rfc internet protocol

Phishing for Bitcoin

By Jeff John Roberts

It had to happen sooner or later: The two biggest tech stories of 2017–foreign cyber attacks and bitcoin–have come together perfectly in a single story. Namely, it looks like the infamous North Korean hacking outfit, The Lazarus Group, is running a spear-phishing campaign aimed at executives of cryptocurrency companies.

You may remember this gang from previous outrages such as the WannaCry ransomware outbreak, the hacking of Sony, and the $81 million cyber-heist from the Bangladesh Central Bank. Their latest scam, identified by Secureworks, involves sending emails about a Chief Financial Officer position that contain an infected Microsoft Word document.

As ZDNet reports, clicking on the document triggers a piece of malware that allows the attacker access to the victim’s computer. It’s unclear if any of the targeted executives have fallen for the phish or if the scheme has yielded the Lazarus Group any bitcoins. Let’s hope not–in part because crypto-currency companies know the risk of cyber-threats better than most, and should not be hiring people who click on random Word documents.

More broadly, the idea of North Korea phishing for bitcoin is intriguing because the phenomenon is at once so new and so old. It’s new because countries until very recently didn’t even take bitcoin seriously–and now, as the price of a bitcoin tops $18,000, rogue nations are telling their militaries to go forth and steal it.

At the same time, though, North Korea’s phishing antics can also be seen as a twist on the centuries-old military tactic known as privateering. Once upon a time, this tactic took the form of kings and queens granting letters of marque that allowed privateers to roam the oceans and plunder booty from enemy merchant ships. Today, North Korea is allowing its hackers to operate as digital privateers in search of crypto plunder like bitcoin.

This modern version of privateering is not as exciting as grand naval battles with cannons and cutlasses, but no doubt it’s just as lucrative. Have a good weekend.

Jeff John Roberts

@jeffjohnroberts

jeff.roberts@fortune.com

Welcome to the Cyber Saturday edition of Data Sheet, Fortune’s daily tech newsletter. You may reach Robert Hackett via Twitter, Cryptocat, Jabber (see OTR fingerprint on my about.me), PGP encrypted email (see public key on my Keybase.io), Wickr, Signal, or however you (securely) prefer. Feedback welcome.

THREATS

Bailing on Blockchain: In theory, it sounds great to create a coalition and build a distributed ledger tool for everyone. The reality is more messy: more than 15 members of the Hyperledger Project recently bailed and/or cut off their funds to the much-hyped blockchain project. This follows a similar break-up at R3, the blockchain-for-banks consortium.

Cutting off Kaspersky: The popular anti-virus product is tangled up with a good part of the US government’s IT systems–a big problem since the software maker is strongly suspected of ties to the Kremlin. The White House has hurried up efforts to cashier Kaspersky with an order banning its use anywhere in the government.

Creepy Keyboards: Key-logging software, which lets a third party record what you type, is a popular tool among spies and hackers–it’s not something you want pre-installed on your new computer. Yet that’s what HP did with hundreds of lap-top models. A security researcher discovered that anyone with administrative privileges could activate it. HP is working on a fix.

Easy there, Anderson: The normally bland Twitter account of CNN host Anderson Cooper spat out a string of abuse at Donald Trump in a tweet this week. The network portrayed it as a hack, pointing out that Anderson was in a different city from where the tweet was sent–the latest is that Anderson’s aide left a phone with the Twitter account unattended at the gym.

Feds Nail Mirai Miscreants: Remember that nasty botnet composed of hijacked IoT devices that took down servers across the east cost last year? Well, it turns out Brian Krebs was right: a Rutgers student running a Minecraft scam was responsible for the botnet havoc. The student and two others pled guilty and say they’re sorry.

Share today’s Data Sheet with a friend:

http://fortune.com/newsletter/datasheet/

Looking for previous Data Sheets? Click here.

