SlideShare a Scribd company logo

Epoch Times E-Heist

E
Ed Alcantara

This article summarizes a cybersecurity expert's findings that hackers employed by the Chinese regime gained access to financial systems as early as 2006 and later sold access to criminal groups. One such group has been exploiting a breach of UniTeller, a financial transfer company, to access accounts in connected banks like Fifth Third Bank. The expert has evidence of the hackers stealing funds and testing credit limits. He has warned UniTeller and banks but they have denied any breach. UniTeller subsequently took its online services offline, likely to address the issue. The expert believes the criminal group is expanding its operations through the UniTeller network breach.

1 of 3
Download to read offline
By Leo Timm Epoch Times Staff In his recently published com- mentary arti- cle, Yu Keping, a member of a think tank that servedformerChineseleaderHu Jintao,haschallengedlong-stand- ingofficialnarrativesbycastinga positivelightontheRussiantran- sitiontodemocracy. Yu’s article, titled “Important Gleanings From Russia’s Dem- ocratic Reformation,” was pub- lished online by Caixin, a lead- ingChinesefinancialnewsmedia groupbasedinBeijing. Withitstakeonthedemocratic reforms started by Soviet leader Mikhail Gorbachev, which ulti- mately led to the end of com- munism in Eastern Europe, the piecefliesinthefaceofwhatChi- na’s state-approved pundits and top officials have been saying for years: that introducing political freedomwasadisastrousbetrayal ofinternationalsocialism. “Following the disintegra- tion of the Soviet Union, Russia embarked on political reforma- tion in a democratically oriented direction,”Yuwrites. SeeReformsonA7 We inform. We inspire. INSIDE AmidEconomicandPolitical Crisis,RioOlympicsRun 51PercentOverBudget A resident of Baku in the southern Soviet republic of Azerbaijan on Sept. 21, 1991, hacks apart a portrait of Russian revolutionary leader Vladimir Lenin. By Steven Klett Epoch Times Staff W hile an investigation into Hillary Clinton’s use of a private email server has been closed by the Justice Department, the politi- calfalloutfromtheinvestigation islikelytocontinuetofollowher. FBI Director James Comey said in a press briefing on July 5 that he thought no criminal charges should be filed against Clinton, but did describe the handling of emails by her and her staff as “extremely careless.” HealsocontradictedClintonon key claims she made about the use of her private email server. Testifying before the House Oversight and Government Reform Committee, Comey said that Clinton had made statementsaboutheremailsthat “were not true.” “For a candidate who already had significant issues with vot- ers on honesty and trust, her problems just got a lot worse,” said Neil Newhouse, Mitt Rom- ney’s campaign pollster in 2012,abouttheresultsoftheFBI investigation. “It may have effectively ended her legal problems, but it put her political problems front and center,” he said. It is unclear, however, how much the outcome of the inves- tigationwillimpacttheoutcome of this year’s presidential race. See Campaign on A3 DespiteEmail ProbeFallout, ClintonCould RemainUnhurt inPolls 2016 OLYMPICS CHINA ANATOLY SAPRONENKOV/AFP/GETTY IMAGES By Emel Akan Epoch Times Staff W ith the opening cer- emony less than a month away, Bra- zil’s Olympic Games have a cost overrun of $1.6 billion, according to a new study. The preliminary cost, whichis run- ning51 percent over budget, is still modest compared to previousgames,but comes ata- timewhenBrazilisfacinganeco- nomic and political crisis. See Costs on A6 Work continues at the beach volleyball arena on Copacabana Beach in preparation for the Olympic Games in Rio de Janeiro on July 4. MATTHEWSTOCKMAN/GETTYIMAGES JULY 8–14, 2016 NEW YORK EDITION THEEPOCHTIMES.COM VOLUME 25 ISSUE 2 $2.00 feedback feedback@epochtimes.com advertising advertisenow@epochtimes.com phone 212-239-2808 Find more information on A3 CONTACT US CONTENTS A2...........................New York A3..................................Nation A6....................................World A9..............................Business A11............................Opinion A12.................................Sports W............Epoch Weekend B...............................Epoch Fit C.........Epoch Arts & Style D........................Epoch Taste CLINTON EMAILS OnceOffLimits,ChineseScholar TalksofRussia’sReformer— Gorbachev Thehackers havealevelof accesstothe systemthat allowsthemto read,write,and executefileson thesystem. AdividedHouse committeequestions FBIdirectorover investigation IsConfidence ComingBackto theOilIndustry? Weneedinvestmenttoavoid asupplygapinthelongrun. A9...BUSINESS COURTESY OF CHEVRON TurningaCamera IntoaBillionDollar Business ShutterstockCEOJonOringer onhisbeginnings. A10...BUSINESS COURTESY OF SHUTTERSTOCK Corruption Seemedto Contributeto DamageofFloods inCentralChina Heavyrainscausedflooding intwodozenprovinces, leaving186dead. A7...WORLD STR/AFP/GETTY IMAGES Kindergartensin theForestSync ChildrenWith Nature Someschoolsandteachers arebuckingthetrend, unpluggingfromtechnology andstayingclosetonature. A2...NEW YORK AP PHOTO/MATT DUNHAM EPOCHWEEKEND ISISLOSINGGROUND— BUTWHATHAPPENSNOW?After losing Iraq’s Fallujah, ISIS is looking beyond its ‘caliphate,’ putting neighboring countries at risk E-HEIST CYBERCRIMINALS INFILTRATE FINANCIAL NETWORK, PUTTING US BANKS AT RISK EVERETTCOLLECTION(BANKBUILDING);VECTORKAT(LABEL);PAULROMMER/SHUTTERSTOCK(BORDER);EPOCHTIMES(PHOTOILLUSTRATION) By Joshua Philipp Epoch Times Staff U niTeller is a financial ser- vices company that spe- cializes in making inter- national money transfers, servicing a network of some 87 banks and 32,000 payment locations worldwide. According to an expert in cybersecurity, those banks have potentially been compromised by hackers who have breached UniTel- ler’s network. Edward Alexander is a cybersecu- rity expert who tracks and sometimes prevents digital crime. He has a team of more than 200 digital investiga- tors working specifically on