Thai PM defends cyber controls as censorship concerns rise

Thai Prime Minister Prayuth Chan-ocha on Thursday defended a decision to amend a cyber-crime law to increase the military government’s ability to remove online content as authorities seeks to tighten control on dissent.

A royal transition this month saw new King Maha Vajiralongkorn ascend the throne following the death of his father, King Bhumibol Adulyadej, on Oct. 13.

Thailand has some of the world’s toughest laws against royal insult, which has curtailed public discussion about the monarchy’s role following the death of King Bhumibol, who was seen as a unifying figure.

Since King Bhumibol’s death, authorities have cracked down on what they consider to be insults to the royal family and have shut down hundreds of websites.

The government is also sensitive about what it sees as criticism of the military’s role in politics, and opposition to its seizure of power in a 2014 coup.

Prayuth’s comments came a day before parliament will decide whether to pass amendments to a 2007 Computer Crime Act which critics say could result in more extensive online monitoring.

Amendments to the law, seen by Reuters on Friday, would allow state officials to obtain user and traffic data from service providers without court approval.

Any website that is seen as a threat to national security or “offends people’s good morals” can also be removed or suspended.

The current law says officials need court approval to remove content.

“This law is for when anyone posts something that is poisonous to society so that we know where it comes from,” Prayuth told reporters.

“Don’t think this is a rights violation. This isn’t what we call a rights violation … this is what we call a law to be used against those who violate the law,” he said.

Critics say parliament is likely to approve the amendments.

Since taking power, Prayuth’s military government has made increasing state control over cyberspace a priority.

In September, it launched a Ministry of Digital Economy and Society. One of its tasks is to block and delete what it considers to be inappropriate online.

Some 342,000 people have signed a petition calling for a reconsideration of the amendments, highlighting opposition to what critics, including civil society groups, say is a threat to internet freedom.

Arthit Suriyawongkul of the Thai Netizen Network said the amendments were problematic.

“It’s not the law itself that is a rights violation, but the authorities’ extensive power when monitoring and censoring online content, which could raise privacy concerns,” he said.

source: interaksyon.com

FBI probing Sony hack, as data leaks emerge

WASHINGTON — The FBI said Tuesday it was investigating a cyberattack on Sony Pictures, amid reports that employee information as well as new films were being leaked online.

“The FBI is working with our interagency partners to investigate the recently reported cyber intrusion at Sony Pictures Entertainment,” a spokesman for the US federal law enforcement agency said in a statement.

“The targeting of public and private sector computer networks remains a significant threat, and the FBI will continue to identify, pursue, and defeat individuals and groups who pose a threat in cyberspace.”

Various reports meanwhile said the hackers appeared to have posted online both confidential employee data and films not yet released in theaters.

The security blogger and researcher Brian Krebs said he discovered on websites devoted to illicit trading a “global Sony employee list,” that included names, locations, salaries and dates of birth for more than 6,800 individuals.

“Another file being traded online appears to be a status report from April 2014 listing the names, dates of birth, SSNs (social security numbers) and health savings account data on more than 700 Sony employees,” Krebs wrote.

The Washington Post reported meanwhile that the FBI was warning companies in a confidential memo about the malicious software used in the Sony hack.

An FBI spokesman said only that “we provided a routine notification to private industry,” but declined to elaborate.

The spokesman added that the FBI “routinely advises private industry of various cyber threat indicators” to help protect computer networks.

According to the Post, the hackers used malware similar to that used to launch destructive attacks on businesses in South Korea and the Middle East, including one against oil producer Saudi Aramco.

Some reports in the past few days said Sony is looking into whether North Korea may have been behind the major cyberattack on the studio last week, possibly because of a upcoming comedy film about a CIA plot to assassinate its leader Kim Jong-Un.

“The Interview,” which stars Seth Rogen and James Franco as two journalists recruited by the CIA to bump off Kim, has infuriated the North Koreans, with state media warning of “merciless retaliation.”

