Monthly Archives: February 2017

Check AML crypto online: USDT AML check BTC, ETH and 65+ coins. Receiving funds of illegal origin could lead the risk of having your funds frozen. The USDT is being tested for scams, mixers, darknet market, ransom, gambling and other crimes.

10 Lessons Learned from Breach Response Experts

Posted on by

SAN FRANCISCO—As hacking collectives target both the public and private sectors with a wide range of motivations, one thing is clear: Destructive attacks where hackers destroy critical business systems, leak confidential data and hold companies for ransom are on the rise. In a presentation here at the RSA Conference, the nation’s largest cybersecurity summit, Charles Carmakal and Robert Wallace, vice president and director, respectively, of cybersecurity firm Mandiant, shared an overview of some of the biggest findings about disruptive attacks from the company’s breach response, threat research and forensic investigations work.

In their Thursday morning session, the duo profiled specific hacking groups and the varied motivations and tactics that characterize their attacks. Putting isolated incidents into this broader context, they said, helps companies not only understand the true nature of the risk hackers can pose even in breaches that do not immediately appear to target private industry.

online pharmacy tobradex with best prices today in the USA

One group, for example, has waged “unsophisticated but disruptive and destructive” against a number of mining and casino enterprises in Canada. The hackers broke into enterprise systems, stole several gigabytes of sensitive data and published it online, created scheduled tasks to delete system data, issued ransom requests, and even emailed executives and board members directly to taunt them about the data exposed and increase the pressure to pay. Further increasing that pressure, the group is known to contact journalists in an attempt to publicize the exposed data. Victims have endured outages for days while trying to recover data from backups, and some have paid the ransoms, typically requested in the range of $50,000 to $500,000 in bitcoin.

Mandiant refers to this group as Fake Tesla Team because the hackers have tried to seem a more powerful and compelling threat by claiming they are members of Tesla Team, an already existing group that launches DDoS attacks. As that group is thought to be Serbian, they have little reason to target Canadian entities, and indeed, the bits of Russian used by Fake Tesla Team appears to be simply translated via Google.

In all of the group’s attacks that Mandiant has investigated, the hackers had indeed gained system access and published data, but they exaggerated their skills and some of the details of access. Identifying such a group as your attacker greatly informs the breach response process based on the M.O. and case history, Mandiant said. For example, they know the threat is real, but have seen some companies find success in using partial payments to delay data release, and they have found no evidence that, after getting paid, the collective does anything else with the access they’ve gained.

Beyond considerations of specific hacking groups or their motivations, Carmakal and Wallace shared the top 10 lessons for addressing a breach Mandiant has distilled from countless investigations:

  1. Confirm there is actually a breach: make sure there has been a real intrusion, not just an empty threat from someone hoping to turn fear into a quick payday.
  2. Remember you face a human adversary—the attacker attempting to extort money or make other demands is a real person with emotional responses, which is critical to keep in mind when determining how quickly to respond, what tone to take, and other nuances in communication. Working with law enforcement can help inform these decisions.
  3. Timing is critical: The biggest extortion events occur at night and on weekends, so ensure you have procedures in place to respond quickly and effectively at any time.
  4. Stay focused: In the flurry of questions and decisions to make, focus first and foremost on immediate containment of the attack.
  5. Carefully evaluate whether to engage the attacker.
    online pharmacy zydena with best prices today in the USA

  6. Engage experts before a breach, including forensic, legal and public relations resources.
    buy vardenafil online https://galenapharm.com/pharmacy/vardenafil.html no prescription
  7. Consider all options when asked to pay a ransom or extortion demand: Can you contain the problem, and can you do so sooner than the attack can escalate?
  8. Ensure strong segmentation and control over system backups: It is critical, well before a breach, to understand where your backup infrastructure is and how it is segmented from the corporate network. In the team’s breach investigations, they have found very few networks have truly been segmented, meriting serious consideration from any company right away.
  9. After the incident has been handled, immediately focus on broader security improvements to fortify against future attacks from these attackers or others.
  10. They may come back: If you kick them out of your system—or even pay them—they may move on, perhaps take a vacation with that ransom money, but they gained access to your system, so remember they also may come back.

Greenberg, New York State Settle Long-Running Civil Case

Posted on by

One of Wall Street’s longest-running dramas closed Feb. 10 as New York State and Maurice “Hank” Greenberg finally ended a legal clash which began in 2005 under the stewardship of then Attorney General Elliot Spitzer.

Former American International Group, Inc. CEO Greenberg and the Attorney General’s office reached a settlement over accusations that the company engaged in fraudulent transactions to boost reserves and hide losses.

Greenberg, who was chairman and CEO of AIG from 1967 until his ouster in 2005 and now serves as chairman and CEO of C.V. Starr & Co., will pay some $9 million to end his role in the saga. Also, Howard Smith, former AIG CFO and Greenberg’s lieutenant will pay $900,000 to settle the charges stemming from two alleged transactions designed to misrepresent company finances.

