MY mENU


Sunday 23 September 2012

Iranian hackers target Bank of America, JPMorgan, Citi

Iranian hackers have repeatedly attacked Bank of America, JPMorgan Chase & Co andCitigroup over the past year as part of a broad cyber campaign targeting the United States, according to people familiar with the situation.

The attacks, which began in late 2011 and escalated this year, have primarily been "denial of service" campaigns that disrupted the banks' websites and corporate networks by overwhelming them with incoming web traffic, said the sources.

They said there was evidence suggesting the hackers targeted the three banks in retaliation for their enforcement of Western economic sanctions against Iran. Whether the hackers have been able to inflict more serious damage on computer networks or steal critical data is not yet known.

Iran has beefed up its cyber capabilities after its nuclear program was damaged in 2010 by theStuxnet virus, widely believed to have been developed by the United States. Tehran has publicly advertised its intentions to build a cyber army and encouraged private citizens to hack against Western countries.

The attacks on the three largest US banks originated in Iran, but it is not clear if they were launched by the state, groups working on behalf of the government, or "patriotic" citizens, according to the sources, who requested anonymity as they were not authorized to discuss the matter.

The hackers also targeted other US companies, the sources said, without giving specifics. They said the attacks shed new light on the potential for Iran to lash out at Western nations' information networks.

"Most people didn't take Iran seriously. Now most people are taking them very seriously," said one of the sources, referring to Iran's cyber capabilities.

Iranian officials were not available to comment. Bank of America, JPMorgan Chase and Citigroup declined to comment, as did officials with the Pentagon, US Department of Homeland Security, Federal Bureau of Investigation, National Security Agency and Secret Service.

A U.S. financial services industry group this week warned banks, brokerages and insurers to be on heightened alert for cyber attacks after the websites of Bank of America and JPMorgan Chase experienced service disruptions.

Senator Joseph Lieberman, chairman of the Senate's Homeland Security and Governmental Affairs Committee, said on Friday that he believes Iran was behind the attacks.

"I think this was done by Iran and the Quds Force, which has its own developing cyber attack capability," Lieberman said during a taping of C-SPAN's "Newsmakers" program. The Quds Force is a covert arm of Iran's Revolutionary Guards.

"I believe it was a response to the increasingly strong economic sanctions that the United Statesand our European allies have put on Iranian financial institutions," he said.

Tensions between the United States and Iran, which date back to the revolution in 1979 that resulted in the current Islamic republic, have escalated in recent years as Washington has led the effort to prevent Tehran from getting a nuclear bomb and imposed tough economic sanctions.

Disruptive campaign
Denial-of-service campaigns are among the oldest types of cyber attacks and do not require highly skilled computer programmers or advanced expertise, compared with sophisticated and destructive weapons like Stuxnet.

But denial-of-service attacks can still be very disruptive: If a bank's website is repeatedly shut down, the attacks can hurt its reputation, affect customer retention and cause revenue losses as customers cannot open accounts or conduct other business.

Bank of America, Citigroup and JPMorgan Chase have consulted the FBI, Department of Homeland Security and National Security Agency on how to strengthen their networks in the face of the Iranian attacks, the sources said. It was not clear whether law enforcement agencies are formally investigating the attacks.

The Iranian attackers may have used denial-of-service to distract the victims from other, more destructive assaults that have yet to be uncovered, the sources said.

Frank Cilluffo, who served as homeland security adviser to former US President George W Bush, told Reuters he knows of "cyber reconnaissance" missions that have come from Iran but declined to give specifics.

"It is yet to be seen whether they have the wherewithal to cause significant damage," said Cilluffo, who is now director of the Homeland Security Policy Institute at George Washington University.

Security experts said Iran's cyber capabilities are not as sophisticated as those of China, Russia, the United States or many of its Western allies. Jim Lewis, a former US Foreign Service officer, said Iran has been testing its cyber technology against Israel and other Gulf states in recent years.

"It's like the nuclear program: It isn't particularly sophisticated but it makes progress every year," said Lewis, who is a senior fellow at the Center for Strategic & International Studies.

Facebook switches off facial recognition tool

Facebook said Friday it had switched off the facial-recognition tool that prompts users to "tag" photographs uploaded to its website following a privacy investigation. 

The feature was identified by regulators as one of the main privacy threats posed by the social networking site. Ireland's Data Protection Commissioner (DPC), Billy Hawkes, who launched the probe because Facebook's European operations are based in Ireland, said he was happy that the site had agreed to remove the tool in Europe by October 15.
New users are already unable to access it. 
Hawkes said: "I am satisfied that the review has demonstrated a clear and ongoing commitment on the part of FB-I to comply with its data protection responsibilities." 

He added: "By doing so it is sending a clear signal of its wish to demonstrate its commitment to best practice in data protection compliance." 

Facebook said in a statement: "In light of discussions with our regulator in Ireland, we have agreed to suspend the Tag Suggest feature in Europe." 

It said it would work with the Irish authorities "on the appropriate way to obtain user consent for this kind of technology under European rules". 

Facebook was keen to encourage members to "tag" their friends in photographs because it ensures they are shared more widely, but it has been a controversial addition to the site. 

Europe-versus-Facebook, an Austrian campaign group that has been fighting for clearer privacy policies on Facebook and already took its complaints to the DPC last year, welcomed Friday's ruling. 

This was "a very surprising decision of the Irish authority" and it "sounds like a big victory for users," the group said on its website. 

"It looks like we might soon be able to drop our first complaint," it added.  

HR checking candidates’ background on FB, Twitter, Google


A majority of employers and recruiters are now using social media sites like Facebook and Twitter, search engines and criminal records to learn the truth about job seekers. 
A survey conducted by Australia-based software firm Nuage Software showed over half of human resource managers surveyed ran a Google search on candidates, 74 per cent checked LinkedIn, 23 per cent Facebook and three per cent Twitter. 
According to tech firm Nuage’s managing director David Wilson, some employers are asking to view Facebook and Twitter profiles at interviews in order to avoid privacy concerns, Perth Now reports. 
“The internet has a very long memory. An ill-advised or impulsive post can be rapidly replicated across many sites and be impossible to take back,” the report quoted Wilson, as saying 
“People really do enjoy the freedom of expression on social media, but it is worth considering the cumulative effect of their postings,” he added. 
According to the report, Australia’s National Crime Check managing director Martin Lazarevic said the variety of employers getting police checks on applicants had grown rapidly in the past six months, and as many as one in ten checks were catching people out

unclosed string literal


String literals must be enclosed in quotation marks.1 This error occurs if you fail to
terminate the literal with quotation marks. Fortunately, the syntax of JAVA requires
that a string literal appear entirely on one line so the error message appears on the
same line as the mistake. If you need a string literal that is longer than a single line,
create two or more literals and concatenate them with +:

String longString = "This is first half of a long string " + "and this is the second half.";

ECLIPSE: String literal is not properly closed by a double-quote. In ECLIPSE you
can write a string literal of arbitrary length and the environment will break the string
and insert the + automatically.
1A literal is a source-code representation of a value; most literals are of primitive types like int or char, but there are also literals of type String and the literal null of any reference type.