Friday, April 26, 2013

Now Hentriaconta-Certified with CCSK Goodness. . .

From the Cloud Security Alliance (CSA) on April 26th, 2013:

Christopher J. Marcinko -- Certificate of Cloud Security Knowledge (CCSK) v3
"Certificate of Completion awarded to Christopher J. Marcinko for successfully completing Certificate of Cloud Security Knowledge"

Including the Following Bodies of Knowledge:
Cloud Security Alliance -- Security Guidance for Critical Areas of Focus in Cloud Computing v3
ENISA -- Cloud Computing: Benefits, Risks, and Recommendations for Information Security

Date of Certification:
April 26th, 2013

Certificate Number:
377798138596


Thursday, April 25, 2013

No, I Am Not Stuck in Mexico and I Do Not Need Money to Get Me Back Home

While I was in New Jersey, I got a heads-up voicemail from my Grandfather --
"Yo Chris. Granddad. I had a telephone call this morning from somebody who identified himself as Chris. He called me by the name 'Granddad' To make a long story short, the g*#damn thing was a scam. And I recognized it before it was done and he hung up". . . (continues) . . ."But it was a little startling this morning because it sounded like you were in trouble in Mexico. Needed help. Wanted money to get out of there. That was the gist of it". . . (and so on)

My Grandfather lives in an over-55 retirement community, and his basic info can be just as easily found in the public records as everybody else. So I'm assuming somebody out there has compiled a big 'ol database of available info for likely targets and was using it for a "Grandparent Scam" spear phishing attack. Ultimate goal being to play on his fears and family compassion so he'll feel compelled to wire whatever money to wherever the bad guy actually is. All too common attack these days. Gold star to Granddad for quickly seeing it as the scam it was and shutting it down.

No caller id was available for the scammer. It probably would have been spoofed anyway. I do wonder though, how many of the other scammer targets saw through the BS so easily.

Also wondering if my Grandfather had tried to wire money somewhere, would the Western Union (or whatever wire service he decided to use) would have had the fraud checking controls in place to catch it before the money was lost to the shadows. Seems like they would. This scam being so prevalent these days, it would seem like it would be in their best interest to put something in place which would protect their customers from those who would misuse the service to commit this crime.

Talking about fraud detection controls such as:

1) Training for the employees to be able to identify suspicious transfers

2) Automated controls looking for first time transactions (as opposed to repeating transactions for bill payments or inter-family transfers)

3) Automated controls looking for suspicious transaction amounts

4) Automated controls enforcing a reputation scoring system which would detect suspicious transfers destined to those who infrequently use the system or have a odd transaction behavior

5) Automated controls enforcing transaction limits for low/no reputation customers or for international transactions

6) Validation/logging of government issued ID on both sides of the transfer.

Or some layered combination of all six and whatever others equally as important.

Something.

But I'm not seeing any specific protections on the Western Union defined website. They do, however, post a Fraud Hotline number to call (1-800-448-1492) for those who believe they have been a victim. And a search for the keyword 'fraud' does pop up info about the scam:
Screenshot from the Western Union website "Ask a Question" search
Screenshot from the Western Union website Ask a Question search
What is the "grandparent scam?"

Fraudsters are calling grandparents and impersonating either their grandchildren or a person of authority, such as law enforcement officers or attorneys. They describe an emergency situation such as bail, fines, fees, etc., that requires money to be sent immediately through a money transfer service.

It's important to verify any emergency situation before sending money. If you receive any emails like these, call a mutual friend or family and ask if they're aware of the situation.

Was this answer helpful?
Yes | No

They do have a "Consumer Protection" section listed. However, most of the information posted is more "consumer educational" on how to spot a scam rather than "Here's what we're doing to protect you with our expertise".

That said, even if the scam is predominately listed on the website, I would doubt the majority of the target audience would be on the Western Union site to see it. So that's why I'm wondering what steps Western Union has taken to address the problem behind the scenes.

And this concern is obviously NOT ONLY directed towards Western Union just because they are the ones I think of first. Many many MANY services are on the market these days for sending money quickly to anywhere. All of which could easily be exploited for this badness if there's nothing in place catch it. And clearly just because the security control is not listed for public consumption, does not mean it's not there. Could easily just not be advertised for legal liability or confidential reasons.

