The Bangladesh Bank Hack, Part XIV

By | June 4, 2016
0 Comment

Lots of attention at the moment on the implications of the Bangladesh Bank hack, now four months old. This is a piece I contributed last week. Quite a bit of water has gone under the bridge since then. We not only don’t know who was behind the hack – North Koreans have been put somewhere in the frame, but that’s by no means a certainty – but we still don’t really understand how all the pieces fit together. Meanwhile, the blame game continues.

Cyber firms say Bangladesh hackers have attacked other Asian banks

WASHINGTON/SINGAPORE | BY DUSTIN VOLZ AND JEREMY WAGSTAFF

Hackers who stole $81 million from Bangladesh’s central bank have been linked to an attack on a bank in the Philippines, in addition to the 2014 hack on Sony Pictures, cybersecurity company Symantec Corp (SYMC.O) said in a blog post.

The U.S. Federal Bureau of Investigation has blamed North Korea for the attack on Sony’s Hollywood studio.

A senior executive at Mandiant, the cybersecurity company investigating the Bank Bangladesh heist, also told Reuters the hackers had recently penetrated banks in Southeast Asia.

In the blog post published on Thursday, Symantec did not name the Philippines bank or say whether any money was stolen, but said the attacks could be traced back to October last year. It did not identify the hackers.

The Philippines central bank’s deputy governor, Nestor Espenilla, told Reuters that no bank in the country had lost money to hackers, although he did not rule out the possibility of cyber attacks.

“We are checking if there are similar attacks on Philippine banks,” Espenilla said. “However, no reported losses so far.”

He added: “It is one thing to be attacked. It is another to lose money.”

Marshall Heilman, vice president for Mandiant, a part of U.S.-based FireEye (FEYE.O), said it was not known whether any money was lost in the other attacks he described or whether the hackers had been successfully blocked.

“There is a group operating in Southeast Asia that definitely understands the bank industry and is at more than one location,” he said.

Heilman declined to identify the country or countries, or the institutions attacked. He said it was the same group as the one involved in the Bank Bangladesh theft and that the attacks were recent, but declined to be more specific.

Central banks elsewhere in Southeast Asia – Singapore, Indonesia, Brunei, Myanmar, Laos, Cambodia, Vietnam, Thailand and East Timor – have declined comment or denied knowledge of any other breaches.

There have been at least four known cyber attacks against a bank involving fraudulent messages on the SWIFT payments network, one dating back to 2013. SWIFT, the Society for Worldwide Interbank Financial Telecommunication, urged banks this week to bolster their security, saying it was aware of multiple attacks.

Banks around the world use secure SWIFT messages for issuing payment instructions to each other.

“HARD CONNECTION”

SWIFT said earlier this week that February’s Bangladesh Bank hack was a “watershed event for the banking industry” and that it was “not an isolated incident.”

Spokeswoman Natasha de Teran said on Thursday that SWIFT was “actively looking into other possible instances of such fraud,” but would not comment on individual entities.

Symantec said it had identified three pieces of malware that were used in limited targeted attacks against financial institutions in Southeast Asia. (symc.ly/1sRNHc7)

One of the malicious programs has been previously associated with a hacking group known as Lazarus, which has been linked to the devastating attack on Sony’s Hollywood studio in 2014.

“There is a pretty hard connection now to the Sony attacks and the actor behind them” and the Bangladesh heist, Eric Chien, technical director at Symantec, said in an interview.

Another cybersecurity firm, BAE Systems, said this month that the distinctive computer code used to erase the tracks of hackers in the Bangladesh Bank heist was similar to code used to attack Sony.

Chien said that if North Korea was responsible for the hacks on banks via the SWIFT messaging network it would represent the first known episode of a nation-state stealing money in a cyber attack.

Policymakers, regulators and financial institutions around the world are stepping up scrutiny of the cyber security of the SWIFT payments system after hackers used it to make fraudulent transfers totaling $81 million out of Bank Bangladesh’s account at the Federal Reserve Bank of New York.

Symantec and other researchers have also linked the hack to a failed attempt to use fraudulent SWIFT messages to steal from a commercial bank in Vietnam.

In addition, Reuters reported last week that Ecuador’s Banco del Austro had more than $12 million stolen from a Wells Fargo account due to fraudulent transfers over the SWIFT network.

Bangladesh police are also reviewing a nearly-forgotten 2013 cyber heist at the nation’s largest commercial bank, Sonali Bank, for connections to the central bank heist, a senior law enforcement official told Reuters. The unsolved theft of $250,000 at Sonali Bank also involved fraudulent transfer requests sent over the SWIFT network.

(Additional reporting by Narottam Medhora in Bengaluru and Karen Lema in Manila; Editing by Siddharth Cavale, Leslie Adler and Raju Gopalakrishnan)

Apple Takes on Evernote?

By | March 31, 2016
0 Comment

Apple’s update to OSX allows users to import Evernote notes into Notes (if you see what I mean) painlessly and effectively: Import your notes and files to the Notes app.

As far as I know, this is the first time an app with some heft has included this capability — there are third party tools for OneNote, but no native functions. 

To me, this is the first serious challenge to Evernote, since why would you bother with Evernote if you’re an iOS and OSX user? 

There are limitations, I suspect. I can’t find any way to add tags and it seems the tags preserved in an enex/xml file are lost on import. That’s a showstopper for me. And of course some of the deeper features of Evernote aren’t there — saved searches and what have you. And if you use Android and/or Windows this is not going to help you.

But I suspect the bigger thing for most heavy users will be a sigh of relief that a player like Apple sees it worthwhile to add this feature. For many users there’s been growing disquiet as to just how  long ‘Ever’ means for the company, and the ramifications for their vast Evernote collections. 