the cases related to the UniTeller breach. Their beat is the darknet, a large segment of the internet only accessible with special software and often used by criminal groups to conspire and sell illicit goods and services. In 2015, Alexander’s team learned that hackers employed by the Chi- nese regime had begun penetrating the world’s financial systems as early as 2006. Also in 2015, after having gained high-level access they used to map and mirror the world’s financial sys- tem for their official employers, these hackers sought to monetize the infor- mation they had gained through pri- vate transactions. They sold information on UniTel- ler’s system, and on Banorte, Mexi- co’s third-largest bank and owner of UniTeller, to a group of international cybercriminals. The world learned of this when the central bank of Bang- ladesh revealed hackers had stolen $81 million from it. See Global Heist on A4 Thestudyalsocriticizeshost governmentsandtheIOCfornot beingtransparentaboutthetrue costandcostoverrunofthegames. News Analysis
NATIONwww.TheEpochTimes.com A4 July 8–14, 2016| GlobalHeistcontinuedfrom A1 Now, according to Alexander, this same group is changing its tactics while looking to enlarge its operations. Alexander knows what the criminalgroupisdoing,because hisoperativesbefriendedsome of its members and gained their trust to such a degree thattheychattedaboutand sharedproofoftheircrimes. This is what Alexander calls “offensivecounter-intelligence.” His people learn how to pen- etrate criminal networks and bring back intelligence that can be used to stop those networks. Banks and other institutions often pay well for such infor- mation. IncludedintheevidenceAlex- ander obtained is a series of screenshots that show the hack- ersstealingmoneybywayofthe UniTeller system. ProlongedBankRobbery Among the screenshots are some showing the cybercrimi- nals changing the daily spend- ing limits on credit cards, and accessing transactions of pre- paid uLink MasterCards issued forUniTellercustomersthrough Fifth Third Bank in Cincinnati. “In theory, rather than make it look like a large $81 million heist,itcouldbethattheycantry to nickel and dime the accounts using smaller amounts,” said Alexander. Stolen credit cards and debit cardsarecommonlysoldinbulk on darknet cybercrime markets in what people call “dumps” or “dumpz.” Criminals who pur- chase them will often use their informationtomakefakecards, which they then use to make purchases. He noted the cybercriminals mayalsobetestingthenetworks beforelaunchingalargerattack. While the criminal group has the tools it needs to access Uni- Teller’s system, they need time, Alexander said, to learn how to exploit the breach. Alexander said the hackers have “traversed into the net- works” of banks connected to UniTeller, and have begun launching additional attacks to gain deeper access to the con- nected banks. Alerts WhenAlexandersawtheattacks begin,healertedU.S.federallaw enforcement and made numer- ous attempts to alert the finan- cial institutions the hackers had breached. OnMay27,Alexanderalerted UniTellerandfourdayslatersent afollow-upmessageonLinkedIn to UniTeller CEO Alberto Guerra. In response, Alexan- der said, Guerra blocked Alex- ander from sending him addi- tional messages on LinkedIn. “We have attempted to con- tact the victim banks to offer our support and intelligence. However, the response received fromFifthThird,UniTeller,and Banorte seems to be the stand- ardresponseworldwide—denial and hope the alert is not valid,” he said. Theheadofaleadingcyberse- curityintelligencefirmhadalso contacted some of the financial institutions and warned of the breach. The firm received the same responses. The individual requestedtoremainanonymous due to his company’s ongoing investigation into the attacks. UniTeller did not respond to two emails from Epoch Times toconfirm;andBanortedidnot respond to two emails, a phone call, and a voice message. Alexander attempted to alert Fifth Third Bank of the attacks, only to receive an email stating thebankhadnotbeenbreached and declined his help. Larry Magnesen, spokesper- son for Fifth Third Bank, told Epoch Times, “Our team has, withduediligence,evaluatedthe claim, and there is no reason to be concerned here with respect to Fifth Third Bank.” Alexander notes that Fifth Third Bank’s system has likely not been directly hacked, but has been compromised due to its connection to the UniTeller network. AQuietResponse WhileUniTellerdidnotrespond toAlexanderandmadenopublic announcement of the breach, it appearsthatitdidtakethewarn- ings seriously. Around June 1, UniTeller’s online services for customers to log in to their accounts and create new accounts were taken offline. As of July 7, the login page was still offline. AccordingtoJamesScott,sen- iorfellowattheInstituteforCrit- ical Infrastructure Technology (ICIT), the three business days UniTellerhadbetweentheinitial alertfromAlexanderonMay27 (since it was given ahead of the Memorial Day weekend) would havelikelybeen“enoughtimeto freezeongoingtransactionsand prepare the system for ‘offline maintenance.’” Scott said in an email that if UniTeller was breached, its sys- tem administrators “may have had mirrors of backups of the QUOTABLE QUOTABLE ACROSSTHE NATION I’mreadytopass thebaton. Nochargesare appropriatein thiscase. The number of traffic crash deaths per 100,000 people in the United States in 2013, the highest rate of nearly 20 affluent countries studied and almost double the rate of the next country on the list, Belgium 10 OLIVIERDOULIERY-POOL/GETTYIMAGESALEXWONG/GETTYIMAGES PresidentBarackObama ashejoinedHillary Clintononthecampaign trailatarallyinNorth CarolinaonJuly5 FBIDirectorJames Comeyannouncinghis conclusionthatthere wasnoevidencethat showedintentional mishandlingofclassified informationinClinton’s emailpractices,despite sayingthatClintonand heraideswere“extremely careless”inhandling sensitiveinformation QUANTIFY The Fifth Third Bank building in Cincinnati in this file photo. AP PHOTO/AL BEHRMAN Screenshot E: A screenshot of a cyberattack shows