Posts

The Suspected Assasination of Gareth Williams and Shadow Brokers’ Focus on SWIFT

If you haven’t seen it, BuzzFeed has been doing a superb series on the UK deaths that US spooks included in a secret report on suspected Russian assassinations. Yesterday they published the story I knew had to be coming, confirming that GCHQ spy Gareth Williams is among those deaths suspected to be Russian assassinations.

Police declared the death of Gareth Williams “probably an accident” – but British intelligence agencies have been secretly communicating with their American counterparts about suspicions that the spy was executed by Russian assassins, four US intelligence officials told BuzzFeed News.

An ongoing BuzzFeed News investigation has revealed that British and American spy agencies have intelligence connecting a string of suspected assassinations in the UK to Russian state agents or organised criminals – who sometimes cooperate. One high-ranking US intelligence source said: “The Kremlin has aggressively stepped up its efforts to eliminate and silence its enemies abroad over the past couple of years – particularly in Britain.” A second serving official said the circumstances of Williams’ death and 13 others “suggest Russian involvement” and demand “more investigation from the UK”. In all 14 cases, police ruled out foul play while intelligence agencies secretly compiled information connecting the deaths to Russia.

Williams, a 31-year-old codebreaker for Britain’s Government Communication Headquarters (GCHQ), had been assigned to MI6, and in the months before his death, sources said, he was working with the US National Security Agency. Two senior British police sources with direct knowledge of the case said some of his work was focused on Russia – and one confirmed reports that he had been helping the NSA trace international money-laundering routes that are used by organised crime groups including Moscow-based mafia cells.

While the report revisits and expands on all the suspicious details of Williams death and the thwarted British investigation into it, that spooks suspected it had ties to Russian mobsters is not new (though that theory does solidly explain why Williams would be among those targeted in this apparent assassination wave). The Daily Mail reported that theory back in 2011.

At the time, I noted that Williams’ impact on the Russian mob was described as a knock-on effect of a generally improved ability to track money laundering, something I tied closely to NSA’s ability to track SWIFT messaging.

[M]oney laundering is money laundering. Terrorists do it. Organized crime does it. Spy services do it. Corporations do it (often legally). And banksters do it, among others.

And there doesn’t appear to be anything about this description to suggest the Russian mafia would be specifically targeted by the technology. Indeed, the description of their exposure as a “knock-on effect” suggests everything would be targeted (which sort of makes sense; you can’t track money laundering unless you track the “legitimate” part of finance that makes it clean).

Which is why I find this latest narrative–with its complete lack of attention on the technology, instead focusing exclusively on the Russian mob–so interesting. Because finding a way to track money laundering, of any sort, would just be a new way to do what US intelligence has already been doing with SWIFT.

The following year, I noted that Gauss, a variant of StuxNet, sounded like the kind of money laundering tracking that might piss off the Russian mob.

That feels so long ago now: before the time we learned, in 2013, that the NSA was double-dipping at SWIFT, accessing SWIFT data directly at targeted customers in addition to its legal access via Europol, and before the time in April when Shadow Brokers not only dumped details of how the NSA hacked SWIFT but also (particularly ominously given the reminder of Williams’ death) doxed the NSA hackers who had carried that out.

Remember: Shadow Brokers has promised more details on “compromised network data from more SWIFT providers and Central banks” as part of its monthly tools of the month club.

There’s a lot that’s going on here. But a big part of it appears to be striking at US asymmetric visibility into the world’s financial system (I don’t say transparency because the US is increasingly the haven of last resort).

WSJ Aims to Restore Confidence in SWIFT … by Remaining Silent about Risks from NSA

WSJ has a 2000 word puff piece talking about how the international financial messaging system, SWIFT, is safe from hackers now because more banks are using two-factor authentication (!!) with the system that can transfer billions of dollars with each message.

The bank also wasn’t using two-factor authentication on the system it used to access Swift, according to a person familiar with the bank’s procedures. Two-factor authentication is a higher security standard that requires a second measure of verification in addition to a password.

Software that Swift provides to customers now has built-in two-factor authentication, but they can opt not to use it. At the time of the Bangladesh cyberattack, two-factor authentication was merely Swift’s preference for local access, according to a copy of its security guidance reviewed by The Wall Street Journal.

Two people briefed on the theft say two-factor authentication might not have made the hacks impossible but would have made them more difficult.

