United Kingdom

Call Center Operator and His Cousin Steal $645,000 From UK Water Supplier (bleepingcomputer.com) 97

Posted by BeauHD from the partner-in-crime dept.
An anonymous reader writes: "An unnamed UK-based regional water supply company lost over $645,000 in a sophisticated scam that involved social engineering, an inside man, and international bank transfers," reports BleepingComputer. According to a recently disclosed report, one of the water supplier's call center operators was taking screenshots of customer details and sending this data to his cousin in the UK. This person would trick other call center operators to reset the passwords for those accounts, add his bank account info to the account, and request a refund for previous transactions. Their operation was discovered after customers, usually small-to-medium businesses, discovered they couldn't access their accounts anymore, and also reported new bank account details. A search of the CRM logs revealed that only one call center operator had accessed those profiles, albeit he never initiated or approved refunds. When questioned, the arrogant employee signed an affidavit allowing investigators to search his home PC, thinking they would never discover anything, since he already wiped his hard drive. They did because he forgot to delete his shadow volume copies, where investigators discovered copies of emails sent to his cousin in the UK. These emails contained the screenshots of his work PC with SMB client data. In the end, the call center employee ended up helping authorities secure a conviction for his cousin.
Security

Hackers Came, But the French Were Prepared (nytimes.com) 286

Posted by msmash from the nope,-not-today dept.
Adam Nossiter, David E. Sanger, and Nicole Perlroth, reporting for the New York Times: Everyone saw the hackers coming. The National Security Agency in Washington picked up the signs. So did Emmanuel Macron's bare-bones technology team. And mindful of what happened in the American presidential campaign, the team created dozens of false email accounts, complete with phony documents, to confuse the attackers (Editor's note: the link could be paywalled; alternative source). The Russians, for their part, were rushed and a bit sloppy, leaving a trail of evidence that was not enough to prove for certain they were working for the government of President Vladimir V. Putin but which strongly suggested they were part of his broader "information warfare" campaign. The story told by American officials, cyberexperts and Mr. Macron's own campaign aides of how a hacking attack intended to disrupt the most consequential election in France in decades ended up a dud was a useful reminder that as effective as cyberattacks can be in disabling Iranian nuclear plants, or Ukrainian power grids, they are no silver bullet. The kind of information warfare favored by Russia can be defeated by early warning and rapid exposure.
AI

Police To Test App That Assesses Suspects (bbc.com) 92

Posted by msmash from the there's-an-app-for-that dept.
An anonymous reader writes: Police in Durham are preparing to go live with an artificial intelligence (AI) system designed to help officers decide whether or not a suspect should be kept in custody, BBC is reporting. The system classifies suspects at a low, medium or high risk of offending and has been tested by the force. It has been trained on five years' of offending histories data. One expert said the tool could be useful, but the risk that it could skew decisions should be carefully assessed. Data for the Harm Assessment Risk Tool (Hart) was taken from Durham police records between 2008 and 2012. The system was then tested during 2013, and the results -- showing whether suspects did in fact offend or not -- were monitored over the following two years. Forecasts that a suspect was low risk turned out to be accurate 98% of the time, while forecasts that they were high risk were accurate 88% of the time.
Government

FCC Should Prove DDoS Attacks Stopped Net Neutrality Comments (networkworld.com) 104

Posted by BeauHD from the proof-is-in-the-pudding dept.
New submitter Michelle Davidson writes: After John Oliver urged viewers of HBO's Last Week Tonight to fight again for net neutrality and post comments in support of it, people hit a wall — the FCC's site essentially crashed. Originally, it was believed that the number of people trying to access the site caused the problem, but then the FCC released a statement saying "multiple" DDoS attacks -- occurring at the same time Oliver sent viewers to the site -- caused the site to crash: "These were deliberate attempts by external actors to bombard the FCC's comment system with a high amount of traffic to our commercial cloud host. These actors were not attempting to file comments themselves; rather they made it difficult for legitimate commenters to access and file with the FCC." The group Fight for the Future doesn't buy it, though, and wants proof. It says the FCC should release the logs: "The FCC should immediately release its logs to an independent security analyst or major news outlet to verify exactly what happened last night. The public deserves to know, and the FCC has a responsibility to maintain a functioning website and ensure that every member of the public who wants to submit a comment about net neutrality has the ability to do so. Anything less is a subversion of our democracy." No word yet from the FCC on whether it will release its logs, leading the interwebs to speculate about whether it was actually an attack to prevent commenting or if the FCC is ill-prepared to handle large amounts of traffic and blamed DDoS attacks to cover their inabilities. People are even questioning whether the FCC's tech team knows what a DDoS attack is.

Slashdot Top Deals