files the hackers have access to. COURTESY OF EDWARD ALEXANDER Cybercriminals InfiltrateFinancial Network,Putting USBanksatRisk Intheory,rather thanmakeitlook likealarge $81millionheist, itcouldbethat theycantryto nickelanddime theaccountsusing smalleramounts. EdwardAlexander, cybersecurityexpert AMIDZIKAFEARS,BUG REPELLENTSUPPLIERNAMED FORRIOGAMES ConsumerproductsmakerSC Johnson says its OFF! brand has been named the official insect repellent supplier for nextmonth’sOlympicGames, to be held in Rio de Janeiro amid ongoing fears about the mosquito-borne Zika virus. TheRacine,Wisconsin-based company says the repellant will be provided to athletes, volunteers, staff, and media. FLORIDAMAYSPEND MILLIONSBATTLINGSTINKY ALGAEBLOOMS Florida Gov. Rick Scott says he’ll push state legislators to spend millions to battle the massive algae bloom fouling some of the state’s southern rivers and beaches with a cen- tral sewer system. Part of the blame for the bloom has been placed on discharges from Lake Okeechobee, but Scott says septic tank runoff also contributes to the problem. PFIZERAGREESTONOTE ADDICTIONRISKSIN OPIOIDMARKETING The city of Chicago and Pfizer announced an agree- ment July 7 committing the drugmaker to disclosing the serious risks of addiction in its marketing of prescription opioid painkillers. Chicago is suing five pharmaceutical companies, alleging they have misrepresented the ben- efits of opioids while conceal- ing serious health risks asso- ciated with the drugs. 7VIDEOSHOWSGRUESOME AFTERMATHOFMINNESOTA POLICESHOOTING A woman who watched as a police officer fatally shot her boyfriend during a traffic stop streamed the gruesome aftermath of the slaying live on Facebook, telling a world- wide audience that her com- panion had been shot “for no apparentreason”whilereach- ing for his wallet. It was the secondfatalpoliceshootingin asmanydays.Ablack37-year- oldmanwaskilledTuesdayby officers in Baton Rouge, Lou- isiana. Alton Sterling’s death was caught on video. 1 3 4 TINYSOUTHCAROLINA TOWNBANSSAGGINGPANTS, THREATENSFINES Wearing saggy pants could get expensive in tiny Tim- monsville, South Caro- lina. A new town ordinance outlaws wearing sagging pants, trousers or shorts that intentionally display a person’s underwear. After initial warnings, third and subsequent offenses carry a fine ranging from $100 to $600. 5 TEENLOSESPARTOFLEGWHEN 180SPARKLERSEXPLODE A Texas teenager who lit 180 sparklers that were taped together needed to have part of his leg amputated and suf- fered burns after the spar- klers exploded. The family of 15-year-old Rowdy Radford saidhealsomaylosehisvision duetotheaccident.Matagorda Countysheriff’sSgt.JamesOrr said July 5 the teen was at a home in the Gulf Coast com- munity of Sargent when he wrappedthesparklerstogether. 2 BOSTONCABBIETURNSIN $187,000LEFTBEHINDINTAXI Amanwholeftabout$187,000 cash in a Boston taxi has been reunited with his money thanks to an honest cabbie, police said July 5. Raymond “Buzzy”MacCausland,adriver fortheIndependentTaxiOper- ators Association, picked up a fare with a cast on one leg on July 2. “He told me he was homeless and had been living in a shelter for six months,” MacCausland said. 6 8GEORGIAPRISONSLOCKED DOWNAFTERDEATH,BRAWL Eight Georgia prisons are on lockdown after a bloody June that included the killing of an inmate in one prison that prompted murder charges against a guard and three gang members, and a brawl at another facility that sent 16 inmates to hospitals, author- ities said July 7. The lock- downs are a response to ris- ing tensions between prison gangs following the vio- lence, the Georgia Depart- ment of Corrections said in a statement. 8 From Epoch Times and The Associated Press NATION IN BRIEF 4 2 1 7 3 6 8 5
NATIONwww.TheEpochTimes.com A5July 8–14, 2016 | system,thatwereupdatedhourly or daily.” He added that most financialinstitutionskeepback- ups for “redundancy,” for “per- sistent up time during mainte- nance,”andindifferentlocations “in case of natural disasters.” “However, if the vulnerability lies within the system itself,” he said, “then the mirrors or back- upswillexhibitthesamevulner- ability because they are essen- tially clones of the system.” After freezing or halting transactions, as in the case of UniTeller taking its login sys- tems offline, Scott said incident responders “could disconnect the system from the internet to blockinboundconnectionsand makealivecopyofthesystemto conduct forensics on.” Henotedthat“properincident respondersneveroperateonthe system itself,” and always use a mirror or live copy; and noted thattakinganetworkofflinefor a month in the case of an attack “does not seem that unreasona- bleifthevulnerabilityliesinthe system itself, or if the incident response team could not ascer- tain what was wrong. Figure, the IRS GetTranscript tool was offline around a year.” After the UniTeller service had been down for 19 days, on June 20, Alexander called Uni- Teller’s toll-free customer ser- vice number to ask why the ser- vice was offline. He was told in the recorded call that “the site is undergoing maintenance.” Meanwhile,Alexander’sdark- net investigations showed that while UniTeller was likely try- ing to fix the breach, the hack- ers were still very much active. InsidetheAttacks The gang member befriended by Alexander’s operatives pro- vided many screenshots show- ingnamesofindividuals,names of banks, and money transfers. Alexander said the screenshots show the criminals in the pro- cess of launching their attacks against UniTeller. Scott took time to corrob- orate the claims, and said the content of the screenshots align with Alexander’s analy- sis of their contents. He noted that while it would be possible to spoof images such as these, it wouldn’t be something an indi- vidual could do on short notice. The images also demonstrate anaccuratepictureofdatabases thatafinancialinstitutionwould likely have. Screenshot A shows transac- tions remitted from a senders’ third-party bank connected to UniTeller’s network, then cred- ited to a uLink MasterCard account at Fifth Third