John Ward April 4, 2011 Uncategorized

LATEST US DATA BREACH IS ONLY THE TIP OF THE ICEBERG

The new Epsilon breach of customer details may be the biggest in retail history, but the problem of crooks blagging our computers is much bigger

Bent financial gains are occurring daily – and the police are out of their depth

News broke in the US last night EST of what may turn out to be the biggest ‘exposure’ of consumer personal details in retail history. A broad spectrum of companies doing business with Epsilon warned customers over the weekend that some of their electronic information could have been exposed. These included pharmacy chain Walgreen, Video recorder TiVo Inc, credit card lender Capital One Financial Corp, and teleshopping company HSN Inc. Other targets are also thought to include some of the nation’s largest banks, while some 5,900 college databanks were also compromised.

Aside from the crucial libertarian considerations, over here in the UK too this sort of thing is expensive. The average cost incurred by a data breach rose by 13% compared with 2009 to £1.9 million, with the highest loss incurred by a UK company being £6.2 million, a rise of £2.3 million from the previous year. But the biggest culprit (ie, victim) of data breaches is the NHS – an area of life where, even today, most people truly do not want anyone knowing about their problems – either through embarassment, or insurance/employer considerations. The NHS reported 305 breaches between 2007 and 2010, according to the Information Commissioner’s Office’s (ICO) figures. Of those, 116 were due to stolen data or hardware, 87 were due to lost data or hardware….but only 43 cases were disclosures due to error.

That’s a key figure that other commentators have missed. It shows pretty clearly that over 80% of data breaches are no accident: somebody, somewhere wants to know stuff about people like you. And there are plenty of petty criminals (even in the pc retail trade) more than happy to lift stuff off your hard-drive while undertaking ‘maintenance’.

We tend to think of hacking and blagging in terms of tabloid journalism, but it’s becoming clear that the spread of this cancer goes well beyond the press organs. Cloning IDs is big business now around the world, but here too – while this activity has become something of a media obsession – it shrinks in comparison to the use of hacking and blagging in the financial sector.

For the last two months The Slog has been digging into a case (by no means isolated) of three very prominent Russian business people based in the UK. The insider descriptions given to me about the equipment they have, the security at their offices – and the overheard conversations after too much vodka – leave me in no doubt that this trio is making fortunes by blagging into everything from liquidity pools to senior boardroom minutes and fund management mobile phones. In many cases, the victims know what’s happened – but are themselves operating outside the law, and thus daren’t bring in the police.

For legal (and health) reasons, I can’t name the thankful threesome. But I can tell you that the ringleader is very well known in international business and sporting circles. However, whether or not their victims call in the Met, in 99% of cases the boys in blue would need a year’s seminar crash-course simply to understand what has gone on, and how the blaggers stand to gain.

Only last November, the FT reported a Commons Treasury Committee MP telling them that the Met’s approach to City crime “is like PC Plod trying to catch Moriarty.” Last year in total, The City of London’s fraud team conceded that the force recovered only £168m from a suspected £3.7bn proceeds of fraud cases. A now retired senior CID officer told The Slog, “The police have barely scratched the surface of it, and the understanding of what’s going on is childlike. Around London there are hundreds of serious villains in suits making mind-boggling sums at this game. Their chances of being caught are near to zero”.

Efforts have been made at many levels in and outside government to alert people to the danger. But the public response on the whole is one of apathy. There may be underlying cultural reasons for this – we seem to be a society where privacy is the last thing people care about – but some opinion leaders think only a major whistle-blower and/or high-profile capture of villains at it will make people think harder about the problem.

A former senior City trader came close to unloading some juicy details to me late last year, but then scuttled off – allegedly – to write a book about it. Let’s hope it appears soon.

10Comments

Add yours

1

John Ward – Crime-Figure Fiddling: Did Johnson Put Pressure On The MET? And What Does He Know About Russian Cyber Gangs? – 10 January 2014 | Lucas 2012 Infos on January 10, 2014 at 12:41 pm

[…] isn’t a new subject for The Slog. In April 2011, I posted about a Russian gang operating from a large House in Chelsea with equipment designed to covertly […]

LikeLike
2

CRIME-FIGURE FIDDLING: DID JOHNSON PUT PRESSURE ON THE MET? AND WHAT DOES HE KNOW ABOUT RUSSIAN CYBER GANGS? | The Slog. on January 10, 2014 at 11:13 am

[…] isn’t a new subject for The Slog. In April 2011, I posted about a Russian gang operating from a large House in Chelsea with equipment designed to covertly […]

LikeLike
3

John Ward – Security Special : Slog’s 2012 Russian Crime / UK Cop Revelations Vindicated – 8 April 2012 | Lucas 2012 Infos on April 8, 2012 at 11:14 am

