Despite the rapid growth of solution providers offering the latest technology to stay one step ahead of the hackers stealing personal and corporate information, network and data security continue to rank among the top concerns for midmarket CIOs.
National news headlines now include, with disturbing frequency, stories of high profile retail hacks at companies like Target, Home Depot, Dairy Queen and host of others.
Computer Forensic Services CTO Mark Lanterman pointed out that even for global vendors like Oracle, there’s no business or even technology provider safe from attacks. This week’s report of the FBI investigating alleged cyber attacks at the New York Times and other US news agencies point to cyber crime circles in Russia, where hackers are provided a thick layer of protection from US law enforcement agencies.
The former US Secret Service Electronic Crimes Task Force investigator took several midmarket IT executives on a live tour last week of the Russian marketplace, or “carding store” responsible for every single high profile, retail breach that’s occurred over the past 3 years – Rescator. Like farmers plant crops that grow to be sold to consumers in grocery stores, hackers plant malware to harvest stolen information that’s taken to the marketplace to sell.
“The Department of Justice estimates that the Dark Web is responsible for 85 percent of stolen credit card numbers,” Lanterman said. “They have literally created the Amazon.com for stolen credit card numbers.”
He discussed another recent case involvoing a Minnesota-based non-profit in which its Romanian bookkeeper was under investigation for embezzlement of $1 million. When he received the computer, Lanterman was shocked to uncover Zeus – the same Trojan horse malware famous for infiltrating the White House.
Zeus is like a hacker’s Swiss Army knife, acting as a key logger and capturing screen shots of secure information. Between checking bank balances and looking at wedding dresses, the bookkeeper opened a fraud alert email that appeared to have been sent by the FDIC. When Lanterman examined the original email, spelling errors and a suspicious link were clues that led federal authorities to contact Romanian law enforcement agencies. The criminal mastermind behind this international attack wasn’t a basement-dwelling teenager donning a dark hoodie and swilling soda, but rather a General in the Ukranian army.
“That Romanian bookkeeper under federal investigation could have been you,” he warned.
Mark Lanterman will offer his full exploration of high profile security breaches as well as actionable advice for technology executives during the Midmarket CIO Forum October 23-25 in San Antonio at the La Cantera Resort and Spa.