[snip]

Within days [of the Bangladesh hack], Swift rolled out a new customer security program, hinting that it wouldn’t rule out the possibility of kicking violators out of the network. Swift didn’t make the controls mandatory until September.

The 16 mandatory standards include tighter password security, such as two-factor authentication. Swift ordered bank customers to update software, threatening to report to regulators anyone who doesn’t obey. Regulators have the power to withdraw licenses from banks deemed insufficiently safe and sound.

Axletree’s Mr. Murali says the number of clients he works with who have requested two-factor authentication for the Swift messaging system has jumped to about 150 from 10 since last year.

Swift will likely need more time to fully win back confidence. The New York Fed stopped making payments on the strength of Swift messages alone and adopted a policy of double-confirming orders from Bangladesh by phone.

But the piece on the recent hacks — it discusses Bangladesh and Ecuador specifically, but mentions 26 total attempted attacks, though claims the other 24 were unsuccessful — remains utterly silent about the background to the hacks by thieves: the hack by NSA, which was first exposed in 2013, but recently exposed in far more detail in a Shadow Brokers dump.

I mean, sure, financial systems that can affect billions of dollars should have 2FA!

But it’s likely the thieves figured out SWIFT’s vulnerabilities thanks to the exposed NSA hacks.

[Photo: National Security Agency, Ft. Meade, MD via Wikimedia]

The Doxing of Equation Group Hackers Raises Questions about the Legal Role of Nation-State Hackers

Update: I should have caveated this post much more strongly. I did not confirm the names and IDs released in the dump are NSA’s hackers. It could be Shadow Brokers added names to cast blame on someone else. So throughout, take this as suspected doxing, with the possibility that it is, instead, disinformation. 

In 2014, DOJ indicted five members of China’s People Liberation Army, largely for things America’s own hackers do themselves. Contrary to what you’ve read in other reporting, the overwhelming majority of what those hackers got indicted for was the theft of information on international negotiations, something the US asks its NSA (and military industrial contractor) hackers to do all the time. The one exception to that — the theft of information on nuclear reactors from Westinghouse within the context of a technology transfer agreement — was at least a borderline case of a government stealing private information for the benefit of its private companies, but even there, DOJ did not lay out which private Chinese company received the benefit.

A month ago, DOJ indicted two Russian FSB officers and two criminal hackers (one, Alexey Belan, who was already on FBI’s most wanted list) that also worked for the Russian government. Rather bizarrely, DOJ deemed the theft of Yahoo tools that could be used to collect on Yahoo customers “economic espionage,” even though it’s the kind of thing NSA’s hackers do all the time (and notably did do against Chinese telecom Huawei). The move threatens to undermine the rationalization the US always uses to distinguish its global dragnet from the oppressive spying of others: we don’t engage in economic espionage, US officials always like to claim. Only, according to DOJ’s current definition, we do.

On Friday, along with details about previously unknown, very powerful Microsoft vulnerabilities and details on the 2013 hacking of the SWIFT financial transfer messaging system, ShadowBrokers doxed a number of NSA hackers (I won’t describe how or who it did so — that’s easy enough to find yourself). Significantly, it exposed the name of several of the guys who personally hacked EastNets SWIFT service bureau, targeting (among other things) Kuwait’s Fund for Arab Economic Development and the Palestinian al Quds bank. They also conducted reconnaissance on at least one Belgian-based EastNets employee. These are guys who — assuming they moved on from NSA into the private sector — would travel internationally as part of their job, even aside from any vacations they take overseas.

In other words, ShadowBrokers did something the Snowden releases and even WikiLeaks’ Vault 7 releases have avoided: revealing the people behind America’s state-sponsored hacking.

Significantly, in the context of the SWIFT hack, it did so in an attack where the victims (particularly our ally Kuwait and an apparent European) might have the means and the motive to demand justice. It did so for targets that the US has other, legal access to, via the Terrorist Finance Tracking Program negotiated with the EU and administered by Europol. And it did so for a target that has subsequently been hacked by people who might be ordinary criminals or might be North Korea, using access points (though not the sophisticated techniques) that NSA demonstrated the efficacy of targeting years earlier and which had already been exposed in 2013. Much of the reporting on the SWIFT hack has claimed — based on no apparent evidence and without mentioning the existing, legal TFTP framework — that these hacks were about tracking terrorism finance. But thus far, there’s no reason to believe that’s all that the NSA was doing, particularly with targets like the Kuwait development fund.

