a guest Aug 17th, 2016 329 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
- The head of the network that connects the world's banks has issued a warning: Hackers will strike again, and they could bring down a bank.
- Fraudulent messages were sent via SWIFT to initiate cash transfers from accounts at larger banks.
- If hackers are able to break into a weaker bank, they can fabricate transfer requests in order to pull money out of a bigger bank.
- As many as 12 banks linked to Swift’s global payments network that have irregularities similar to those in the theft of $81 million from the Bangladesh central bank
- the biggest known cyber-heist in history, suggests a broad and serious campaign to breach the international financial system.
- Swift’s CEO, “This is a big deal, and it gets to the heart of banking,” “Banks that are compromised like this can be put out of business.”
- Snowden tweeted a picture of Mark Twain on 8/15/16 with "The reports of my death are greatly exaggerated." Despite being a quote, some of us thought there may be meaning behind it.
- It has been theorized that TWAIN (something on almost every system) may be a massive backdoor:
- Shadow Brokers specifically mentioned SWIFT. It seems that they have been sitting on this for awhile. There seems to be some connection to TWAIN software which is used on scanner/printers. I wonder if there is any connection?
- A printer “error” helped Bangladesh Bank discover the heist. The bank’s SWIFT system is configured to automatically print out a record each time a money transfer request goes through. The printer works 24 hours so that when workers arrive each morning, they check the tray for transfers that got confirmed overnight. But on the morning of Friday February 5, the director of the bank found the printer tray empty. When bank workers tried to print the reports manually, they couldn’t. The software on the terminal that connects to the SWIFT network indicated that a critical system file was missing or had been altered.
- When they finally got the software working the next day and were able to restart the printer, dozens of suspicious transactions spit out.
- While TWAIN is not always used in printers, any business or agency that uses a scanner/imaging device (read: all) would have TWAIN drivers somewhere.
- Fellow forum member: I've tinkered in this field for 20 years and write most popular coding languages (programming/markup/data). If they managed to get TWAIN resources running as executable it would be genius as nobody cares (or even knows) whats in the twain packages anymore.
- Board member of TWAIN, The Drummond Group
- Founded in 1999, Drummond Group is a leader in innovative, global software testing, certification and acts as a catalyst to advance and tie together technologies, standards, security and interoperability in vertical industries – smart grid, automotive, health care, financial services, government, petroleum, pharmaceutical and retail. As a trusted, experienced and accredited interoperability test lab, the firm offers global test services through the product life cycle, including auditing, quality assurance, conformance and test consulting.
- Rik Drummond of the Drummond group is a governing board member of the NIST (National Institute of Standards and Technology) Circa 2009. So, he has a say in how they handle things.
- Taken from Wikipedia:
- The National Institute of Standards and Technology (NIST) is a measurement standards laboratory, and a non-regulatory agency of the United States Department of Commerce. Its mission is to promote innovation and industrial competitiveness.
- NIST's activities are organized into laboratory programs that include Nanoscale Science and Technology, Engineering, Information Technology, Neutron Research, Material Measurement, and Physical Measurement.
- Following 9/11, NIST conducted the official investigation into the collapse of the World Trade Center buildings.
- The Guardian and the New York Times reported that NIST allowed the National Security Agency (NSA) to insert a cryptographically secure pseudorandom number generator called Dual EC DRBG into NIST standard SP 800-90 that had a backdoor that the NSA can use to covertly decrypt material that was encrypted using this pseudorandom number generator. Both papers report that the NSA worked covertly to get its own version of SP 800-90 approved for worldwide use in 2006. The leaked document states that "eventually, NSA became the sole editor". The reports confirm suspicions and technical grounds publicly raised by cryptographers in 2007 that the EC-DRBG could contain an kleptographic backdoor (perhaps placed in the standard by NSA).
- NIST responded to the allegations, stating that "NIST works to publish the strongest cryptographic standards possible" and that it uses "a transparent, public process to rigorously vet our recommended standards". The agency stated that "there has been some confusion about the standards development process and the role of different organizations in it...The National Security Agency (NSA) participates in the NIST cryptography process because of its recognized expertise. NIST is also required by statute to consult with the NSA." Recognizing the concerns expressed, the agency reopened the public comment period for the SP800-90 publications, promising that "if vulnerabilities are found in these or any other NIST standards, we will work with the cryptographic community to address them as quickly as possible”.
- Drummond Group is certified ONC-ATCB
- Authorized by the National Coordinator, ONC-Authorized Testing and Certification Bodies (ONC-ATCBs) test and certify that certain types of electronic health record (EHR) technology (Complete EHRs and EHR Modules) are compliant with the standards, implementation specifications, and certification criteria adopted by the U.S. Department of Health and Human Services (HHS) Secretary and meet the definition of “certified EHR technology.”
- Cybersecurity problems in EHR abound.
- Mysterious message received: "Eye Opening" information. Healthcare Insurance and EHR backdoors. Believe.
RAW Paste Data