Tweetwars: the social challenge in Twitter ‘capital’, Indonesia

By | February 12, 2016
0 Comment

My effort to take a closer look at Twitter’s capital. 

Tweetwars: the social challenge in Twitter ‘capital’, Indonesia | Reuters:

BY JEREMY WAGSTAFF

TWITTER INDONESIA 1

Indonesia has long been the Twitter capital of the world, but rival apps and rancorous political debate are driving users away, illustrating the challenges the microblogging service faces even in markets once considered strongholds.

While Twitter doesn’t break down country figures, Global Web Index data shows Indonesia remains joint first with Mexico in active users among the 34 countries the UK-based metrics company monitors – and significantly ahead in terms of penetration, at 74 percent of all Internet users.

But that masks a deeper shift, analysts and users say, as changing tastes, culture and politics push Indonesians to rival services. The proportion of active Twitter users in Indonesia has dipped 10 percentage points in the past two years, to about one third of Internet users, the Global Web Index data show.

‘Unless Twitter makes changes or there’s some new exciting things on Twitter that can’t be found on other platforms then I don’t think people are coming back to Twitter,’ said Enda Nasution, a blogger and entrepreneur who has nearly 200,000 followers on his Twitter account.

A Twitter spokesman declined to comment on the data, saying he had not seen it, but said younger people in major markets like Indonesia and India were eager users. He said the company was expanding in Indonesia and working with airlines, banks and celebrities to add services and content.

He noted Indonesia was one of the top markets for Twitter’s recent acquisition Periscope, which allows users to stream live video.

Twitter on Wednesday reported its first quarter since going public with no growth in users, and announced changes to its global service.

Among younger users – active Twitter users in the 16-24 year age range – Indonesia lags Spain, Mexico and the UK. JakPat, an Indonesian survey company, found last month that teenagers were less likely to use Twitter regularly than those aged 26 and above, and were switching to other apps such as Facebook and its photosharing sibling Instagram.

But there’s also a push factor: Indonesians are leery of Twitter’s core appeal; its default public feed, where everything a user posts is visible to everyone on the network. What was once an attraction in Indonesia’s sociable culture became a liability in 2014’s fractious presidential election.

FISTICUFFS

As politicians saw the power of Twitter to mobilize support, the network was flooded by digital armies of volunteers and automated accounts, or bots, spawning what Shafiq Pontoh, chief strategic officer at Jakarta-based social media consultancy Provetic, described as a ‘tsunami’ of ‘black campaigns, hoaxes, prejudice, racism, spam, harassment, anonymous accounts and political action to frame topics, issues (and) spin doctoring.’

‘Twitter,’ he said, ‘became an uncomfortable place to be.’

This antagonism hit rock bottom when two Twitter users took a dispute over government car-making policies offline and slugged it out near a sports stadium. Cellphone footage of their fist-fight was broadcast on TV.

‘After that it felt like that if you don’t want to get into trouble, people would retreat and find a more comfortable space online,’ said Nasution, the entrepreneur.

Those online spaces include Facebook’s WhatsApp and Messenger apps, South Korean Kakao’s Path, Japan’s Naver Corp’s LINE and BlackBerry’s Messenger.

Nasution said students he has spoken to use WhatsApp to communicate with their lecturer, and LINE to chat with each other. Or Facebook and Path, says student Jeremiah Mandey, who joined Twitter in 2010. ‘I used Twitter to interact with friends, but now I use it to get news,’ he said.

MISSING A CULTURAL BEAT

Government departments, companies and even President Joko Widodo have embraced Twitter as a public announcement service. The Jakarta police traffic feed, alerting commuters to jams, accidents, potholes and protests, has over 5 million followers.

This provides a service, but is too passive for younger people, says Aulia Masna, an editor. ‘People are on social media to have fun and be entertained,’ he says. ‘Twitter in Indonesia is better known as the place for news, debate and politics. So it attracts the more serious, older crowd.’

The company spokesman said Twitter opened a Jakarta office last year and added staff, in part to expand its user base beyond the capital. The recruits included a government relations expert. It was also working with local bank BNI to allow customers to transact via Twitter.

‘We see great potential in Indonesia, it’s one of the top markets,’ he said, adding Widodo was due to visit Twitter’s headquarters in San Francisco next week.

Simon Kemp, regional managing partner of social media marketing agency We Are Social, said Twitter should focus more on understanding how people in places like Indonesia use their service before tweaking things.

‘People are still looking at these things as a technology base,’ he said, ‘while it’s the cultural driver that determines what you use and when you use it.’

(Reporting by Jeremy Wagstaff, with additional reporting by Cindy Silviana and Yuddy Cahya in Jakarta; Editing by Ian Geoghegan)”

LinkedIn’s Blinkers

By | February 10, 2016
0 Comment

Screenshot 2016 02 10 10 41 24

LinkedIn comes across as quite tone deaf when it comes to their UX, makes me wonder if anyone there eats their own dogfood. This annoying popup every time you try to download a deck from SlideShare drives me nuts.

How can it not figure out that no, you don’t want to clip it and remember that?

Uber, $70 bln company, doesn’t seem to test some of its code

By | December 21, 2015
0 Comment

Screenshot 2015 12 21 07 40 15

Growing pains, I guess, but this should not be what big disruptive companies look like. I noticed that Uber’s web app offers filters to create lists of historical data — your rides — via criteria like which credit card you used, the city you took the ride in, the month etc. Great for expenses. Except it doesn’t work. The filters simply don’t work.

Uber have confirmed it and said they’re working on it. (It’s still not working.) But for a feature like this, wouldn’t you have done even basic testing, like, well, to see that it worked?