Bank, and then finally converted to the uLink cardholders’ native currency, according to Alexan- der. The screenshot also identi- fiesthenamesofaccountholders andtheamountofmoneybeing transferred. Alexander said the money is being sent through the UniTel- ler network to Fifth Third Bank to transfer funds to the loada- ble uLink MasterCard. He said the number sets in the center- left column appear to be money being sent in foreign currency from the United States, to the uLink cardholders in their respective country. “Thesecanverywellbemulti- ple transactions that are occur- ring,” he said, noting the mem- ber of the gang who took the screenshot did not specify on this particular screenshot. He pointed out the word “remittance” at the top of the center-right column, and noted “When you see the word ‘remit- tance’ that is a money transfer.” Scott said that while it’s diffi- cult to make a definite conclu- sion of what the image shows, without having a full picture of the system, “the basic state- ments are correct, at least,” and saidthattheimageshowingmul- tiple transactions “is definitely correct” and that remittance transfers are also taking place. In Screenshot B, Alexander pointed out the “May 25” date without a year, and noted that the system won’t give the year if it’s the current year, and so this gives a timestamp on the file. He pointed out the third line down “FifthThird-UTLR,” whichreferstoFifthThirdBank andUniTeller.Onthefourthline down,the“From53rd”in“TEST- ACKFileFrom53rd” suggests it was a transmission from Fifth Third Bank to UniTeller, which further suggests the hackers have access between UniTeller’s compromisednetworkandFifth Third Bank. Finally, he pointed to the name “uLink” in the lower-right corner, and noted it referstotheuLinkprepaidMas- terCard. “That is showing there is clearly admin access to where those files are,” he said, adding thatit’spossiblethefilescontain wiretransfercredentialsbutthe gang member did not specify. Scott said at the very least, the image shows the hackers have a level of access to the system that allows them to read, write, and execute files on the system. ScreenshotCshowsACHpay- mentsbeingdoneonabreached bank network. An ACH is an automatic clearinghouse. An example would be if you had a bank account set to automati- cally pay a cellphone bill. “Each one of those are pay- ment transactions, when you see the ACH in there,” Alexan- der said, noting the screenshot shows payments being made at set times. “That shows they have access totransactions,”hesaid.“Those were all ACH text files. They could easily open any of those files to see the types of transac- tions and leverage that type of information.” He pointed out the center-left column, which states “swad- min staff,” and noted it shows thegangmemberwithadminis- trator-levelaccesstothesystem. Scott said the image shows the hackers have the ability to read files shown on the page, but wouldn’t be able to alter the files. He noted, “if they’re try- ing to steal files, that’s all they actually need.” He also pointed out that the word “staff” next to “swadmin” shows the system is recognizingtheaccountaslegit- imate. ScreenshotDshowslogincre- dentials to UniTeller networks, and Alexander pointed out the mention of “api” in the screen- shot. An API, or “application pro- gram interface,” allows applica- tionstocommunicatewitheach other. They could, for example, allow a computer to access a databaseorrespondtocallsfrom another system. “It’s another vector, and the factthatit’sthere,weknowUni- TelleriscompromisedandUni- Teller’s API sends and receives calls from others that are con- nected to it,” Alexander said. “How all these banks connect toUniTelleristhroughtheAPI,” he said, noting this could be how hackers are gaining access to bank systems connected to UniTeller. Scott noted that the page shows website links to IDolo- gy’s IDCenter, which is a login portal for companies, and that the hackers may have been run- ning attacks to gain a set of user credentials for the portal. Screenshot E, Alexander said, “We’reseeingrootaccessthesec- ond line down, but what’s really interesting is the names of the files.” He pointed out the bottom name, which states “Internet User,” and noted it’s a “user cre- dentialsexcelsheet”whichcould givethehackersalistofusercre- dentials. He also noted the line near the center, which states “CC_ DC_Limits_mobetize.sql,” and said it ties to the gang member’s claims that the cybercriminals wereabletochangedailyspend- ing limits on credit cards, and access payments for uLink pre- paidMasterCard.Henotedthat “CC”standsfor“creditcard”and “DC” stands for “debit card.” Alexander pointed out other files listed in the screenshot, whichsuggestthegangmember had also gained access to trans- actions,storage,theencryptions utility, and the FTP file root. Scott noted the image shows the hackers have the ability to read, write, and execute files on the FTP system, which would allow them to transfer informa- tion to and from the system. He saidusingtheFTP“isacommon waytoexfiltratedata”—todown- load data from the system. Alexander took a step back to reflect on the implications of the UniTeller breach. “This is impacting everybody that has to do with banking, and that’s pretty much everybody.” Screenshot A: A screenshot of a cyberattack shows transactions being made. COURTESY OF EDWARD ALEXANDER; THIS IMAGE HAS BEEN EDITED BY EPOCH TIMES TO HIDE SENSITIVE INFORMATION Screenshot B: A screenshot from a cyberattack shows files relating to UniTeller, Fifth Third Bank, and uLink cards. COURTESY OF EDWARD ALEXANDER Screenshot C: A screenshot from a cyberattack shows payments being made. COURTESY OF EDWARD ALEXANDER ScreenshotD:Ascreenshotfromacyberattackshowslogincredentials. COURTESY OF EDWARD ALEXANDER; THIS IMAGE HAS BEEN EDITED TO HIDE SENSITIVE INFORMATION Ifthevulnerability lieswithinthe systemitself, thenthemirrors orbackupswill exhibitthesame vulnerability becausetheyare essentiallyclones ofthesystem. JamesScott,seniorfellow, InstituteforCritical InfrastructureTechnology