Remember, too, that in 2013, just two months after NSA continued to own the infrastructure for a major SWIFT service bureau, the President’s Review Group advised that governments should not use their offensive cyber capabilities to manipulate financial systems.

Governments should not use their offensive cyber capabilities to change the amounts held in financial accounts or otherwise manipulate the financial systems;

[snip]

[G]overnments should abstain from penetrating the systems of financial institutions and changing the amounts held in accounts there. The policy of avoiding tampering with account balances in financial institutions is part of a broader US policy of abstaining from manipulation of the financial system. These policies support economic growth by allowing all actors to rely on the accuracy of financial statements without the need for costly re-verification of account balances. This sort of attack could cause damaging uncertainty in financial markets, as well as create a risk of escalating counter-attacks against a nation that began such an effort. The US Government should affirm this policy as an international norm, and incorporate the policy into free trade or other international agreements.

No one has ever explained where the PRG came up with the crazy notion that governments might tamper with the world’s financial system. But since that time, our own spooks continue to raise concerns that it might happen to us, Keith Alexander — the head of NSA for the entire 5-year period we know it to have been pawning SWIFT — is making a killing off of such fears, and the G-20 recently called for establishing norms to prevent it.

A number of the few people who’ve noted this doxing publicly have suggested that it clearly supports the notion that a nation-state — most likely Russia — is behind the Shadow Brokers leak. As such, the release of previously unannounced documents to carry out this doxing would be seen as retaliation for the US’ naming of Russia’s hackers, both in December’s election hacking related sanctions and more recently in the Yahoo indictment, to say nothing of America’s renewed effort to arrest Russian hackers worldwide while they vacation outside of Russia.

While that’s certainly a compelling argument, there may be another motive that could explain it.

In a little noticed statement released between its last two file dumps, Shadow Brokers did a post explaining (and not for the first time) that what gets called its “broken” English is instead operational security (along with more claims about what it’s trying to do). As part of that statement, Shadow Brokers claims it writes (though the tense here may be suspect) documents for the federal government and remains in this country.

The ShadowBrokers is writing TRADOC, Position Pieces, White Papers, Wiki pages, etc for USG. If theshadowbrokers be using own voices, theshadowbrokers be writing peoples from prison or dead. TheShadowBrokers is practicing obfuscation as part of operational security (OPSEC). Is being a spy thing. Is being the difference between a contractor tech support guy posing as a infosec expert but living in exile in Russia (yes @snowden) and subject matter experts in Cyber Intelligence like theshadowbrokers. TheShadowBrokers has being operating in country for many months now and USG is still not having fucking clue.

On the same day and, I believe though am still trying to confirm the timing, before that post, Shadow Brokers had reacted to a Forbes piece asking whether it was about to be unmasked (quoting Snowden), bragging that “9 months still living in homeland USA USA USA our country theshadowbrokers not run, theshadowbrokers stay and fight.” Shadow Brokers then started attacking Jake Williams for having a big mouth for writing this post, claiming to expose him as a former Equation Group member, specifically invoking OddJob (the other file released on Friday that doxed NSA hackers, though not Williams), and raising the “gravity” of talking to Q Group, NSA’s counterintelligence group.

trying so hard so helping out…you having big mouth for former member what was name of.

leak OddJob? Windows BITS persistence? CCI? Maybe not understand gravity of situation USG investigating members talked to Q group yet

theshadowbrokers ISNOT in habit of outing members but had make exception for big mouth, keep talking shit your next

Which is to say that, four days before Shadow Brokers started doxing NSA hackers, Shadow Brokers made threats against those who’ve commented on the released Shadow Brokers files specifically within the context of counterintelligence investigations, even while bragging about having gone unexposed thus far even while remaining in the United States.

Whatever else this doxing may do, it will also make the investigation into how internal NSA files have come to be plastered all over the Internet more difficult, because Shadow Brokers is now threatening to expose members of TAO.

Which is not to say such a motivation, if true, is mutually exclusive of Russia retaliating for having its own hackers exposed.