But still this scam persists. And not as just a random one-off. It's been out there for a long time and it's still way all too common. So much so that Google search for "Grandparent Scam" pulls up a whopping 248,000+/- results. The first hit being from the US State Department:
Screenshot from the US State Department website
Screenshot from the US State Department website
"Grandparent Scams"

In these types of scams, the perpetrator often calls a grandparent or other relative pretending to be his/her grandchild/niece/nephew, etc. The caller sounds upset and typically states there are only a few moments to talk. Callers may say that they have a cold if you don't quite recognize their voice, or cue-in on feedback from the call to sound even more convincing (scam victims often report being sure they were talking to their actual relative, but it's a clever trick!). Their story generally follows a familiar line: they were traveling in another country with a friend, and after a car accident or legal infraction, they are in jail and need bail money wired to a Western Union account as soon as possible for their quick release. . . (continues on their website here)

I have heard of some unique situations recently where an "on the ball" cashier saw the weirdness and asked the right questions to stop it before it was too late. But as infrequent as those exceptions are, and as often as this scam seems to be attempted, it seems like the wire money vendors aren't doing what they need to do to protect their customers.

Maybe it's because they're not required to?

If it was a credit card transaction, there would be a certain amount of accountability required by law. The customer has the right to dispute a fraudulent transaction. The credit card issuer then reverses the charge through the Visa/Mastercard/whatever transaction network to protect the customer (and probably in part because they don't want to eat the money). Whatever bank is being used on the other end can identify and go after the fraudster. And if they can't, they strengthen their fraud detection controls as so their bank can't be exploited next time. At least they should, but that's a different conversation. Whatever the case, the customer victim has their money back and (most) all is good.

Of what I listed above -- I know that at least controls 2 through 5 are in place with my credit card issuer based on the fraud alert calls I occasionally get. An ATM withdrawal once triggered a call to my cel within 3 minutes of me pulling the cash out while on vacation in Kauai. So I'm gathering my bank also has taken the necessary steps.

As those rights don't exist on wire transfer transactions, I'm guess I'm left to surmise there's just no real incentive to have fully robust fraud prevention controls in place to protect against this sort of way too common scam. Or at the very least, extend what controls they are required by law to detect money laundering to also detect this type of transaction.

I imagine if the same laws enforcing a $50 customer liability cap on fraudulent credit card transactions were extended to also cover fraudulent wire transfers -- then this would be a whole different ballgame. The credit card issuers and the Visa/Mastercard/whatever transaction networks have this type of detection/prevention well perfected. Largely because they are required to minimize their own risk, but it doesn't change in the slightest the controls work. It's a shame that the wire transfer networks can't (or won't) exercise the same due care for their customers.

Regardless -- I'm not in Mexico. And I'm not in trouble. (Though you can still send me money via my home address if you really want)

Good times.

Monday, April 22, 2013

@securityguy23:

Back from New Jersey and returning to regularly scheduled programming, already in progress. . .

Friday, April 19, 2013

Views from Airplanes -- Newark to DFW

Coming home from a long week of work meetings
Looking out towards the United Connection regional jets on the other side of EWR Terminal A
Looking out towards the United Connection regional jets on the other side of EWR Terminal A


Pushed back from the gate about an hour late and then EWR shutdown westbound departures because of line of storms extending from Toronto to Florida. Good times.
Pushed back from the gate about an hour late and then EWR shutdown westbound departures because of line of storms extending from Toronto to Florida.  Good times.
Hour and half later -- still waiting and very thankful I had scored an rare upgrade to first class. Spent much of it listening to the pilot chatter via the LiveATC phone app. Sounded like there were about 25+/- outbounds on hold at one point. Finally got released after a two hour hold just as the rain started to fall.
Hour and half later -- still waiting and very thankful I had scored an rare upgrade to first class.   Spent much of it listening to the pilot chatter via the LiveATC phone app.  Sounded like there were about 25+/- outbounds on hold at one point.  Finally got released after a two hour hold just as the rain started to fall.
Three hours late, finally made it to DFW Terminal D around 1am.
Three hours late, finally made it to DFW Terminal D around 1am.
Our flight seemed to be the last coming in for the night
Our flight seemed to be the last coming in for the night
After about six & 1/2 hours, finally getting off the plane.
After about six & 1/2 hours, finally getting off the plane.


