  Quite frankly, neither am I…

As reported by Facebook and Apple, Microsoft can confirm that we also recently experienced a similar security intrusion.” 

Microsoft Security Response Center

hack-the-planet

When trying to log on to my online banking service this morning, I was met by a message that said that the service was down due to technical problems. It may, or may not, be related, but somehow I got a feeling it perhaps was more to this story than met my sleepy eyes.

And I really hate to tell you; I might be right.

On the Microsoft security pages, I found the following statement, issued on Friday afternoon:

As reported by Facebook and Apple, Microsoft can confirm that we also recently experienced a similar security intrusion.

The IT giant goes on explaining:

 During our investigation, we found a small number of computers, including some in our Mac business unit, that were infected by malicious software using techniques similar to those documented by other organizations.

Microsoft also says that the company has “no evidence of customer data being affected and our investigation is ongoing.”

Personally, I don’t find these standard press release statements very reassuring

In fact, I find the following line more interesting:

This type of cyberattack is no surprise to Microsoft and other companies that must grapple with determined and persistent adversaries.

Compared to the banking industry‘s attempts to convince me that online banking is totally safe, it seems rather clear that they are not telling me everything…

Here’s the prior analysis of emerging threat trends by Microsoft.

(Full statement)

4 Comments

Filed under International Econnomic Politics, Laws and Regulations, Technology

Anonymous: Going For Gold(man)

The group of hacktivists Anonymous , who just a week ago hacked into the servers of St. Louis Federal Reserve, has issued an alert about an upcoming attack against the mighty Goldman Sachs. According to Anonymous’ Twitter account, the hacktivist group wants to shut down Goldman Sachs’ Facebook and Twitter pages on Valentine’s Day to express its disdain for the financial behemoth. Nearly 900.000 Twitter followers received on Thursday an invitation to join in the cyber attack.

“Please help us to destroy twitter and Facebook account of Goldman Sachs february 14  |http://opgm1402.tumblr.com

Anonymous

BCRXRjYCQAAq7vY (1)

Anonymous released several e-flyers in several languages from its various Twitter accounts. All the e-flyers say the attack will involve three steps: First, Anonymous is encouraging supporters to report the Goldman Sachs Facebook and Twitter accounts as spam. Then, the flyer provides a URL where users can fill out an abuse form on Twitter (you can do the same on Facebook), reporting Goldman Sachs for Twitter malfeasance. In the final step, Anonymous followers are asked to make “friendly” phone calls to Goldman Sachs’ offices in London, Paris or Dublin, depending on which flyer they saw.

anon gold“Operation Goldman Sachs” is being run through an official Tumblr page. “#OpGm” isn’t the first time that Anonymous targeted Goldman Sachs. In 2011, Anonymous published the private personal information of a number of Goldman employees, including CEO Lloyd BlankfeinCNN wrote at the time that a Twitter user named CabinCr3w tweeted out that he had “doxxed,” or released, personal info of Goldman’s CEO, including Blankenfein’s age, education, recent addresses and legal cases he had been involved anon 2in.

At the time, Goldman Sachs declined to comment on the leak, International Business Times reports.

You may, of cource, have whatever opinion you what about the hacker’s vandalism, but it’s a nice gesture to give the victims a warning in advance, don’t you think?….

More info On the FED Hack

Reports also surfaced recently that Anonymous had hacked into the US Federal Reserve.

In an interview with ABC News, ex-Anonymous member Greg Housh says the hack was a result of the lack of prosecution of “big bankers that caused a lot of the problems we’ve had over the last few years.”

anon 3Housh also says to expect more Anonymous attacks on governments in the future.

The hack into the Federal Reserve resulted in the leaking of personal information of more than 4,000 bankers.

ABC News says the Federal Reserve hack may have been a part of “Operation Last Resort,” which was started earlier this year after Reddit co-founder Aaron Swartz committed suicide over charges of wire fraud, computer fraud, unlawfully obtaining information from a protected computer and recklessly damaging a protected computer.

Swartz, a hero and now a martyr to activists, faced as much as 35 years in prison if found guilty.

snon 4According to Insider Media Group, the planned “operation” is a reaction to a recent interview given by Huw Pill, a chief economist at Goldman. While talking to the Huffington Post, Pill suggested that France lower wages by approximately one-third in an effort to increase competition in the labor force.

The Operation Goldman Sachs Tumblr page is written in French, and might be an indicator that French hackers linked to Anonymous got the idea for the attack on Goldman from those comments.

Related by econoTwist’s:

1 Comment

Filed under International Econnomic Politics, Laws and Regulations, Technology