Month: October 2017

Enlarge / Using a network of ATMs and a hack of card management apps, cybercriminals made off with millions from E. European banks. (credit: Sean Gallagher)

Banks in several former Soviet states were hit with a wave of debit card fraud earlier this year that netted millions of dollars worth of cash. These bank heists relied on a combination of fraudulent bank accounts and hacking to turn nearly empty bank accounts into cash generating machines. In a report being released by TrustWave's SpiderLabs today, SpiderLabs researchers detailed the crime spree: hackers gained access to bank systems and manipulated the overdraft protection on accounts set up by proxies and then used automated teller machines in other countries to withdraw thousands of dollars via empty or nearly empty accounts.

While SpiderLabs' investigation accounted for about $40 million in fraudulent withdrawals, the report's authors noted, "when taking into account the undiscovered or uninvestigated attacks along with investigations undertaken by internal groups or third parties, we estimate losses to be in the hundreds of millions in USD." This criminal enterprise was a hybrid of traditional credit fraud and hacking. It relied on an army of individuals with fake identity documents, as these folks were paid to set up accounts at the targeted institutions with the lowest possible deposit. From there, individuals requested debit cards for the accounts, which were forwarded to co-conspirators in other countries throughout Europe and in Russia.

Meanwhile, a phishing campaign was used by the attackers to implant remote access malware on bank employees' computers. The attackers used these backdoors to gain broader access to the banks' networks, breaking into multiple systems at each bank. The attackers then targeted a third-party payment processing provider, using banks' virtual private network credentials with the processor to gain access to their network. This allowed attackers to drop multiple malicious software packages onto the processor's network. "Key amongst them was a legitimate monitoring tool installed on the processor’s Terminal Server," SpiderLabs investigators reported. "That allowed users to access the card management application via a browser."

Enlarge / Some classic O'Reilly titles. (OK, not really. But honestly these titles would teach some folks very valuable devops skills.) (credit: @ThePracticalDev)

Author and long-time friend of Ars Technica Rob Reid recently had the opportunity to interview legendary publisher Tim O'Reilly about O'Reilly's new future-focused nonfiction book. Given O'Reilly's importance and influence—and who hasn't consulted at least one of his company's animal-covered books to shed light on some difficult bit of tech?—we asked Rob to write us a summary of the interview that we could share with the Ars audience. The full interview is embedded in this piece.

It’s almost impossible to overstate the influence Tim O’Reilly has had on tech over his career’s long span. But I’ll try. First, he’s the preeminent publisher in a modern field that inhales books despite their ancient form as software developers, IT folks, and others constantly race to keep up with the languages and skillsets of their fields. He also launched the first commercial website long before Netscape or Yahoo even incorporated (prefiguring another huge trend: AOL bought that site, then immediately screwed it up).

Convinced the Web would be hot, his company convened the summit at which Marc Andreessen and Tim Berners Lee first met. He later hosted the conclave whereat "open source software" was quite literally named, and the open source movement’s precepts were enunciated. Though he didn’t coin the term, Tim (basically) named the Web 2.0 era, and also defined it with a wildly influential article and conference series. He later published the magazine which gave us both the word “maker” and the Maker Faire, and the magazine still sits at the heart of the maker movement.

The trailer makes it clear that Rey will be the central character of the upcoming movie, set to release December 15 with tickets widely available now. Rey's training by Luke Skywalker and maturation as a Jedi appear to be major themes.

For anyone entering the Star Wars universe for the first time with this latest trilogy (wait, why?), the new trailer hints at obvious parallels to The Empire Strikes Back. In Empire, Luke ignores Yoda's warnings that his training isn't complete and rushes off to save his friends, leading to his hand being chopped off by Darth Vader.