ACCESS GRANTED

“If you feed the beast, that beast will destroy you,” Palihapitiya advised his audience. “The short-term, dopamine-driven feedback loops that we have created are destroying how society works. No civil discourse, no cooperation, [but] misinformation, mistruth.”

Facebook’s former head of user growth, Chamath Palihapitiya, recently offered a contrite and frightening account of what the company has built. David Meyer has a nice summary of his remarks.

ONE MORE THING

The best holiday movie ever? It’s decided. Wonderful holiday classics include It’s a Wonderful Life and A Christmas Carol, but some (including me) believe the best of the bunch is a little action film called Die Hard. Objectors have claimed Die Hard isn’t a Christmas movie but now a prominent head of state has settled the question. Thanks, Justin Trudeau, and Ho ho ho!

Read more here:: fortune.com/tech/feed/

Idemia and FlexiGroup to launch Australia’s first MOTION CODETM credit card

By Zenobia Hegde

IDEMIA, the provider in trusted identities for an increasingly digital world, announced its partnership with FlexiGroup, Australia’s market supplier in Point of Sale consumer and commercial finance to launch Australia’s first MOTION CODE credit card.

Developed by IDEMIA (formerly known as OT-Morpho), the MOTION CODE credit card is a high-tech payment card with a dynamic security code (CVV2) that automatically changes hourly. Instead of a static security code printed on the back of a bank card, the MOTION CODE CVV2 is displayed on an e-paper “mini-screen”.

The security code automatically refreshes to a random security code every hour. This solution has no impact on the cardholder journey for safer online transactions: if compromised, this dynamic data becomes rapidly unusable.

As online shopping becomes increasingly popular, the cases of online fraud have escalated with online fraud in Australia rampant at $417 m(€354.07 m) last year and growing 15% per year, according to the Australian Payments Network. FlexiGroup will be the first company to launch MOTION CODE credit cards in Australia in the first half of 2018.

“The security of our customers’ payment details is tremendously important to us and the levels of security are constantly evolving with the increasing use of online payments. The addition of this dynamic security feature means FlexiGroup will be able to offer customers advanced safeguarding when making online purchases.”

“We continually strive to deliver innovative and tailored financial solutions for our customers and we are excited to partner with IDEMIA to be the first to bring MOTION CODE technology to Australians”, said Symon Brewis-Weston, CEO of FlexiGroup.

“We are thrilled about this exclusive launch of MOTION CODE here as it is the first product of its kind in Australia and has the potential to significantly impact the online payments industry by reducing fraud. But more importantly, MOTION CODE can create better customer experience for shoppers as well as provide a strong sense of comfort and security for buyers to go online”, said Mark Garvie, Asia Pacific managing director for Financial Institutions activities at IDEMIA. FlexiGroup is also partnering with Mastercard to bring this new MOTION CODE card to market.

“Safety and security is one of Mastercard’s global priorities, so we’re incredibly excited to partner with FlexiGroup to enable the launch of this Australian-first technology. We believe this technology will help shape the future of fraud prevention in Australia to make payments more secure, convenient and reliable for both businesses and consumers”, said Matt Barr, senior vice president: Core, Digital and New Payment Flows.

FlexiGroup will announce further details on a new product offering featuring MOTION CODE technology closer to launch in 2018.

Comment on this article below or via Twitter: @IoTNow_OR @jcIoTnow

The post Idemia and FlexiGroup to launch Australia’s first MOTION CODETM credit card appeared first on IoT Now – How to run an IoT enabled business.

Read more here:: www.m2mnow.biz/feed/

Nearly three-quarters of retail orgs lack a breach response plan

By Zenobia Hegde

With more than 174 million Americans shopping over the Thanksgiving holiday weekend, it’s looking to be a busy holiday season for retailers this year. As shoppers continue hunting for the perfect gift over the next couple weeks, it’s important to remember that cyber criminals will likely be on the hunt as well. How prepared are retailers to deal with an attack?