[…] exactly a year ago, The Slog revealed – I think for the first time in a UK blog, although I can’t be certain – the existence of […]

LikeLike
4

SECURITY SPECIAL: SLOG’s 2011 RUSSIAN CRIME/ UK COP REVELATIONS VINDICATED | The Slog on April 8, 2012 at 8:35 am

[…] exactly a year ago, The Slog revealed – I think for the first time in a UK blog, although I can’t be certain – the […]

LikeLike
5

SECURITY SPECIAL: SLOG’s 2011 RUSSIAN CRIME/ UK COP REVELATIONS VINDICATED | The Slog on April 8, 2012 at 8:35 am

[…] exactly a year ago, The Slog revealed – I think for the first time in a UK blog, although I can’t be certain – the […]

LikeLike
6

HACKGATE DAY 81: MURDOCH RETREATS BEHIND ANOTHER LINE. | The Slog on April 5, 2011 at 9:41 pm

[…] the Met needs to get real on just how far behind it is on hacking and blagging technology. In yesterday’s Slog piece on this, I hinted at the degree to which the means to knowing what you shouldn’t know are now […]

LikeLike
7

True_Belle on April 4, 2011 at 2:20 pm

Data breaches?
An American company is handling the census-
Serco, an American company is involved with the NHS and the Prison service etc, don’t have too many details, but stuff is handled by them so one hears.
French companies own our utilities, so they will know more about customers.

So no wonder the big media organisations want info for gain and shame.
‘Tis a big goldfish bowl we live in sadly.

Noth

LikeLike
8

Maria dos Santos on April 4, 2011 at 11:56 am

The data breaches within the NHS have to be dramatically under reported.One of my sons during a summer holiday job was involved in breaking up photocopiers.Each of the photocopiers hard a hard drive,each time a copy of information was made it was also copied to the hard drive.Many of the hard drives were copied to laptops by his boss?Just how many copiers from the NHS have their hard drives destroyed before recycling,never mind cleared?
In my work,I come across many security teams,particularly those around the Rusian/Chinese oligarchs.Most security teams are comprised of the big lug type,who clear peasants like me out of the way of the “great man”,rather like the Met around royalty.The inner level are the “surveillance”type.The older people,usually 30+,I know don’t laugh,are very tech savvy and treat their staff badly.Below this level are the “surveyors”,incredibly young,fit and seemingly well paid.Funny enough none of this whole group are of British back ground.However,this younger group,although vulnerable,all are very focused in obtaining Western qualifications at the OU and the Swedish equivalent.Normally this group has one or two courses at these institutions on the go at the same time-seemigly it fills the boring hours.
I first,was on the receiving end of this group,when we tendered for work with the “great oligarchs”.They were able to investigate how badly I did at school and laugh like drays at my poor educational attainment,believe you me this was ancient history.What shocked and surprised me was the ease of entry of these characters into supposedly secure networks and this was more than ten years agao.
Today,their equivalent wander the streets of London,on their days off,looking for open systems,which are noted on mobile phones and down loaded to their array of small laptops at home.Over the years these young men have amassed considerable wealth,even “paying”taxes locally.They love Grosvenor Square,theCity and many other locales that involve networks.As of yet no network seems to stop these men and if it does they establish a forum to crack it.The forum is rarely in English,normally Russian/Chinese.Perhaps I am being mislead by these young men,but their speed of wealth accumulation is definitely not down to the largesse of the wonderful oligarchs we all work for.
As an aside some of the stuff they jokingly show me about our elite here and abroad has been shocking.
If they in their initial poverty have access to information like this ,what can a determined media empire do?

LikeLike
9

Caratacus on April 4, 2011 at 9:52 am

At the risk of sounding like a bit of a ninny, and whilst we are all very grateful for the information you seem to be able to conjure out of the woodwork, I trust that you are ‘watching your back’ John. Some of the buggers who are revealed as you turn over the various stones are capable of all sorts of nastiness…

I know, I know – pierce both ends and blow, right?

LikeLike
10

Bankrupt Taxpayer on April 4, 2011 at 9:26 am

There are plenty of socialists who support the view “if you’ve nothing to hide, you’ve nothing to fear”, implying that only shady people wish to conceal their privacy. They go even further by spraying their private information all over social websites.
This short news video clip shows how people are being caught out by GPS-activated cellphones/digital cameras which add the GeoTag to the EXIF data stored in every digital image:
http://abclocal.go.com/wabc/video?id=7621105
Many people don’t even know what EXIF data is!

When data breaches occurred under the last Labour Govt, I never felt that they cared a rat’s ass about it and their public apologies were just palliative to calm the masses. If they really cared, it would have caused them to draw a halt to their programme of creating national databases for everything which would be a blagger’s dream.

LikeLike