This included a $500 million deal in the year 2000 with reinsurer General Re, part of businessman Warren Buffet’s Berkshire Hathaway Inc., to pad AIG’s loss reserves. Greenberg allegedly initiated the Gen Re deal with a call to the company’s CEO.

The two former AIG leaders were also said to be involved in a deal with Capco Reinsurance Co., which masked a $210 million underwriting loss as an investment loss.

The sums paid by the men are related to performance bonuses earned from 2001 to 2004, according to New York Attorney General Eric Schneiderman, who inherited the long-running conflict. Schneiderman sought to ban the men from the securities industry and from serving as directors and officers of public companies as part of the settlement, which ultimately did not include these provisions.

Schneiderman had previously dropped a $6 billion damage claim against Greenberg and others, once a class action settlement was approved in 2013 under which Greenberg paid $115 million to AIG shareholders.

A 2009 settlement with the U.S. Securities and Exchange Commission over charges related to AIG‘s accounting saw Greenberg pay $15 million and Smith $1.5 million to the agency.

Late last year Greenberg and the Attorney General’s office turned to mediation after trial testimony had already begun in state court. The mediation, which ultimately produced the settlement, was run by alternative dispute resolution specialist Kenneth Feinberg.

The finale to the case was perhaps more of a whimper than a bang, with settlements hardly headline-grabbing and no one admitting to much more than accounting slips.

In a press release from the N.Y. State Attorney General’s Office, Schneiderman sounded a triumphant tone. “Today’s agreement settles the indisputable fact that Mr. Greenberg has denied for 12 years: that Mr. Greenberg orchestrated two transactions that fundamentally misrepresented AIG’s finances,” Schneiderman said in the statement. “After over a decade of delays, deflections, and denials by Mr. Greenberg, we are pleased that Mr. Greenberg has finally admitted to his role in these fraudulent transactions and will personally pay $9 million to the State of New York.”

Greenberg, who was unapologetic, in his statement said, “The Gen Re transaction was done for the purpose of increasing AIG’s loss reserves, and the Capco transaction was done for the purpose of converting underwriting losses into investment losses. I knew these facts at the time that I initiated, participated in and approved these two transactions…As a result of these transactions, AIG’s publicly-filed consolidated financial statements inaccurately portrayed the accounting, and thus the financial condition and performance for AIG’s loss reserves and underwriting income.”

The pundits had their say as well, split as to what it all meant.

“The taxpayers of New York State should be furious,” said the Wall Street Journal’s Paul Gigot, editorial page editor. “The $9 million fine amounts to pin money for Mr. Greenberg…It won’t come close to covering the state’s costs for pursuing the case over so many years…The real lessons of the Greenberg case start with the absurd lengths that progressive prosecutors will go to punish capitalists they don’t like,” Gigot said.

Mr. Greenberg’s lawyer David Bois called the deal with the Attorney General a “nuisance settlement,” according to the New York Times.

Others were less forgiving of Mr. Greenberg. “Just because he hasn’t pled guilty to fraud doesn’t mean he’s been vindicated,” David Schiff, a former insurance analyst who followed AIG, told the Times.

Weather Threatens Oroville Dam Emergency Efforts

Posted on by

As measures are taken to repair a damaged spillway at the Oroville Dam in Northern California, weather forecasters are calling for rain later this week. Almost 200,000 people were evacuated from their homes below the dam, the largest in the country, on Feb. 12 as erosion of the dam’s emergency spillway threatened to flood the towns below.

While the situation was said to have stabilized on Sunday morning, conditions worsened and evacuation orders were issued. Roads in the area quickly backed up as a result, according to reports.

The dam’s main spillway was damaged after a winter season of record rains and snows following years of drought in the state.

Photo: California Department of Water Resources

California Representative John Garamendi told MSNBC that the evacuation was essential. “Fortunately when they were able to open the main spillway gates. That began to lower the reservoir level, because the water coming into the reservoir was about half of what they were able to expel down the main spillway, so it’s stabilized.”

The next issue, he said, is whether the spillway can be patched up “sufficiently to weather the storms that are clearly ahead of us.” Garamendi added that the months of March and April are the heavy storm season in the state.

Sheriff Kory Honea of Butte County said at a press conference that the Department of Water Resources (DWR) reported that the dam’s erosion is not advancing as rapidly as they thought. He said a plan is in place to plug the hole in the spillway by dropping large bags of rocks by helicopter. The DWR said that another measure being taken to relieve pressure on the spillway has been to raise the rate of discharge water from 55,000 cubic feet per second to 100,000 cfs, which it said has been working.

Helicopters transport large bags of rocks from the Oroville Dam parking lot, to the erosion site at the Oroville Dam auxiliary spillway in California, to help fight further erosion, February 13, 2017. Oroville is in Butte County. Florence Low / California Department of Water Resources

The New York Times reported that Northern California is close to 225% above normal rainfall levels since Oct. 1. According to the Times:

Repeated rounds of rain have pounded the area in recent weeks, rapidly raising the water level at Lake Oroville, the second-largest reservoir in California and a linchpin of the state’s water system. On Tuesday, a gaping hole opened in the main spillway that is used to release extra water. Early Saturday, an adjacent emergency spillway was also put into use, the first time water flowed over it since the dam was finished in 1968, department officials said.

