Tag Archives: Economics

Podcast: The IMF’s Bad Dream

(Not tech related, this, so please skip if the IMF and Indonesia don’t float your boat. The BBC World Service Business Daily version of my piece on the IMF’s role in the Asian financial crisis of 1997/8 .  (The Business Daily podcast is here.)  

Loose Wireless 110607

To listen to Business Daily on the radio, tune into BBC World Service at the following times, or click here.

Australasia: Mon-Fri 0141*, 0741

East Asia: Mon-Fri 0041, 1441 
South Asia: Tue-Fri 0141*, Mon-Fri 0741 
East Africa: Mon-Fri 1941 
West Africa: Mon-Fri 1541* 
Middle East: Mon-Fri 0141*, 1141* 
Europe: Mon-Fri 0741, 2132 
Americas: Tue-Fri 0141*, Mon-Fri 0741, 1041, 2132

Thanks to the BBC for allowing me to reproduce it as a podcast.

The Financial Crisis in Charts

Thought I’d offer a brief history of the financial crisis as seen through Google Insights, which measures the popularity of a search term over time.

image

Interest in the word subprime spiked a couple of times in 2007 (above) before we figured out it was all about toxic debts (below):

image

and credit crunches:

image

Then we realised suddenly we had to learn a bit more about Freddie Mac and Fannie Mae:

image

and even basic terms like liquidity:

image

Useful information. And it wasn’t just an economics lesson. We had to gen up on countries that we had recently given little attention to, like Iceland:

image

Although it’s worth keeping it all in perspective. Search for the word meltdown, a commonly used term to capture the excitement of the past few weeks, and you get this. Clearly rising interest, but that spoke in 2005? It’s linked to Ice Age: The Meltdown, which grossed $70 million at the box office in its debut week:

image

The Financial Crisis in Charts

Thought I’d offer a brief history of the financial crisis as seen through Google Insights, which measures the popularity of a search term over time.

image

Interest in the word subprime spiked a couple of times in 2007 (above) before we figured out it was all about toxic debts (below):

image

and credit crunches:

image

Then we realised suddenly we had to learn a bit more about Freddie Mac and Fannie Mae:

image

and even basic terms like liquidity:

image

Useful information. And it wasn’t just an economics lesson. We had to gen up on countries that we had recently given little attention to, like Iceland:

image

Although it’s worth keeping it all in perspective. Search for the word meltdown, a commonly used term to capture the excitement of the past few weeks, and you get this. Clearly rising interest, but that spike in 2005? It’s linked to Ice Age: The Meltdown, which grossed $70 million at the box office in its debut week:

image

Hollywood still trumps global financial disaster, I guess.

Helping the World, Ripple by Ripple

Ripple-logoGod, I love simple ideas. This is great one (tip of hat to Lifehack) because it’s already working. By doing your search through Melbourne-based ripple, and looking at an ad, you direct the cents your eyeballs earn to charity. A few hours after launch the difference is already being felt:

In our first 48 hours we received enough visitors to provide:

* 2 people with access to clean water and sanitation FOR LIFE! and;
* Seven years of education to 2 children in East Timor; and
* Maintain more than $334,800 in micro-finance loans for a day. That’s around 800 loans to allow people in the Phillipines and elsewhere to start their own business; and
* Set up 15 market gardens in Cambodia to provide nutritious food to a village

I’ve done a more extensive write-up at tenminut.es.

The Big Credit Card Theft

Trying to make sense of the massive theft of credit card numbers at CardSystems, ‘a leading provider of end-to-end payment processing solutions focused exclusively on meeting the needs of small to mid-sized merchants’, in which information on more than 40 million credit cards may have been stolen.

CardSystems itself has issued only a brief statement on its website (no permalink available) saying it had identified

a potential security incident on Sunday, May 22nd. On Monday, May 23rd, CardSystems contacted the Federal Bureau of Investigation. Subsequently, the VISA and MasterCard Card Associations were notified to alert them of a possible security incident. CardSystems immediately began a remediation process to ensure all systems were secure. Additionally, CardSystems immediately engaged an independent 3rd party to validate systems security.

Notice the careful language: It talks only of ensuring all ‘systems were secure’ — in the security industry this is like checking all the locks work while watching all the horses bolting off down the street. (And don’t the FBI work on Sundays? Why wait a day to let them know?)

Then there’s the question: Why wait almost a month to let us know? A separate story by AP quotes CardSystems as saying that

it was told by the FBI not to release any information to the public. The company says it’s surprised by MasterCard’s decision to go public.