The entertainment news site Variety has reported that unreleased Sony movies including the upcoming “Annie” have been made available on pirate file-sharing websites.

The war film “Fury” “Mr. Turner,” “Still Alice” and “To Write Love on Her Arms” were also made available.

Sony did not respond to an AFP request for comment.

source: interaksyon.com

Social media — More hindrance than help in banks’ cyber crime fight

LONDON — Banks are fighting an uphill battle to protect themselves and their client accounts from cyber attacks, and the sometimes careless use of social media by customers and staff isn’t making the fight any easier.

British police and banks this week warned customers about the rise in criminals using social media to strike up a relationship and then try to get money from them.

Personal details from sites such as Facebook, Twitter and LinkedIn are also being used by fraudsters to scam customers, including to help in the increasingly common practice of “vishing”, or voice phishing, industry sources said.

“Vishing” involves fraudsters calling and saying they are from the bank. They say there is a security problem, and ask the customer to call the emergency number on their bank card. But the fraudsters never hang up from the call — in Britain they are able to stay on the line for 2 minutes — and create a fake dial tone to convince the customer to provide account details or even transfer money to another account.

Britain’s BBA banking lobby group estimates one in six customers could fall for this type of fraud, or 8 million people in the United Kingdom alone.

“The classic cyber crime doesn’t involve extremely sophisticated technology, it involves finding a date of birth on social media,” said Paul Clandillon, European practice leader for fraud and financial crime at IBM, at a recent conference on financial crime.

Revelations this month that hackers had obtained details of 83 million customers of JP Morgan — one of the biggest data breaches in corporate history — have shown how vulnerable banks remain, despite spending hundreds of millions of dollars a year on cyber defences.

That was a complex attack, but far simpler and more frequent frauds involve scammers using social media profiles to obtain a fuller picture of potential victims, bank industry sources and fraud investigators said.

Fraudsters can map out a bank’s organizational chart via information on social media, or dig out customer information online. Often they don’t need to look far — when Barclays introduced debit cards with photos on them, for example, some customers posted photos of their new cards, including account details printed on them, on social sites.

The weakest link 


“They (fraudsters) view the customer as the weakest link and they are convincing customers they are the bank. They have access to data in ways they never had before,” Bruce Forbes, head of security investigations and digital forensics at Royal Bank of Scotland, said at last month’s BBA conference.

Banks have long been the favorite target of cyber criminals — although retailers, healthcare firms and others have also been hit — with attacks including attempts to steal money, client data or confidential information about sensitive financial deals, or just trying to disrupt systems.

So-called hacktivists can break into financial systems to score political points while state-sponsored hackers can look to conduct industrial espionage or disrupt economic activity using banks as intermediate targets.

Cyber crime costs the global economy $445 billion (279.36 billion pound) a year and continues to grow, according to the Center for Strategic and International Studies (CSIS). These losses come from fraud, intellectual property theft, and the mushrooming spending on cybersecurity itself.

Often hackers will not use data themselves, but parcel them up and sell them to other people to use, notably specialists who convert stolen passwords and identities into financial gains. Criminals can keep data for months or years before using it.

Defence tool

Social media provides a double-edged sword for banks, however, and the industry is also using it to fight back.

“Social media helps the criminals pursue their trade, but it also leaves a digital footprint in evidence that provides opportunities for us,” said Mark Rowley, assistant commissioner for specialist operations for London’s Metropolitan Police.

Technology developed more than a decade ago to help casinos in Nevada detect collusion between players and dealers is among the tools being used by banks to hunt for networks of organised fraudsters, by hunting out associations between people on social media that were otherwise nearly impossible to find.

Facebook, LinkedIn and Google Earth are also being used by banks alongside more complex searches, involving trawling for data that does not show on regular search engines.

Such “unstructured data” includes not just social media but pictures and videos and other information, and accounts for more than 80 percent of all data available.

“Focusing on unstructured data is what will give us the edge (over criminals) to be able to identify the very complex and organised collusive rings,” said IBM’s Clandillon.

source: interaksyon.com