All of which brings me back to the question of norms. Even as the US has been discussing other norms about hacking in recent years, I’ve seen next to no discussion about how state hackers — and remember, this post discusses NSA hackers, including uniformed members of the Armed Services, government contractors, spies, and criminal hackers working for a state (a practice we do too, though in a different form than what Russia does) — fit into international law and norms about immunities granted to individuals acting on behalf of the state. The US seems to have been proceeding half-blindly, giving belated consideration to how the precedents it sets with its offensive hacking might affect the state, without considering how it is exposing the individuals it relies on to conduct that hacking.

If nothing else, Shadow Brokers’ doxing of NSA’s own hackers needs to change that. Because these folks have just been directly exposed to the kind of international pursuit that the US aggressively conducts against Russians and others.

Because of international legal protections, our uniformed service members can kill for the US without it exposing them to legal ramifications for the rest of their lives. The folks running our spying and justice operations, however, apparently haven’t thought about what it means that they’re setting norms that deprive our state-sponsored hackers of the same protection.

Update: I forgot to mention the most absurd example of us indicting foreign hackers: when, last year, DOJ indicted 7 Iranians for DDOS attacks. In addition to the Jack Goldsmith post linked in that post, which talks about the absurdity of it,  Dave Aitel and Jake Williams talked about how it might expose people like them to international retaliation.

NSA Continued Double Dipping at SWIFT Even After It Was Exposed

One of the most contentious Snowden revelations — first reported on September 8, 2013 by Globo and then repeated a week later by Der Spiegel — was that NSA’s Tailored Operations group was hacking SWIFT, the international financial transfer messaging system. It was contentious because when the servers moved to Europe, the US and EU negotiated access for the US, access with protections for Europeans that happened to be oversold.

Shadowbrokers just released its second set of NSA files in a week. This set includes far more interesting documents than the batch released last week. Most significantly, it includes details on NSA’s thorough pawning of SWIFT. Whereas the SWIFT files from Snowden, which were never released publicly, seemed to date from 2011, the most recent files released today, including one dated October 17, 2013, appear to date to a month after the first public Snowden reports that NSA had targeted SWIFT. In addition, it includes files showing NSA targeting a SWIFT EastNets engineer in Belgium.

A number of people have been arguing that the mostly Middle Eastern financial institutions that seem to be the focus here — things like the Al Quds Bank for Development and Investment — are legitimate intelligence targets. And they are, within the framework of NSA’s spying in the US. But that ignores that the US had an agreement in place about what legitimate targets were (which, according to MEPs who tried to oversee the agreement, were violated anyway). Also, a number of our Arab allies may not be too happy to see their own banks targeted.

Both last week’s release and this week’s cite Trump’s suddenly volatile foreign policy. “Maybe if all suviving WWIII theshadowbrokers be seeing you next week.” By releasing files that remind Europe that the US continued to flout multilateral negotiations, SB may be trying to make continued adventures more difficult for Trump.

Update: Security researcher Matt Suiche did a more detailed post on how much this release endangers SWIFT.

Update: Shadow Brokers has long made a show of asking for Bitcoin for all this. But these SWIFT files alone (to say nothing of what appear to be multiple Windows 0days in this release) would have been at least as valuable.

Even more interesting, remember that the US threatened to kick Russia out of SWIFT in 2014, which led Russia to build a redundant system in case it were ejected from the cooperative. Even the Trump Administration has floated making sanctions more stringent. If Russia ever were targeted in such a way, it seems these files would be invaluable. And yet they got leaked, for free. To my mind that’s one of the best pieces of evidence yet that Shadow Brokers is not Russian.

Update: EastNets, the primary target in the SWIFT files, issued this statement:

No credibility to the online claim of a compromise of EastNets customer information on its SWIFT service bureau

The reports of an alleged hacker-compromised EastNets Service Bureau (ENSB) network is totally false and unfounded. The EastNets Network internal Security Unit has run a complete check of its servers and found no hacker compromise or any vulnerabilities.
The EastNets Service Bureau runs on a separate secure network that cannot be accessed over the public networks. The photos shown on twitter, claiming compromised information, is about pages that are outdated and obsolete, generated on a low-level internal server that is retired since 2013.
“While we cannot ascertain the information that has been published, we can confirm that no EastNets customer data has been compromised in any way, EastNets continues to guarantee the complete safety and security of its customer’s data with the highest levels of protection from its SWIFT certified Service bureau”
Hazem Mulhim, CEO and founder EastNets.
Note what the statement is, however: a denial of current compromise. It says it retired the server in question down in 2013, which is the date of these files. But that might also mean they reviewed their files after the Snowden-related disclosures and responded by revamping their security.
[Photo: National Security Agency, Ft. Meade, MD via Wikimedia]

NSA, Lazarus, and Odinaff

Reuters has a report that SWIFT — the international financial transfer messaging system — has been hacked again, what it describes as the second effort to steal big money by hacking the system.

