Are Cyber Criminals Hard To Catch?

Despite 100,000 cyber crimes being committed every year UK authorities only caught 12 hackers.

In fact on average just one person was convicted of an offence under the Computer Misuse Act every month for the past 23 years.

We assume that it was not the same bloke, because he would be the most luckless criminal ever.

Campaigners from the Digital Trust, which supports victims of online abuse, said police do not know how to cope with the problem.

Need more laws

Criminal justice expert Harry Fletcher, who is a director of the Digital Trust, said: “The police still concentrate their resources on traditional offences offline, but most people are more likely to be mugged online than in the street.

“The law needs to change. It should, for example, be an offence to use any technological device to locate, listen to or watch a person without legitimate purpose.

“In addition, restrictions should be placed on the sale of spyware without lawful reasons. It should also be against the law to install a webcam or any other form or surveillance device without the target’s knowledge.”

Of course just creating new laws is not going to mean that more hackers will be caught, it will just mean that there are more crimes which they could be arrested for.

The conviction rate against hackers are not bad, if the coppers do arrest someone. Between 1990 to 2006 only 183 defendants were proceeded against and 134 found guilty under the Computer Misuse Act.

Unfortunately the Trust did not see, to realize that a lot of the hacks against companies and individuals come from overseas, particularly Russian or China. Changing laws in the UK would not change anything.

Source

Samsung Buys LoopPay

Samsung Electronics Co Ltd has acquired U.S. mobile wallet startup LoopPay, signaling its intention to launch a smartphone payments service to compete with rival Apple Inc.

Mobile payments have been slow to catch on in the United States and elsewhere, despite strong backing. Apple, Google, and eBay Inc’s PayPal have all launched services to allow users to pay in stores via smartphones.

The weak uptake is partly because many retailers have been reluctant to adopt the hardware and software infrastructure required for these new mobile payment options to work. These services also fail to offer much more convenience than simply swiping a credit card, Samsung executives said on Wednesday.

LoopPay’s technology differs because it works off existing magnetic-stripe card readers at checkout, changing them into contactless receivers, they said. About 90 percent of checkout counters already support magnetic swiping.

“If you can’t solve the problem of merchant acceptance…, of being able to use the vast majority of your cards, then it can’t really be your wallet,” said David Eun, head of Samsung’s Global Innovation Center.

Injong Rhee, who is leading Samsung’s as-yet-unannounced payments project, said the Asian giant will soon reveal more details of its envisioned service. He would not be drawn on speculation the company may do so during the Mobile World Congress in Barcelona.

He said new phones such as the upcoming, latest Galaxy would support the service.

Apple Pay, launched in September, allows iPhone users to pay at the tap of a button. Executives have lauded its rapid rollout so far, including the fact that more than 2,000 banks now support it and the U.S. government will accept Apple Pay later this year.

But Apple Pay requires retailers to install near-field communication and some have been reluctant. In addition, many retailers such as Wal-Mart Stores Inc and CVS Health Corp, back their own system, CurrentC.

Samsung had invested in LoopPay, along with Visa Inc and Synchrony Financial, before its acquisition. Terms of the deal, which Samsung negotiated over several months, were not disclosed.

It’s unclear how else Samsung could differentiate its service versus Apple’s or other rivals.

Source

Target Makes Information Security Changes

Target Corp announced an overhaul of its information security processes and the departure of its chief information officer as the retailer tries to re-gain customers and investors after a massive data breach late last year.

CIO Beth Jacob is the first high-level executive to leave the company following the breach, which led to the theft of about 40 million credit and debit card records and 70 million other records of customer details.

Jacob, who comes from a sales background and has been CIO since 2008, will be replaced by an external hire, according to sources at Target.

“It’s a decision that should have been made by the CEO on January 1, not through the resignation of an employee that overlooked critical weakness in the operating model,” Belus Capital Advisors CEO Brian Sozzi said.

The breach at Target was the second largest at a U.S. retailer, after the theft of more than 90 million credit cards over about 18 months was uncovered in 2007 at TJX Cos Inc, operator of the T.J. Maxx and Marshalls chains.

Hacking has become a major concern for retailers in the United States. In the latest reported breach, beauty products retailer and distributor Sally Beauty Holdings Inc said on Wednesday its network had been hacked but no card or customer data appeared to have been stolen.

Target Chief Executive Gregg Steinhafel said the company would elevate the role of chief information security officer as part of its plan to tighten its security.

The company will also look externally to fill that position as well as the new position of chief compliance officer.

Steinhafel said Target would be advised by security consultant Promontory Financial Group as it evaluates its technology, structure, processes and talent.

“I believe this is definitely a measure in restoring faith and really showing that they are taking the breach seriously,” Heather Bearfield, who runs the cybersecurity practice for accounting firm Marcum LLP, told Reuters.

Target, the third-largest U.S. retailer, said last week customer traffic had started to improve this year after falling significantly toward the end of the holiday shopping season when news of the cyber attack spooked shoppers.

Source

Did Sears Suffer A Data Breach?

Sears Holdings Corp acknowledged it has launched an investigation to determine whether it was the victim of a security breach, following Target Corp’s revelation at the end of last year that it had suffered an unprecedented cyber attack.

“There have been rumors and reports throughout the retail industry of security incidents at various retailers and we are actively reviewing our systems to determine if we have been a victim of a breach,” Sears spokesman Howard Riefs said in a statement on Friday.

“We have found no information based on our review of our systems to date indicating a breach,” he added.

He did not say when the operator of Sears department stores and Kmart discount stores had begun the investigation or provide other information about the probe.

Sears Holdings Corp operates nearly 2,500 retail stores in the United States and Canada.

Bloomberg News reported on Friday that the U.S. Secret Service was investigating a possible secret breach at Sears, citing a person familiar with the investigation. The report did not identify that source by name.

The Bloomberg report said that its source did not disclose details about the scope or timing of the suspected breach.

A spokesman for the U.S. Secret Service declined comment when Reuters asked if the agency was investigating a possible breach at Sears.

The Secret Service is leading the U.S. government’s investigation into last year’s attack on Target, which the company has said led to the theft of some 40 million payment card numbers as well as another 70 million pieces of personal data.

Source

Hacked Companies Still Not Alerting Investors

At least a half-dozen major U.S. companies whose computer networks have been breached by cyber criminals or international spies have not admitted to the incidents despite new guidance from securities regulators urging such disclosures.

Top U.S. cybersecurity officials believe corporate hacking is widespread, and the Securities and Exchange Commission issued a lengthy “guidance” document on October 13 outlining how and when publicly traded companies should report hacking incidents and cybersecurity risk.

But with one full quarter having elapsed since the SEC request, some major companies that are known to have had significant digital security breaches have said nothing about the incidents in their regulatory filings.

Defense contractor Lockheed Martin Corp, for example, said last May that it had fended off a “significant and tenacious” cyber attack on its networks. But Lockheed’s most recent 10-Q quarterly filing, like its filing for the period that included the attack, does not even list hacking as a generic risk, let alone state that it has been targeted.

A Reuters review of more than 2,000 filings since the SEC guidance found some companies, including Internet infrastructure company VeriSign Inc and credit card and debit card transaction processor VeriFone Systems Inc, revealed significant new information about hacking incidents.

Yet the vast majority of companies addressing the issue only used new boilerplate language to describe a general risk. Some hacking victims did not even do that.

Source…