Recommended

Presentation.. media and challenges of global corruption slideshare
Presentation.. media and challenges of global corruption slidesharePresentation.. media and challenges of global corruption slideshare
Presentation.. media and challenges of global corruption slideshare
Muhammad Ahmad
 
PEOPLE AND CORRUPTION: EUROPE AND CENTRAL ASIA – GLOBAL CORRUPTION BAROMETER
PEOPLE AND CORRUPTION: EUROPE AND CENTRAL ASIA – GLOBAL CORRUPTION BAROMETERPEOPLE AND CORRUPTION: EUROPE AND CENTRAL ASIA – GLOBAL CORRUPTION BAROMETER
PEOPLE AND CORRUPTION: EUROPE AND CENTRAL ASIA – GLOBAL CORRUPTION BAROMETER
Vittorio Pasteris
 
The Unemployment Surprise
The Unemployment SurpriseThe Unemployment Surprise
The Unemployment Surprise
mudits
 
The Federal Reserve System
The Federal Reserve SystemThe Federal Reserve System
The Federal Reserve System
MichaelW Fiedler
 
Salto de página y sección
Salto de página y secciónSalto de página y sección
Salto de página y sección
Lesly Taya
 
Presentación1
Presentación1Presentación1
Presentación1
Brayan Andres
 
Tarea jeison exel
Tarea jeison exelTarea jeison exel
Tarea jeison exel
robin funez ruiz
 
HegoBerria100. octubre 2016
HegoBerria100. octubre 2016HegoBerria100. octubre 2016
HegoBerria100. octubre 2016
Amigos de Mufunga
 

Recommended

Presentation.. media and challenges of global corruption slideshare
Presentation.. media and challenges of global corruption slidesharePresentation.. media and challenges of global corruption slideshare
Presentation.. media and challenges of global corruption slideshare
Muhammad Ahmad
 
PEOPLE AND CORRUPTION: EUROPE AND CENTRAL ASIA – GLOBAL CORRUPTION BAROMETER
PEOPLE AND CORRUPTION: EUROPE AND CENTRAL ASIA – GLOBAL CORRUPTION BAROMETERPEOPLE AND CORRUPTION: EUROPE AND CENTRAL ASIA – GLOBAL CORRUPTION BAROMETER
PEOPLE AND CORRUPTION: EUROPE AND CENTRAL ASIA – GLOBAL CORRUPTION BAROMETER
Vittorio Pasteris
 
The Unemployment Surprise
The Unemployment SurpriseThe Unemployment Surprise
The Unemployment Surprise
mudits
 
The Federal Reserve System
The Federal Reserve SystemThe Federal Reserve System
The Federal Reserve System
MichaelW Fiedler
 
Salto de página y sección
Salto de página y secciónSalto de página y sección
Salto de página y sección
Lesly Taya
 
Presentación1
Presentación1Presentación1
Presentación1
Brayan Andres
 
Tarea jeison exel
Tarea jeison exelTarea jeison exel
Tarea jeison exel
robin funez ruiz
 
HegoBerria100. octubre 2016
HegoBerria100. octubre 2016HegoBerria100. octubre 2016
HegoBerria100. octubre 2016
Amigos de Mufunga
 
Best tattoo melbourne
Best tattoo melbourneBest tattoo melbourne
Best tattoo melbourne
voodooink
 
Formatif 1
Formatif 1Formatif 1
Formatif 1
Asri Hasanah
 
PEF newsletter The Hope (vol 18)
PEF newsletter The Hope (vol 18)PEF newsletter The Hope (vol 18)
PEF newsletter The Hope (vol 18)
qudrat ullah
 
Pixar 22-rules-to-phenomenal-storytelling
Pixar 22-rules-to-phenomenal-storytellingPixar 22-rules-to-phenomenal-storytelling
Pixar 22-rules-to-phenomenal-storytelling
Martin Maggiore
 
M P van Staden CV Rev. 03
M P van Staden CV Rev. 03M P van Staden CV Rev. 03
M P van Staden CV Rev. 03
marthinus van staden
 
Planeación semana 1 y 2
Planeación semana 1 y 2Planeación semana 1 y 2
Planeación semana 1 y 2
Pxndx Vazckez
 
Octaedro
OctaedroOctaedro
Octaedro
Itzel López
 
Master's Project
Master's ProjectMaster's Project
Master's Project
Omar Kashkash, E.I
 
Management Models
Management ModelsManagement Models
Management Models
Antonio Estipona
 
Social media marketing and optimization for nonprofits
Social media marketing and optimization for nonprofitsSocial media marketing and optimization for nonprofits
Social media marketing and optimization for nonprofits
Clinton Cimring
 
Ivf Essay Titles
Ivf Essay TitlesIvf Essay Titles
Ivf Essay Titles
Melanie Mendoza
 
Donald Trump and the Trouble with Facebook
Donald Trump and the Trouble with FacebookDonald Trump and the Trouble with Facebook
Donald Trump and the Trouble with Facebook
RAPP UK
 
International the avanti group news blog
International the avanti group news blogInternational the avanti group news blog
International the avanti group news blog
namichhh
 