Cyber-security firm Symantec Corp said on Tuesday that a second hacking group has sought to rob banks using fraudulent SWIFT messages, the same approach that yielded $81 million in the high-profile February attack on Bangladesh’s central bank.

Symantec said that a group dubbed Odinaff has infected 10 to 20 organizations with malware that can be used to hide fraudulent transfer requests made over SWIFT, the messaging system that is a lynchpin of the global financial system.

But it should say the third hack. As the Snowden documents revealed, NSA was double dipping at SWIFT in the 2010 to 2011 timeframe, though to steal information, not money.

What’s interesting about this latest hack, though, is it targets the US and countries closely aligned with it, though it appears to be a criminal organization not a state.

Symantec said that most Odinaff attacks occurred in the United States, Hong Kong, Australia, the United Kingdom and Ukraine.

The Reuters report also notes that Symantec thinks the Sony hack was done by a group it calls Lazarus, which may not be the same as North Korea.

As with the Yahoo scan ordered last year — which effectively appears to have hacked all Yahoo’s users — it makes sense to think of US nation-state hacks and criminal or foreign adversary ones in the same breath. Not only might an NSA hack expose methods others might use, but with an entity like SWIFT, there’s no reason to privilege US hacking over others.

Wednesday: Graduate

To the bastard talking down to me
Your whipping boy calamity
Cross your fingers
I’m going to knock it all down
Can I graduate

— excerpt, Graduate by Third Eye Blind

Well. That took a lot longer and was a much bigger pain in the rear than I expected. I’ve earned another notch in my belt, the proud parent of yet another high school graduate who left school this past week with less to look forward to than his parents did. Observation of this right of passage consisted of too many people crammed into too-small venues intent on traditional American celebratory excess.

I wonder yet days later if a particular family member’s vocal chords will ever recover from their screaming joy.

Crossing my fingers this kid can knock it all down when he next graduates.

Tick-tock
Meanwhile, I’m counting the days…only 87 days until my kid starts college.

And only 36 days left for the 114th Congress to work in D.C. before the general election, if I’ve counted correctly from the House majority leader’s calendar (pdf).

36 days — not counting today — to fix the Flint Water Crisis. Check my math, maybe I’m off a few days, but that’s not a lot of time give or take a few days. Flint residents are still experiencing problems with their water, which will  only be fully resolved when the damaged pipes are completely replaced.

Will this Congress shunt the responsibility off to the 115th? Or will they buck up and do their job by people most in need? Hey, novel idea here, since most of the time between now and election day will be spent in district — for the House members, this means campaigning. Why don’t you folks actually fix the problem ASAP and then tell your constituents what a great job you’ve done while you’re on the campaign trail?

Tick-tock.

American exceptionalism and EU air
Holy cats. Air pollution in the EU was responsible for 400,000 premature deaths — in 2010 alone.

I can’t wrap my head around that number. That’s massive. I can’t imagine how much money is spent on health care for the people who die, let alone the even larger number of people who are merely sick from air pollution. And yet the EU member states are quibbling over how and when to implement new regulations to clean their air.

If you recall the video in which two citizen investigators discussed both VW’s corporate infrastructure and the emissions controls defeat system, you know that EU automakers don’t fear EU regulators. Their legal system is lax, and they don’t have an effective overarching federal system to backstop the laws of individual member states. The fines assess for violations are a pittance to nonexistent in some EU states. You just know VW’s bean counters are cost averaging the fines across all the vehicles they’ve sold.

What worked to force the EU and member states to take real action is the U.S. — both its emissions standards at state and federal level and its laws with regard to fraud have forced the EU to snap out of its complacency and reexamine its own emissions standards and enforcement. There’s your American exceptionalism (even if contemporary GOP thwarts environmental law every chance it gets, being fossil fuel’s yappy little attack dog).

But the current dithering and weaseling by some EU states continue in spite of ridiculously high mortality rates and legal costs cutting into the profitability of businesses like VW. It may take an even firmer hand here in the U.S., or we’ll see more EU backsliding impacting us directly.