In an effort to answer that question, Tripwire surveyed IT security professionals working in retail organisations about their experiences and attitudes towards factors affecting IT security. The results found that a large majority are not fully prepared for data breaches this holiday season.

Of the respondents, only 28% of respondents said they have a fully tested plan in place in the event of a security breach. 21% said their organisation doesn’t have a plan at all, and the same proportion of respondents said they didn’t have the means to notify customers of a data breach within 72 hours, a requirement specified by the General Data Protection Regulation (GDPR).

“Considering the amount of high-profile data breaches that have occurred recently, plus the continued discussion around GDPR, it is surprising and concerning that many retailers do not have a tested plan in the event of a security breach,” said Tim Erlin, vice president of product management and strategy at Tripwire. “It’s encouraging that most respondents think they can meet the 72-hour notification window as set out in the upcoming GDPR, but if they haven’t tested their plans, I don’t know how confident they should be in that assumption.”

Only a small minority of the retail industry felt fully secure in their incident response capabilities. 23% of respondents said they were “fully prepared” to absorb potential financial penalties. Even fewer professionals (15%) said they were fully prepared to manage customer and press communications following an incident.

Not all the survey’s findings were discouraging, however. The results did provide some hope that the industry is moving in the right direction. More than half of respondents (57%) said that their organisation’s ability to detect and respond to a security breach has improved in the past year and a half. With the holiday season in full swing, organisations should make sure they have proper security safeguards in place.

“It’s really critical that organisations have a good view of what’s on their network at all times, that they harden their systems with secure configuration and vulnerability management, and that they are able to continuously monitor for change and are alerted to any drift outside the established security and compliance policies,” said Erlin.

There are a number of effective and established security control frameworks available to guide organisations, such as the CIS Critical Security Controls. Implementing even the most basic security controls can go a long way in improving an organisation’s security posture.

Comment on this article below or via Twitter: @IoTNow_OR @jcIoTnow

The post Nearly three-quarters of retail orgs lack a breach response plan appeared first on IoT Now – How to run an IoT enabled business.

Read more here:: www.m2mnow.biz/feed/

On the Road Again: Highlights from ARIN’s Outreach

By Susan Hamlin

We are celebrating our 20th anniversary this December and have found ourselves reflecting over these last two wonderful decades. One of the most important organizational objectives we have here at ARIN is our community outreach efforts. We make it a priority to reach out to you, our community, to provide the tools and advice you need when it comes to Internet number resources. We have hosted and attended an incredible number of events over the years, and thought it would be fun to look back and share where we’ve been and what we’ve accomplished with our community.

What kind of outreach do we do?

Each year, we host or attend a number of different events. Twice annually we hold our Public Policy and Members Meetings in the second and fourth quarters in various locations throughout our region. These meetings provide an opportunity for the entire Internet community to engage in policy discussions, network with colleagues, and attend workshops and tutorials. Everyone with an interest in Internet number resources is welcome to attend the Public Policy & Members Meetings and registration is free!

We also host many ARIN on the Road events around our region throughout the year. These free events provide local communities with the latest news from ARIN, covering everything from requesting IP addresses and Autonomous System Numbers (ASNs) to the status of IPv6 adoption, to current policy discussions, and updates about our technical services. Did you know that you can request an ARIN on the Road in your city, town, or metro area? I encourage you to send an email to info@arin.net if you believe your local Internet community would be interested in participating.

While we do discuss IPv6 at ARIN on the Road, that is not the only way we continue to spread the word in support of IPv6 deployment. Our message has evolved since we started actively promoting IPv6 in 2007, when we set up our TeamARIN site and began exhibiting at major industry shows. Today we exhibit at fewer tradeshows, but we do send speakers to many events across a wide range of industries, where we encourage organizations to prepare for the future by enabling IPv6 on their websites.