George Washington Bridge Overlook

With the team meetings at the office ended around 12:30p and not having to be back at Newark for my outbound flight until 5:30p, I went looking for someplace scenic for a picnic (and to catch up on the email). Found the overlook at Fort Lee Historic Park just before the George Washington Bridge tollbooths.
The George Washington Bridge from the Fort Lee Historic Park overlook. A light rain was falling off and on for most of the picnic, obscuring much of the view. The Jeffery's Hook Light (aka Little Red Lighthouse) also sits in the shadow of the eastern bridge pier.
The George Washington Bridge from the Fort Lee Historic Park overlook.   A light rain was falling off and on for most of the picnic, obscuring much of the view.  The Jeffery's Hook Light (aka Little Red Lighthouse) also sits in the shadow of the eastern bridge pier.


Noise from the bridge traffic echoed up and somewhat tainted the experience
Noise from the bridge traffic echoed up and somewhat tainted the experience
Clouds broke after a half an hour and made for some better views. The Jeffery's Hook Light (aka Little Red Lighthouse) is also now far more visible at the bottom center.
Clouds broke after a half an hour and made for some better views.  The Jeffery's Hook Light (aka Little Red Lighthouse) is also now far more visible at the bottom center.


Still noisy though
Still noisy though
View of the bridge through the Park's oak trees
View of the bridge through the Park's oak trees


Relocated a mile or so up the Hudson River shoreline to Allison Park as so I could attend a quick customer conference call without the bridge roadnoise.

Historical marker reads:
"Allison Park
The trustees under the will of William Outis Allison have developed this park to carry out his expressed purpose to please almighty God and benefit his fellow men. This park near which Mr. Allison was born and spent his entire life will be thus maintained in perpetuity.
1849-1924"

View of the George Washington Bridge from Allison Park. The Manhattan skyline is also (somewhat) visible in the distance.
View of the George Washington Bridge from Allison Park.  The Manhattan skyline is also (somewhat) visible in the distance.


Closer view of the Bridge and the Manhattan skyline
Closer view of the Bridge and the Manhattan skyline


Looking NE from the park overlook towards Yonkers and the Harlem River
Looking NE from the park overlook towards Yonkers and the Harlem River


Looking east from the Park towards Washington Heights
Looking east from the Park towards Washington Heights

Monday, April 15, 2013

Views from Hotel Rooms -- Fairfield Inn & Suites Somerset, New Jersey

Back at the Fairfield in Somerset so I can attend some team meetings at the HQ office across the street
Second floor room just to the left of the front door. HQ office complex is just across the street.
Second floor room just to the left of the front door.   HQ office complex is just across the street.
I think the taller building behind the HQ is a Courtyard Marriott
I think the taller building behind the HQ is a Courtyard Marriott
The glass signs underneath the overhang have water flowing down them for a 'classy' look. But I wonder how they keep them from freezing in the winter?
The glass signs underneath the overhang have water flowing down them for a 'classy' look.  But I wonder how they keep them from freezing in the winter?
Somerset, New Jersey gets dark and quiet after dark
Somerset, New Jersey gets dark and quiet after dark


@christoperj:

Deeply saddened by the tragic events in Boston. . .

Views from Airplanes -- DFW to Newark

Heading out for a week of meetings at the HQ Office in Somerset, New Jersey
Looking over at the American MD83 next door at DFW gate C16
Looking over at the American MD83 next door at DFW gate C16
Sun was trying to break through the clouds
Sun was trying to break through the clouds




Ahh the glory that is Newark Airport
Ahh the glory that is Newark Airport
Pulling up to the gate with another AA MD83 parked on the apron
Pulling up to the gate with another AA MD83 parked on the apron
All the baggage cars were lined up between us and the vacant next door gate
All the baggage cars were lined up between us and the vacant next door gate
Finally time to get off the plane
Finally time to get off the plane

Friday, April 5, 2013

Now Triaconta-Certified with GCIA Goodness. . .

From the SANS Global Information Assurance Certification (GIAC) on April 5th, 2013:

Christopher J. Marcinko -- GIAC Certified Intrusion Analyst (GCIA)
"GIAC presents this certification to Christopher J. Marcinko who has met the necessary requirements and demonstrated a mastery of the subject matter and security skills to earn the GIAC Certified Intrusion Analyst - GCIA."

Christopher J. Marcinko @ AcclaimDate of Certification:
April 5th, 2013

Expiration Date:
April 30th, 2021

Certificate Number:
9323