VW got away with selling those cheating passenger diesel cars in EU and the U.S.; as long as it took for a tiny U.S.-based research group to discover the cheat, what’s to keep VW (or another EU-based automaker) from trying to slip another model under our radar? We know the EU won’t catch it first. Put the screws to them now to discourage any further attempts. They’ve already killed or sickened more than enough of our own citizens because they weren’t caught and punished at home.

Odd lots
No theme here, just interesting things swept into my feed.

Whew. That’s enough to get me over the hump today. Catch you tomorrow!

Monday Morning: Tarantela [UPDATE]

I could listen to this piece on a loop. It’s Santiago de Murcia’s “Tarantela,” performed by noted lutist Rolf Lislevand. The instrument he is playing is as important as the music and his artistry; it’s an extremely rare Stradivarius guitar called the Sabionari. While tarantellas more commonly feature additional instruments and percussion like tambourines, this instrument is stunning by itself.

You can learn more about the Sabionari at Open Culture, a site I highly recommend for all manner of educational and exploratory content.

And now to dance the tarantella we call Monday.

Wheels

  • What’s the German word for ‘omertà’? Because Volkswagen has it (Forbes) — Besides the use of obfuscation by translation, VW’s culture obstructs the investigation into Dieselgate by way of a “code of silence.” And money. Hush money helps.
  • Growing percentage of VW investors want an independent investigation (WSJ) — An association 25,000 investors now demands an investigation; the problem continues to be Lower Saxony, the Qatar sovereign-wealth fund and the Porsche family, which combined own 92% of voting stock.
  • VW production workers get a 5% pay raise (IBT) — Is this “hush money,” too, for the employees who can’t afford to be retired like VW’s executives? The rationale for the increase seems sketchy since inflation is negligible and VW group subsidiary workers at Audi and Porsche won’t receive a similar raise.
  • Insanity? VW Group a buy opportunity next month (The Street) — Caveat: I am not a stockbroker. This information is not provided for investment purposes. Your mileage may vary. But I think this is absolute insanity, suggesting VW group stock may offer a buy opportunity next month when VW publishes a strategy for the next decade. If this strategy includes the same utterly opaque organization committing fraud to sell vehicles, is it smart to buy even at today’s depressed prices? The parallel made with Apple stock is bizarre, literally comparing oranges to Apples. Just, no.

Bad News (Media)

Cybersec

  • Organized criminals steal $13M in minutes from Japanese ATMs (The Guardian) — And then they fled the country. What?! The mass thefts were facilitated by bank account information acquired from an unnamed South African bank. Both Japan and SA use chip-and-pin cards — so much for additional security. Good thing this organized criminal entity seeks money versus terror. Interesting that the South African bank has yet to be named.(*)
  • Slovenian student receives 15-month suspended sentence for disclosing state-created security problems (Softpedia) — The student at Slovenia’s Faculty of Criminal Justice and Security in Maribor, Slovenia had been investigating Slovenia’s TETRA encrypted communications protocol over the last four years as part of a school project. He used responsible disclosure practices, but authorities did not respond; he then revealed the encrypted comms’ failure publicly to force action. And law enforcement went after him for exposing their lazy culpability hacking them.
  • Related? Slovenian bank intended target for Vietnamese bank’s SWIFT attempted hack funds (Reuters) — Huh. Imagine that. Same country with highly flawed state-owned encrypted communications protocol was the target for monies hackers attempted to steal via SWIFT from Vietnamese TPBank. Surely just a coincidence, right?

Just for the heck of it, consider a lunch read/watch on a recent theory: World War 0. Sounds plausible to me, but this theory seems pretty fluid.

Catch you here tomorrow morning!

* UPDATE — 1:20 P.M. EDT —
Standard Bank reported it had lost 300 million rand, or USD $19.1 million to the attack on Japanese ATMs. First reports in South African media and Reuters were roughly 11 hours ago or 9:00 a.m. Johannesburg local time. It’s odd the name of the affected bank did not get wider coverage in western media, but then South Africa has a problem with disclosing bank breaches. There were five breaches alleged last year, but little public information about them; they do not appear on Hackmageddon’s list of breaches. This offers a false sense of security to South African banking customers and to banks’ investors alike.