E era ir-us-fp
E era ir-us-fpE era ir-us-fp
E era ir-us-fp
Daniel Aguirre Azócar
 
Data and society media manipulation and disinformation online
Data and society media manipulation and disinformation onlineData and society media manipulation and disinformation online
Data and society media manipulation and disinformation online
Alejandro Sánchez Marín
 
Essay College Life Experience Telegraph
Essay College Life Experience TelegraphEssay College Life Experience Telegraph
Essay College Life Experience Telegraph
Jamie Akers
 
Iftf state sponsored_trolling_report
Iftf state sponsored_trolling_reportIftf state sponsored_trolling_report
Iftf state sponsored_trolling_report
archiejones4
 
Edelman Trust Barometer 2015 - Executive Summary Brochure
Edelman Trust Barometer 2015 - Executive Summary BrochureEdelman Trust Barometer 2015 - Executive Summary Brochure
Edelman Trust Barometer 2015 - Executive Summary Brochure
Edelman Amsterdam
 
Trends 2018 Juan Isaza
Trends 2018 Juan IsazaTrends 2018 Juan Isaza
Trends 2018 Juan Isaza
DDB Latina
 
Pin By Ariela On W R I T I N G Introductory Paragraph, Essay Writin
Pin By Ariela On W R I T I N G Introductory Paragraph, Essay WritinPin By Ariela On W R I T I N G Introductory Paragraph, Essay Writin
Pin By Ariela On W R I T I N G Introductory Paragraph, Essay Writin
Maggie Cavanaugh
 
Using OSINT in times of social unrest
Using OSINT in times of social unrestUsing OSINT in times of social unrest
Using OSINT in times of social unrest
Shani Wolf
 
1JohnCharlesChasteen,BorninBloodandFire,Revo.docx
1JohnCharlesChasteen,BorninBloodandFire,Revo.docx 1JohnCharlesChasteen,BorninBloodandFire,Revo.docx
1JohnCharlesChasteen,BorninBloodandFire,Revo.docx
aryan532920
 

More Related Content

Viewers also liked

Best tattoo melbourne
Best tattoo melbourneBest tattoo melbourne
Best tattoo melbourne
voodooink
 
Formatif 1
Formatif 1Formatif 1
Formatif 1
Asri Hasanah
 
PEF newsletter The Hope (vol 18)
PEF newsletter The Hope (vol 18)PEF newsletter The Hope (vol 18)
PEF newsletter The Hope (vol 18)
qudrat ullah
 
Pixar 22-rules-to-phenomenal-storytelling
Pixar 22-rules-to-phenomenal-storytellingPixar 22-rules-to-phenomenal-storytelling
Pixar 22-rules-to-phenomenal-storytelling
Martin Maggiore
 
M P van Staden CV Rev. 03
M P van Staden CV Rev. 03M P van Staden CV Rev. 03
M P van Staden CV Rev. 03
marthinus van staden
 
Planeación semana 1 y 2
Planeación semana 1 y 2Planeación semana 1 y 2
Planeación semana 1 y 2
Pxndx Vazckez
 
Octaedro
OctaedroOctaedro
Octaedro
Itzel López
 
Master's Project
Master's ProjectMaster's Project
Master's Project
Omar Kashkash, E.I
 
Management Models
Management ModelsManagement Models
Management Models
Antonio Estipona
 
Social media marketing and optimization for nonprofits
Social media marketing and optimization for nonprofitsSocial media marketing and optimization for nonprofits
Social media marketing and optimization for nonprofits
Clinton Cimring
 

Viewers also liked (10)

Best tattoo melbourne
Best tattoo melbourneBest tattoo melbourne
Best tattoo melbourne
 
Formatif 1
Formatif 1Formatif 1
Formatif 1
 
PEF newsletter The Hope (vol 18)
PEF newsletter The Hope (vol 18)PEF newsletter The Hope (vol 18)
PEF newsletter The Hope (vol 18)
 
Pixar 22-rules-to-phenomenal-storytelling
Pixar 22-rules-to-phenomenal-storytellingPixar 22-rules-to-phenomenal-storytelling
Pixar 22-rules-to-phenomenal-storytelling
 
M P van Staden CV Rev. 03
M P van Staden CV Rev. 03M P van Staden CV Rev. 03
M P van Staden CV Rev. 03
 
Planeación semana 1 y 2
Planeación semana 1 y 2Planeación semana 1 y 2
Planeación semana 1 y 2
 
Octaedro
OctaedroOctaedro
Octaedro
 
Master's Project
Master's ProjectMaster's Project
Master's Project
 
Management Models
Management ModelsManagement Models
Management Models
 
Social media marketing and optimization for nonprofits
Social media marketing and optimization for nonprofitsSocial media marketing and optimization for nonprofits
Social media marketing and optimization for nonprofits
 

Similar to Epoch Times E-Heist

Ivf Essay Titles
Ivf Essay TitlesIvf Essay Titles
Ivf Essay Titles
Melanie Mendoza
 
Donald Trump and the Trouble with Facebook
Donald Trump and the Trouble with FacebookDonald Trump and the Trouble with Facebook
Donald Trump and the Trouble with Facebook
RAPP UK
 
International the avanti group news blog
International the avanti group news blogInternational the avanti group news blog
International the avanti group news blog
namichhh
 
E era ir-us-fp
E era ir-us-fpE era ir-us-fp
E era ir-us-fp
Daniel Aguirre Azócar
 
Data and society media manipulation and disinformation online
Data and society media manipulation and disinformation onlineData and society media manipulation and disinformation online
Data and society media manipulation and disinformation online
Alejandro Sánchez Marín
 
Essay College Life Experience Telegraph
Essay College Life Experience TelegraphEssay College Life Experience Telegraph
Essay College Life Experience Telegraph
Jamie Akers
 
Iftf state sponsored_trolling_report
Iftf state sponsored_trolling_reportIftf state sponsored_trolling_report
Iftf state sponsored_trolling_report
archiejones4
 