Additionally, members of our team attend community events around the world. Whether it be other RIR meetings, Internet Governance events, or partners such as NANOG or CARIBNOG, we believe it’s important to show our support to the wider Internet community. For a full list of events we host or attend, check out our events page.

Where was our first meeting?

Our first members meeting took place in Chantilly, Virginia on 20 March 1998. Since then, we’ve held a total of 40 meetings over the last 20 years!

Where was our first AOTR?

Our first ARIN on the Road event was held in Phoenix, Arizona on 17 August 2010. Since then we have held an additional 46 AOTR events and counting!

How can you get involved?

Phew! As you can see, we’ve done a lot over the last 20 years, but we’ve only just begun. We plan to continue expanding our outreach efforts around our region, including a continued focus on the Caribbean, and it is all possible thanks to our wonderful community.

There are so many ways you can continue to get involved with ARIN, including:

  • Subscribe to our mailing lists to discuss Internet number resource policy development and keep up with ARIN services and activities
  • Attend an ARIN meeting – We have great remote participation capabilities if needed
  • Don’t forget you can apply for a fellowship! We are accepting fellowship applications to ARIN 41 in Miami 15-18 April 2018
  • Attend our ARIN on the Road events
  • Member organizations, get involved in our election process

The post On the Road Again: Highlights from ARIN’s Outreach appeared first on Team ARIN.

Read more here:: teamarin.net/feed/

Vodafone and Huawei live trial extends range of pre-standard 5G in Milan

By Zenobia Hegde

Vodafone and Huawei have completed a trial on a full end-to-end (E2E) network of a technique to improve the range of high frequency spectrum that can in future be used to deliver 5G to its customers. Italy’s Ministry for Economic Development has made frequencies available to Vodafone so that it can trial pre-standard 5G in Milan. An E2E test network has been built for that purpose.

High frequency bands can connect many users at the same time, but broadcast over a more limited distance than lower frequencies. However, Vodafone, working with Huawei, has pioneered a new approach to improve the coverage range of that high frequency spectrum.

Instead of using a single frequency band to communicate between a smartphone and the network, the two telecoms companies tested using different frequency bands for downlink and uplink transmissions.

The downlink is used to receive data from the network – like news read on a smartphone – and the uplink is used to send data through the network – like emails or posts on social media.

The trials compared two scenarios using Vodafone’s 5G test network sending Gigabits of data. In scenario one, the same high frequency band was used for both the downlink and uplink. In scenario two, a high frequency band was used for the downlink, while a low frequency band was used for the uplink.

This capability — known technically as uplink & downlink decoupling — is currently being standardised by 3GPP, a leading organisation through which industry-wide standards are agreed for the implementation of new telecoms technology.

Vodafone measured up to a 10 decibel coverage range improvement in the uplink when also utilising the low band. That means that using the technique, customers would get a stronger signal even in areas where 5G coverage is limited.

Francisco Martin, head of Radio Product for Vodafone Group, said: “This test of pre-standard 5G uplink and downlink decoupling will help us to deploy the technology efficiently to support our customers as soon as we launch services.”

Yang Chaobin, president of Huawei 5G product line, said: “With the acceleration of the 3GPP 5G standard, the first phase of 3GPP Release 15 is expected to be completed by the end of this year, and it will support eMBB application that will bring significant improvement to user experience and even greater enhancement to capacity.

Huawei and Vodafone have successfully completed the verification of the uplink and downlink decoupling solution based on the end-to-end 5G network, including RAN, core network and terminals. Huawei will jointly work with industry partners and make 5G a global success.”

Vodafone expects to launch 5G services in 2020, in markets where it has appropriate spectrum, once the standard is agreed by 3GPP and compatible telecoms equipment and devices are available.

Comment on this article below or via Twitter: @IoTNow_OR @jcIoTnow

The post Vodafone and Huawei live trial extends range of pre-standard 5G in Milan appeared first on IoT Now – How to run an IoT enabled business.

Read more here:: www.m2mnow.biz/feed/