Japan Times report attribute the thefts to a Malaysian crime gang. Neither Japan Times nor Manichi mention Standard Bank’s name as the affected South African bank. Both report the thefts actually took place more than a week ago on May 15th — another odd feature about reporting on this rash of well-organized thefts.

SEC Says Hackers Like NSA Are Biggest Threat to Global Financial System

Reuters reports that, in the wake of criminals hacking the global financial messaging system SWIFT both via the Bangladesh central and an as-yet unnamed second central bank, SEC Commissioner Mary Jo White identified vulnerability to hackers as the top threat to the global financial system.

Cyber security is the biggest risk facing the financial system, the chair of the U.S. Securities and Exchange Commission (SEC) said on Tuesday, in one of the frankest assessments yet of the threat to Wall Street from digital attacks.

Banks around the world have been rattled by a $81 million cyber theft from the Bangladesh central bank that was funneled through SWIFT, a member-owned industry cooperative that handles the bulk of cross-border payment instructions between banks.

The SEC, which regulates securities markets, has found some major exchanges, dark pools and clearing houses did not have cyber policies in place that matched the sort of risks they faced, SEC Chair Mary Jo White told the Reuters Financial Regulation Summit in Washington D.C.

“What we found, as a general matter so far, is a lot of preparedness, a lot of awareness but also their policies and procedures are not tailored to their particular risks,” she said.

“As we go out there now, we are pointing that out.”

Of course, the criminals in Bangladesh were not the first known hackers of SWIFT. The documents leaked by Snowden revealed NSA’s elite hacking group, TAO, had targeted SWIFT as well. Given the timing, it appears they did so to prove to the Europeans and SWIFT that the fairly moderate limitations being demanded by the Europeans should not limit their “front door” access.

Targeting SWIFT (and credit card companies) is probably not the only financial hacking NSA has done. One of the most curious recommendations in the President’s Review Group, after all, was that “governments” (including the one its report addressed, the US?) might hack financial institutions to change the balances in financial accounts.

(2) Governments should not use their offensive cyber capabilities to change the amounts held in financial accounts or otherwise  manipulate the financial systems;

Second, governments should abstain from penetrating the systems of financial institutions and changing the amounts held in accounts there. The policy of avoiding tampering with account balances in financial institutions is part of a broader US policy of abstaining from manipulation of the financial system. These policies support economic growth by allowing all actors to rely on the accuracy of financial statements without the need for costly re-verification of account balances. This sort of attack could cause damaging uncertainty in financial markets, as well as create a risk of escalating counter-attacks against a nation that began such an effort. The US Government should affirm this policy as an international norm, and incorporate the policy into free trade or other international agreements.

After which point, James Clapper started pointing to similar attacks as a major global threat.

I don’t mean to diminish the seriousness of the threat (though I still believe banksters’ own recklessness is a bigger threat to the world financial system). But the NSA should have thought about the norms they were setting and the impact similar attacks done by other actors would have, before they pioneered such hacks in the first place.

Wednesday Morning: Wandering

This music video is the result of an insomniac walkabout. I went looking for something mellow I hadn’t heard before and tripped on this lovely little indie folk artistry. Not certain why I haven’t heard Radical Face before given how popular this piece is. I like it enough to look for more by the same artist.

Let’s go wandering…

Volkswagen: 3.0L fix in the offing, but too late for EU and the world?

  • New catalytic converter may be part of so-called fix for VW and Audi 3.0L vehicles (Bloomberg) — The financial hit affected dividend as reserve for fix/recall/litigation was raised from 6.7B to 16.2B euros. VW group will not have a full explanation about Dieselgate’s origins and costs to shareholders until the end of 2016.
  • But Netherland’s NO2 level exceeds the 40 microgram threshold in 11 locations, violating EU air pollution standards (DutchNews) — Locations are those with high automobile traffic.
  • UK government shoveled 105,000 pounds down legal fee rat hole fighting air pollution charges (Guardian-UK) — Look, we all know the air’s dirty. Stop fighting the charges and fix the mess.
  • UK’s MPs already said air pollution was a ‘public health emergency’ (Guardian-UK) — It’s killing 40-50,000 UK residents a year. One of the approaches discussed but not yet in motion is a scrapping plan for dirty diesel vehicles.
  • Unfortunately global CO2 level at 400 ppm tipping point, no thanks to VW’s diesel vehicles (Sydney Melbourne Herald) — Granted, VW’s passenger vehicles aren’t the only source, but cheating for nearly a decade across millions of cars played a substantive role.