Edelman Trust Barometer 2015 - Executive Summary Brochure
Edelman Trust Barometer 2015 - Executive Summary BrochureEdelman Trust Barometer 2015 - Executive Summary Brochure
Edelman Trust Barometer 2015 - Executive Summary Brochure
Edelman Amsterdam
 
Trends 2018 Juan Isaza
Trends 2018 Juan IsazaTrends 2018 Juan Isaza
Trends 2018 Juan Isaza
DDB Latina
 
Pin By Ariela On W R I T I N G Introductory Paragraph, Essay Writin
Pin By Ariela On W R I T I N G Introductory Paragraph, Essay WritinPin By Ariela On W R I T I N G Introductory Paragraph, Essay Writin
Pin By Ariela On W R I T I N G Introductory Paragraph, Essay Writin
Maggie Cavanaugh
 
Using OSINT in times of social unrest
Using OSINT in times of social unrestUsing OSINT in times of social unrest
Using OSINT in times of social unrest
Shani Wolf
 
1JohnCharlesChasteen,BorninBloodandFire,Revo.docx
1JohnCharlesChasteen,BorninBloodandFire,Revo.docx 1JohnCharlesChasteen,BorninBloodandFire,Revo.docx
1JohnCharlesChasteen,BorninBloodandFire,Revo.docx
aryan532920
 
Coronavirus Fake Pandemic - Economic Reset False Flag; 12 March 2020
Coronavirus Fake Pandemic - Economic Reset False Flag; 12 March 2020Coronavirus Fake Pandemic - Economic Reset False Flag; 12 March 2020
Coronavirus Fake Pandemic - Economic Reset False Flag; 12 March 2020
The Free School
 
York University Essay Title Page
York University Essay Title PageYork University Essay Title Page
York University Essay Title Page
Shantel Jervey
 
Rotarian’s Guide to Social Media
Rotarian’s Guide to Social MediaRotarian’s Guide to Social Media
Rotarian’s Guide to Social Media
Rotary International
 
Iabd 2009 Submission Student Section Megan Mcguire. Doc
Iabd 2009 Submission Student Section Megan Mcguire. DocIabd 2009 Submission Student Section Megan Mcguire. Doc
Iabd 2009 Submission Student Section Megan Mcguire. Doc
mmcguire1131
 
The case for integrating crisis response with social media
The case for integrating crisis response with social media The case for integrating crisis response with social media
The case for integrating crisis response with social media
American Red Cross
 
1990S Technology
1990S Technology1990S Technology
1990S Technology
Amy Alexander
 
Need Motivation To Write Essay
Need Motivation To Write EssayNeed Motivation To Write Essay
Need Motivation To Write Essay
Kimberly Walters
 
Mae Khoory International DevelopmentReflection Paper 3 Dr. I
Mae Khoory International DevelopmentReflection Paper 3 Dr. IMae Khoory International DevelopmentReflection Paper 3 Dr. I
Mae Khoory International DevelopmentReflection Paper 3 Dr. I
PazSilviapm
 

Similar to Epoch Times E-Heist (20)

Ivf Essay Titles
Ivf Essay TitlesIvf Essay Titles
Ivf Essay Titles
 
Donald Trump and the Trouble with Facebook
Donald Trump and the Trouble with FacebookDonald Trump and the Trouble with Facebook
Donald Trump and the Trouble with Facebook
 
International the avanti group news blog
International the avanti group news blogInternational the avanti group news blog
International the avanti group news blog
 
E era ir-us-fp
E era ir-us-fpE era ir-us-fp
E era ir-us-fp
 
Data and society media manipulation and disinformation online
Data and society media manipulation and disinformation onlineData and society media manipulation and disinformation online
Data and society media manipulation and disinformation online
 
Essay College Life Experience Telegraph
Essay College Life Experience TelegraphEssay College Life Experience Telegraph
Essay College Life Experience Telegraph
 
Iftf state sponsored_trolling_report
Iftf state sponsored_trolling_reportIftf state sponsored_trolling_report
Iftf state sponsored_trolling_report
 
Edelman Trust Barometer 2015 - Executive Summary Brochure
Edelman Trust Barometer 2015 - Executive Summary BrochureEdelman Trust Barometer 2015 - Executive Summary Brochure
Edelman Trust Barometer 2015 - Executive Summary Brochure
 
Trends 2018 Juan Isaza
Trends 2018 Juan IsazaTrends 2018 Juan Isaza
Trends 2018 Juan Isaza
 
Pin By Ariela On W R I T I N G Introductory Paragraph, Essay Writin
Pin By Ariela On W R I T I N G Introductory Paragraph, Essay WritinPin By Ariela On W R I T I N G Introductory Paragraph, Essay Writin
Pin By Ariela On W R I T I N G Introductory Paragraph, Essay Writin
 
Using OSINT in times of social unrest
Using OSINT in times of social unrestUsing OSINT in times of social unrest
Using OSINT in times of social unrest
 
1JohnCharlesChasteen,BorninBloodandFire,Revo.docx
1JohnCharlesChasteen,BorninBloodandFire,Revo.docx 1JohnCharlesChasteen,BorninBloodandFire,Revo.docx
1JohnCharlesChasteen,BorninBloodandFire,Revo.docx
 
Coronavirus Fake Pandemic - Economic Reset False Flag; 12 March 2020
Coronavirus Fake Pandemic - Economic Reset False Flag; 12 March 2020Coronavirus Fake Pandemic - Economic Reset False Flag; 12 March 2020
Coronavirus Fake Pandemic - Economic Reset False Flag; 12 March 2020
 
York University Essay Title Page
York University Essay Title PageYork University Essay Title Page
York University Essay Title Page
 