State officials have said the 770-foot Oroville Dam itself, the nation’s tallest, is sound.

The problems with Oroville Dam are not a surprise to some. In 2005, during a relicensing process for the dam, three environmental groups warned the DWR of potential dangers with the emergency spillway, which is not a concrete spillway, but a concrete lip with a dirt hillside below. The concern was that the hillside could be easily eroded in the case of an emergency.

The Washington Post reported:

The upgrade would have cost millions of dollars and no one wanted to foot the bill, said Ronald Stork, senior policy advocate for Friends of the River, one of the groups that filed the motion.

“When the dam is overfull, water goes over that weir and down the hillside, taking much of the hillside with it,” Stork told The Washington Post. “That causes huge amounts of havoc. There’s roads, there’s transmission lines, power lines that are potentially in the way of that water going down that auxiliary spillway.”

Federal officials, however, determined that nothing was wrong and the emergency spillway, which can handle 350,000 cubic feet of water per second, “would perform as designed” and sediment resulting from erosion would be insignificant, according to a July 2006 memo from John Onderdonk, then a senior civil engineer for the Federal Energy Regulatory Commission.

Garamendi said that “What happened with the widening of the sinkhole was the result of someone overlooking the problems, including the fact that there was no concrete apron on the spillway.”

He also noted that while there will most likely be federal dollars to help rebuild the dam, “This is just one really startling, quite tragic and potentially catastrophic example of what’s happened to the infrastructure across America. We’ve seen bridges collapse in Minnesota, we’ve seen them on I-5 in Washington State and now this reservoir, which is the linchpin of California’s water system.”

ILS Roars into 2017 as Maturities Loom

Posted on by

Alternative capital markets continue to see robust activity and at least one major carrier is bullish for the future of insurance-linked securities (ILS), even as the added capacity continues to pressure rates overall.

The insurance-linked securities market saw $5.9 billion of issuance in 2016 and is off to a strong start in the first quarter of 2017 with more than $500 million of new issues already on the books for January, according to a new report from Swiss Re, which sees continued potential upside.

“Market conditions are extremely favorable at the moment and pipelines appear to be swelling, therefore it would not be entirely surprising to see the market challenge record issuance,” the company said in its new report, Insurance Linked Securities Market Update, Volume XXVI, February 2017.

The report also notes that the first half of 2017 will see the largest-ever amount of maturities for a half-year as some $6.4 billion in bonds mature, which could have the effect  of reducing the overall total market outstanding depending on how robust issuance continues to be during the first half of 2017.

“To put it in perspective, the approximately $6.4 billion of bonds set to mature in first half 2017 is larger than all but the four largest historical full-year issuances,” Swiss Re said in its report.

2016 was an unusual year for the ILS market in that the patterns of issuance by quarter differed from most years, according to the report.

“New issuance volumes were atypical,” said the report, with third quarter issuance larger for the first time than that of the second quarter, usually the busiest quarter for new issuance due to the U.S. wind season.

Further, fourth quarter issuance was the largest of the four quarterly totals. Total bonds outstanding remained at just around the record level of   billion, due largely to the outsized fourth-quarter levels of new issues.

In yet another market anomaly, the 20 new transactions in 2016 was the lowest number of new deals brought to market since 2009.

The average size of those deals, however, at approximately $300 million, was second only to 2014, which included the largest-ever catastrophe bond, the mammoth $1.5 billion Everglades Re from Citizens Property Insurance Corporation (Florida Citizens). The 2016 average deal size of $300 million was also 20% larger than that in 2015, according to Swiss Re.

U.S. wind and earthquake were as usual the most frequently secured perils, but they were joined by a slate of newer and diversifying perils including Canada earthquake, Europe windstorm, Japan typhoon and earthquake, Australia cyclone and earthquake, extreme morbidity, and for the first time since 2005, motor third party liability, according to the report.

The 2016 insurance-linked securities market also differed from other recent examples as it was momentarily roiled by the first Category 5 hurricane since Dean and Felix in 2007.

As Hurricane Matthew roared towards the Florida coast during the first days of October, it touched secondary trading, particularly among those bonds “focused in the state of Florida, especially Blue Halo, Laetere, First Coast and Everglades,” said the Swiss Re report.

“As we have observed in the past during hurricane events, notably during Hurricane Odile and Hurricane Patricia in 2014 and 2015 respectively, the ILS secondary market quickly responded to the threat of Hurricane Matthew in October,” according to the report. “Following the formation of the hurricane, bonds with large wind exposure in Florida and the Gulf traded at a significant discount as the hurricane approached the Florida coast.”

Trading quickly returned to normal, however, as Matthew eventually made landfall on Oct. 8 southeast of McClellanville, South Carolina, as a Category 1 hurricane with 75 mph winds.

Total alternative capital levels in the sector are now pegged at some $78 billion.