Mixed government messages about hacking, encryption, and cybersecurity enforcement
Compare: FBI hires a “grey hat” to crack the San Bernardino shooter’s iPhone account, versus FCC and FTC desire for escalated security patching on wireless systems. So which is it? Hacking is good when it helps government, or no? Encryption is not good for government except when it is? How do these stories make any sense?

  • State of Florida prosecuting security researcher after he revealed FL state’s election website was vulnerable (Tampa Bay Times) — Unencrypted site wide-open to SQL “injection attack” allowed research to hack into the site. Florida arrests him instead of saying thanks and fixing their mess.
  • UK court rules hacker does not have to give up password (Guardian-UK) — Computer scientist and hacker activist Lauri Love fights extradition to U.S. after allegedly stealing ‘massive quantities’ of data from Fed Reserve and NASA computers; court ruled he does not have to give up password for his encrypted computers taken into custody last autumn.
  • SWIFT denies technicians left Bangladeshi bank vulnerable to hacking (Reuters) — Tit-for-tat back and forth between Bangladesh Bank and SWIFT as to which entity at fault for exposures to hacking. Funny how U.S. government is saying very little about this when the vulnerability could have been used by terrorists for financing.

Well, it’s not quite noon Pacific time, still morning somewhere. Schedule was off due to insomnia last night; hoping for a better night’s sleep tonight, and a better morning tomorrow. Catch you then!

Tuesday Morning: Monitor

Y me lamento por no estar alla
Y hoy te miento para estar solos tu y yo
Y la distancia le gano al amor
Solo te veo en el monitor

— excerpt, Monitor by Volovan

Sweet little tune, easy to enjoy even if you don’t speak Spanish.

Speaking of monitor…

Flint Water Crisis: Michigan State Police monitoring social media
Creeptastic. MSP is following social media communications related to Flint water crisis, which means they’re watching this blog and contributors’ tweets for any remarks made about Flint. Whatever did they do in the day before social media when the public was unhappy about government malfeasance?

MDEQ personnel told Flint city water employee to omit tests with high lead readings
The charges filed last week against two Michigan Department of Environmental Quality and a Flint city employee were related to the manipulation and falsification of lead level tests. From out here it looks like Mike Glasgow did what the MDEQ told him to do; with the city under the control of the state, it’s not clear how Glasgow could have done anything else but do what the state ordered him to do. Which governmental body had higher authority under emergency management — the city’s water department, or the MDEQ? And what happens when personnel at the MDEQ aren’t on the same page about testing methodology?

MDHHS too worried about Ebola to note Legionnaire’s deaths in 2014-2015?
Michigan’s Department of Health and Human Services director Nick Lyons maintains a “breakdown in internal communication” kept information about the Legionnaire’s disease outbreak from reaching him. He also said MDHHS was focused on Ebola because of its high mortality rate overseas. There were a total of 11 cases of Ebola in the U.S. between 2014 and 2015, none of which were diagnosed or treated in Michigan. Meanwhile, 10 people died of Legionnaire’s due to exposure to contaminated Flint water in that same time frame. Not certain how MDHHS will respond to an imported biological crisis when it can’t respond appropriately to a local one created by the state.

Other miscellaneous monitoring

  • Charter Communications and Time Warner tie-up approved, with caveat (Reuters) — Charter can’t tell content providers like HBO they can’t sell their content over the internet – that’s one of a few exceptions FCC placed on the deal. I think this is just insane; the public isn’t seeing cheaper broadband or cable content in spite of allowing ISPs to optimize economies of scale. Between Charter/TWC and Comcast, they’ll have 70% of all broadband connections in the U.S.
  • Mitsubishi Motors fudged its fuel economy numbers for last 25 years (AP) — This investigation is exactly what should happen across EU, because EU-based manufacturers have done this for just as long or longer. And the EU knows this, turns a blind eye to the tricks automakers use to inflate fuel economy ratings.
  • Goldman Sachs has a brand new gig: internet-based banking (Fortune) — This is the fruit of GS’ acquisition of General Electric’s former financial arm. Hmm.
  • BAE Systems has a nice graphic outlining the SWIFT hack via Bangladesh’s central bank (BAE) — Makes it easy to explain to Grampa how somebody carted off nearly a billion dollars.

Toodledy-doo, Tuesday. See you tomorrow morning!