Black Hat brags about bank hack – Signal could have spotted it
Many hacks go completely undetected as shown by the fact that in 2019 one of America’s biggest banks took over four months to realise they had had a severe data breach! Learn how Signal could have helped this bank find and respond sooner and reduce their reputational damage.
One of America’s biggest banks took four months to realise it had been hacked.
Signal could have helped the bank find and respond sooner to reduce their reputational damage.
In late July the $370bn bank Capital One announced a hack of one million social security numbers and 80,000 credit card-linked bank account numbers which is estimated to cost over $100m to remedy.
Their announcement came 120 days after the actual hack occurred - the vigilant monitoring that Signal provides could have alerted Capital One to the problem quickly. Instead, it took months before a ‘white hat’ noticed conversation about the breach.
The number of people affected was staggeringly high – in the words of Capital One itself, “The event affected approximately 100 million individuals in the United States and approximately 6 million in Canada.”
Here’s what happened:
On July 19, 2019, it was determined there had been unauthorised access by an outside individual who obtained personal information relating to Capital One credit card customers.
Capital One says it immediately fixed the configuration vulnerability that the individual had exploited and promptly began working with federal law enforcement.
The FBI arrested Paige Thompson, 33, a software engineer who formerly worked for Amazon Web Services… which Capital One is known to use.
Charges against Ms Thompson state she boasted about the hack on GitHub, Slack, and Twitter, allowing Capitol One the opportunity to quickly alert their cyber teams of a potential breach – if they were utilizing an OSINT tool like Signal.
Capital One claims it is unlikely the information stolen was used for fraud or disseminated by the individual, adding it believes no credit card account numbers or log-in credentials were compromised and that over 99 percent of Social Security numbers were not compromised.
The fact remains: one million social insurance numbers and 80,000 credit card-linked bank account numbers were exposed.
The largest category of information accessed was information on consumers and small businesses created when they applied for credit card products across the last 15 years, including:
Customer status data, credit scores, credit limits, balances, payment history, contact information
Fragments of transaction data from a total of 23 days during 2016, 2017 and 2018
140,000 Social Security numbers of credit card customers
80,000 linked bank account numbers of our secured credit card customers
The Social Insurance Numbers of one million Canadian credit card customers were also compromised in this incident.
The configuration vulnerability was reported to Capital One by an external security researcher through a Responsible Disclosure Program on July 17, 2019. Capital One then began their own internal investigation, leading to the July 19, 2019, discovery of the incident. the hacker had four months to do what she wished with people’s personal information. Unfortunately, it is common for hacks to take months to be discovered, reported, and patched if the proper monitoring solutions are not in place.
Capital One expects the incident to generate incremental costs of approximately $100-$150 million in 2019. Expected costs are driven by customer notifications, credit monitoring, technology costs, and legal support and notifying customers.
Capital One said in its public statement it has always invested heavily in cybersecurity and will continue to do so. This breach shows how the convergence of cyber and physical security is continuing to evolve as companies continue to invest in infrastructure and tools to stay at the forefront of cyber threats. As threat surfaces continue to increase, social media and dark web scanning tools have become even more important to identify threats in real time.
Clearly there’s a lot of money at stake, but the worst part of it all is the hacker boasted about it online and the response could have been a lot quicker.
While it doesn’t appear that the breach was for financial gain, the reputational damage for Capital One has been huge (and continues).
Here’s how signal can help prevent this sort of thing happening:
Signal’s point of difference is scanning the web and dark web for chat around data hacks, breaches and stolen information for sale.
We know that the accused thief bragged about what she was alleged to have done to Capital One, and this is precisely the sort of thing Signal is set up to prevent.
Signal offers:
Monitoring over 15 data sources, including social media, web/forums, surface web, the dark web and online forums.
Accurate real-time results centred around the geographical locations you need to monitor
Advanced filtering of searches
Excellent visuals so you’re not sifting through raw data to find out who’s talking about hacks at your organisation
Situation awareness
Online operation centre capability and data
Please feel free to read how Signal could have helped resolve
A British banker selling stolen data on the dark web (and being exploited until he was driven to steal even more)
Slow responses to crises emerging in the real world outside a business
Parsing the dark web and seeing discussions about plans to rip off your bank or business
Mitigating the Threat of Credential Stuffing through Dark Web Monitoring
How Watching The Dark Web Could Have Stopped A $140,000 Theft
In this real-life example, we explore how utilising threat intelligence software like Signal could have easily spotted and halted a massive employee data breach which cost Llyods bank over $140k!
Dayne Lynn, a young Lloyds Bank employee from Scotland, was convicted at the start of 2019 for stealing $AUD140,000 from his customers’ accounts after he was blackmailed by criminals he met on the dark web.
The crimes began when Mr Lynn joined an internet chat forum and made the mistake of revealing he worked at Lloyds Bank in Glasgow. Mr Lynn was working as a member of a team that investigates fraudulent payments and transfers, where he had access to the accounts of many bank customers.
It wasn’t long before a group of criminals on the dark web forum ordered him to steal from accounts and transfer the money to them.
On July 18, 2016, between 7:45 a.m. and 9:30 a.m. Lynn accessed almost 20 customer accounts and took tens of thousands of pounds, overcoming bank transfer restrictions using his Lloyds Bank employee credentials to access the accounts. The bank reversed all of the stolen money, however, the identity of the culprit couldn’t be established for over a year and Mr Lynn and his dark web associates almost got away with the crime.
The theft could have been averted if the bank had used Signal. Signal constantly monitors dark web traffic and simple search terms such as Lloyds Bank, banker or bank accounts might have allowed the bank to stop its staffer before he went down the road of fraud.
Data Breaches Can Be Stopped Before They Happen
The Ponemon Institute’s 2018 IBM Cost of a Data Breach study reported the average time it takes to identify a data breach is a shocking 196 days.
The time it takes Signal security intelligence to identify a potential breach being arranged on the dark web: minutes.
Australian and New Zealand banks, institutions, businesses, hospitals and ASX/NZX-listed companies can all receive early indicators so you can be proactive about security and not caught off guard.
As the Office of the Australian Information Commissioner recently found
78 per cent of data breaches involve individuals’ contact information
a third of the data breaches are financial details and a third health information.
If You Know Potential Threats, You Can Set Your Own Search Terms
Signal is an extremely user-friendly app and can be used by any staff members with minimal training. Simply put in the search terms you feel your institution needs to monitor; Signal’s easy interface then provides alerts when what you’re looking out for appears online.
On a daily basis, Signal spots and reports Dark Web users offering to sell documentation and templates from banks and government as well as credit card numbers and logins
Signal parses through millions of postings and conversations to recognise questionable behaviour.
Signal is designed to recognise conversations regarding your business (bank, hospital, university) and determine the tone and context of potentially harmful language
You as the client set up your own monitoring parameters. For example, our Hollywood filmmaking clients ask us to identify those who want to hack, leak and illegally distribute intellectual property and scripts
Signal does all the heavy lifting, trawling the internet and sending you proactive alerts so that you hear about risks first – not 196 days later.
Data breach study author Larry Ponemon estimated a business is more likely to experience a data breach of 10,000 records than a person is to catch the flu over winter.
The average cost of EACH data breach in 2020 is anticipated to exceed $150 million, with worldwide costs estimated at $2 trillion
Don’t let a failure to watch the web cost your company.
Signal offers free demonstrations of outstandingly effective software. We have dozens of examples of top sharelisted companies relying on Signal software to avert risk. www.GetSignal.info or email info@signalpublicsafety.com