Actually, not so, say the FBI: Another AP story quotes an FBI spokeswoman, Deb McCarley, as denying

that the agency told CardSystems not to disclose the existence of the intrusion. McCarley says the FBI told CardSystems to follow its corporate policies without disclosing details that might compromise the ongoing investigation.

In fact, a MasterCard statement suggests that it was they, not CardSystems, who first identified the breach:

MasterCard International’s team of security experts identified that the breach occurred at Tuscon-based CardSystems Solutions, Inc., a third-party processor of payment card data. Third party processors process transactions on behalf of financial institutions and merchants.

Through the use of MasterCard fraud-fighting tools that proactively monitor for fraud, MasterCard was able to identify the processor that was breached. Working with all parties, including issuing banks, acquiring banks, the processor and law enforcement, MasterCard immediately launched an investigation into the breach, and worked with CardSystems to remediate the security vulnerabilities in the processor’s systems.

In the meantime CardSystems was pretending it was business as usual, including an announcement on June 14 of a move into check processing, and posting job-ads for a ‘Software Quality Assurance Analyst’ to cover, among other things, ‘troubleshooting from operations, production, and outside vendors’ who can work ‘in a very fast-paced, high-visibility organization where priorities often change’. Indeed.

Anyway, the scale of the thing is pretty awesome: Softpedia quotes experts as saying

that this is the worst case of data theft in IT history. “In sheer numbers, this is probably one of the largest data security breaches,” said James Van Dyke, principal analyst at Javelin Strategy & Research in Pleasanton, Calif.

And just how did the theft happen? Details are sketchy, probably because no one yet knows (the MasterCard software which identified the fraud did so by monitoring transactions, not the actual breach. In other words, they observed the stolen goods being peddled, not the actual break-in). According to another AP story, MasterCard has identified CardSystems as being ‘hit  by a viruslike computer script that captured customer data for the purpose of fraud’, but hasn’t given any more details. CardSystems itself is not talking:

CardSystems’ chief financial officer, Michael A. Brady, refused to answer questions and referred calls to the company’s chief executive, John M. Perry, and its senior vice president of marketing, Bill N. Reeves. A message left for Perry and Reeves at the company’s Atlanta offices was not returned.

Both Perry and Brady have been with CardSystems a little over a year.

Closing The Door After The Phish Has Bolted

MasterCard, one of several banks discovered to have flaws on their websites that would have allowed a phisher to capture passwords, says it has fixed the problem.

American Banker Online reported (subscription required) last week that MasterCard International “has confirmed finding and fixing a flaw on its web site’s ‘Find A Card’ tool that could have facilitated a phishing scam”. The flaw had been discovered by British programmer Sam Greenhalgh and published on his web site on June 28. Greenhalgh lists in a sidebar those web sites that have been fixed or the flawed code removed. It’s not yet over: He says that PayPal and several sub-domains of Microsoft.com “remain susceptible”.

Besides the failure of some web sites to tackle the problem, a few other things worry me. 

  • Why did it take MasterCard three weeks to remove the flawed code? American Banker reports that the tool was removed on July 20. As Greenhalgh writes it’s probably a case of closing the door after the horse has bolted. (American Banker quotes MasterCard as saying that “It does not believe that any scams were attempted”.)
  • Why is no mention made of the flaw or the fix in MasterCard’s own ‘newsroom’? There are two releases trumpeting MasterCard’s own ‘fight on phishers’ but nothing of its own vulnerabilities.
  • How many more vulnerabilities are out there? Did Greenhalgh’s discovery trigger a serious audit of all code on such websites, or did they just plug the holes he had found?

Anyway, plaudits should be offered to Greenhalgh (so far I’ve not seen any from the banking fraternity, but I could be wrong) for his work and others encouraged to hunt for more leaks. Such folk are not troublemakers looking for nits to pick. They perform a very useful service. Phishing has shown that all this is no longer just theory, if it ever was. Every one of these vulnerabilities will be found and exploited if the good guys don’t get there first.

News: When An ATM Isn’t An ATM

 From the These Thieves Are So Smart, Why Can’t They Get A Real Job Dept comes a story about ATMs. The Canadian Press reports of a scam in Ontario where the bad guys have rigged a number of existing bank machines allowing them to make working copies of customers’ debit cards by putting on a mask.
 
 
The thieves install a false front on an ATM machine for a few hours, painted identically to the actual front of the real machine.When a customer slides a debit card into the card slot on the false front, a small electronic device attached to the front reads all the information contained on the card. A tiny camera installed just above the machine’s number pad videotapes customers as they type in their personal identification numbers. The thieves then produce their own magnetic cards containing identical information to customers’ cards.