Ethical Relativism- Sky News Morphs into Anonymous? April 5, 2012
Posted by Chris Mark in Industry News, InfoSec & Privacy, Laws and Leglslation.Tags: Chris Mark, cybersecurity, data breach, emall hacking, mark consulting group, Murdoch, NewsCorp, privacy
2 comments
By now most are probably aware of the email hacking scandal that severely damaged Rupert Murdoch’s NewsCorp empire. NewsCorp reporters were caught illegally accessing phone calls of the UK Royal family and hacking into email accounts of individuals. Murdochs’ son had to resign from his position as Chairman of BSkyB which own UK’s Sky News.
According to a report on CNN this morning UK news channel Sky News said Thursday it had authorized its journalists to hack into the e-mail of individual members of the public on two occasions. The very same people (journalists) that will scream for “freedom of speech” and “freedom of the press” and claim journalistic integrity are now violating the public’s privacy in a scramble to maintain market share and increase revenue? (more…)
“Blaming the Victim and the PCI DSS is…Passe”- PCI DSS; GlobalPayments & Data Theft April 1, 2012
Posted by Chris Mark in Data Breach, Industry News, InfoSec & Privacy, PCI DSS, Risk & Risk Management.Tags: Chris Mark, cybersecurity, data breach, Global Payments, InfoSec, mastercard, PCI, PCI DSS, visa
add a comment
In an effort beat the “PCI Evangelists”; “wagon jumpers”, “naysayers”, and “PCI Haters” to the punch, I am publishing my post on a Sunday evening. By tomorrow morning the speculation on how the GlobalPayments compromise occurred will be in full swing and no doubt, many will have already condemned the company for “PCI DSS non compliance” or being “sick, lame, or lazy” when it comes to their PCI DSS compliance or information security. Others will have published articles condemning the PCI DSS as ‘ineffective’, ‘irrelevant’, or simply ‘stupid’.
Before they are condemned I want to go on record and say it NOT a PCI DSS compliance issue that caused the compromise. Like Heartland Payment Systems, Royal Bank of Scotland Worldpay and many more before them, GlobalPayments has been held out as the paragon of PCI DSS compliance for years. Now that they have been breached they will be expected to wear a scarlet letter for the foreseeable future. I have no doubt that by the end of next week their status as a “Level 1 PCI DSS Compliant Service Provider” will have either been revoked by the card brands or be under “review”.In the same vein, there will be many who shout from the rooftops that the PCI DSS is “irrelevant”, “outdated” and so on. Neither of these positions are accurate.
Here it goes…(drum roll please)…
The PCI DSS is a solid set of information security controls and represents minimum necessary controls to minimize the likelihood of data compromise through common, identified vulnerabilities. (more…)
Richard A. Clarke: Every Major US Company has been Hacked by China March 31, 2012
Posted by Chris Mark in Industry News, InfoSec & Privacy, Risk & Risk Management, terrorism.Tags: china, cyber espionage, cyber war, cybersecurity, information security, PCI DSS, richard a clarke, Stuxnet
add a comment
According to an article and interview on FastCompany, Counter terrorism expert, and best selling author, Richard Clarke has gone on the record claiming that “…every major company in the United States has already been penetrated by China.” Mr. Clarke served under three presidents and currently runs a cybersecurity organization called Good Harbor. He is the author of CyberWarfare and several other books. You can read his interview in Smithsonianmag.com. One of his more compelling statements is:
“My greatest fear is that, rather than having a cyber-Pearl Harbor event, we will instead have this death of a thousand cuts. Where we lose our competitiveness by having all of our research and development stolen by the Chinese. And we never really see the single event that makes us do something about it. That it’s always just below our pain threshold. That company after company in the United States spends millions, hundreds of millions, in some cases billions of dollars on R&D and that information goes free to China….After a while you can’t compete.”
Global Issues Press Release Confirming Breach March 30, 2012
Posted by Chris Mark in InfoSec & Privacy, Laws and Leglslation.Tags: Chris Mark, credit card, cybercrime, cybersecurity, data breach, data security, Global Payments, mastercard, PCI DSS, visa
add a comment
Thank you to a person for pointing this out to me via LinkedIn. GlobalPayments, Inc. has issued a press release confirming it was their system that was compromised. You can read it here. They have disabled cutting and copying so here is a screenshot.
Chinese MalWare Attacks Tracked to Individual March 30, 2012
Posted by Chris Mark in Industry News, InfoSec & Privacy.Tags: Chris Mark, cybercrime, cyberespionage, cybersecurity, LuckyCat, mark consulting group, PCI DSS, security
add a comment
According to a report on Foxnews today, TrendMicro has traced a MalWare attack aimed at Tibetan activists in Japan and India to a Chinese graduate of Sichuan University. The LuckyCat campaign has been active for about a year and compromised over 230 computers in 90 separate attacks. You can read the TrendMicro report here. According to TrendMicro: “The Luckycat campaigns targets include the aerospace, military, energy, shipping and engineering industries, as well as Tibetan activists and organizations. Given its technical similarities, Luckycat is believe to be a continuation of ShadowNet, also known as GhostNet, a Chinese cybercrime campaign that has been targeting Tibetan activists as well as the Indian government since 2009, Trend Micro said.”
Global Security, Privacy, & Risk Management 