Rotarian’s Guide to Social Media
Rotarian’s Guide to Social MediaRotarian’s Guide to Social Media
Rotarian’s Guide to Social Media
 
Iabd 2009 Submission Student Section Megan Mcguire. Doc
Iabd 2009 Submission Student Section Megan Mcguire. DocIabd 2009 Submission Student Section Megan Mcguire. Doc
Iabd 2009 Submission Student Section Megan Mcguire. Doc
 
The case for integrating crisis response with social media
The case for integrating crisis response with social media The case for integrating crisis response with social media
The case for integrating crisis response with social media
 
1990S Technology
1990S Technology1990S Technology
1990S Technology
 
Need Motivation To Write Essay
Need Motivation To Write EssayNeed Motivation To Write Essay
Need Motivation To Write Essay
 
Mae Khoory International DevelopmentReflection Paper 3 Dr. I
Mae Khoory International DevelopmentReflection Paper 3 Dr. IMae Khoory International DevelopmentReflection Paper 3 Dr. I
Mae Khoory International DevelopmentReflection Paper 3 Dr. I
 

Epoch Times E-Heist

  • 1. By Leo Timm Epoch Times Staff In his recently published com- mentary arti- cle, Yu Keping, a member of a think tank that servedformerChineseleaderHu Jintao,haschallengedlong-stand- ingofficialnarrativesbycastinga positivelightontheRussiantran- sitiontodemocracy. Yu’s article, titled “Important Gleanings From Russia’s Dem- ocratic Reformation,” was pub- lished online by Caixin, a lead- ingChinesefinancialnewsmedia groupbasedinBeijing. Withitstakeonthedemocratic reforms started by Soviet leader Mikhail Gorbachev, which ulti- mately led to the end of com- munism in Eastern Europe, the piecefliesinthefaceofwhatChi- na’s state-approved pundits and top officials have been saying for years: that introducing political freedomwasadisastrousbetrayal ofinternationalsocialism. “Following the disintegra- tion of the Soviet Union, Russia embarked on political reforma- tion in a democratically oriented direction,”Yuwrites. SeeReformsonA7 We inform. We inspire. INSIDE AmidEconomicandPolitical Crisis,RioOlympicsRun 51PercentOverBudget A resident of Baku in the southern Soviet republic of Azerbaijan on Sept. 21, 1991, hacks apart a portrait of Russian revolutionary leader Vladimir Lenin. By Steven Klett Epoch Times Staff W hile an investigation into Hillary Clinton’s use of a private email server has been closed by the Justice Department, the politi- calfalloutfromtheinvestigation islikelytocontinuetofollowher. FBI Director James Comey said in a press briefing on July 5 that he thought no criminal charges should be filed against Clinton, but did describe the handling of emails by her and her staff as “extremely careless.” HealsocontradictedClintonon key claims she made about the use of her private email server. Testifying before the House Oversight and Government Reform Committee, Comey said that Clinton had made statementsaboutheremailsthat “were not true.” “For a candidate who already had significant issues with vot- ers on honesty and trust, her problems just got a lot worse,” said Neil Newhouse, Mitt Rom- ney’s campaign pollster in 2012,abouttheresultsoftheFBI investigation. “It may have effectively ended her legal problems, but it put her political problems front and center,” he said. It is unclear, however, how much the outcome of the inves- tigationwillimpacttheoutcome of this year’s presidential race. See Campaign on A3 DespiteEmail ProbeFallout, ClintonCould RemainUnhurt inPolls 2016 OLYMPICS CHINA ANATOLY SAPRONENKOV/AFP/GETTY IMAGES By Emel Akan Epoch Times Staff W ith the opening cer- emony less than a month away, Bra- zil’s Olympic Games have a cost overrun of $1.6 billion, according to a new study. The preliminary cost, whichis run- ning51 percent over budget, is still modest compared to previousgames,but comes ata- timewhenBrazilisfacinganeco- nomic and political crisis. See Costs on A6 Work continues at the beach volleyball arena on Copacabana Beach in preparation for the Olympic Games in Rio de Janeiro on July 4. MATTHEWSTOCKMAN/GETTYIMAGES JULY 8–14, 2016 NEW YORK EDITION THEEPOCHTIMES.COM VOLUME 25 ISSUE 2 $2.00 feedback feedback@epochtimes.com advertising advertisenow@epochtimes.com phone 212-239-2808 Find more information on A3 CONTACT US CONTENTS A2...........................New York A3..................................Nation A6....................................World A9..............................Business A11............................Opinion A12.................................Sports W............Epoch Weekend B...............................Epoch Fit C.........Epoch Arts & Style D........................Epoch Taste CLINTON EMAILS OnceOffLimits,ChineseScholar TalksofRussia’sReformer— Gorbachev Thehackers havealevelof accesstothe systemthat allowsthemto read,write,and executefileson thesystem. AdividedHouse committeequestions FBIdirectorover investigation IsConfidence ComingBackto theOilIndustry? Weneedinvestmenttoavoid asupplygapinthelongrun. A9...BUSINESS COURTESY OF CHEVRON TurningaCamera IntoaBillionDollar Business ShutterstockCEOJonOringer onhisbeginnings. A10...BUSINESS COURTESY OF SHUTTERSTOCK Corruption Seemedto Contributeto DamageofFloods inCentralChina Heavyrainscausedflooding intwodozenprovinces, leaving186dead. A7...WORLD STR/AFP/GETTY IMAGES Kindergartensin theForestSync ChildrenWith Nature Someschoolsandteachers arebuckingthetrend, unpluggingfromtechnology andstayingclosetonature. A2...NEW YORK AP PHOTO/MATT DUNHAM EPOCHWEEKEND ISISLOSINGGROUND— BUTWHATHAPPENSNOW?After losing Iraq’s Fallujah, ISIS is looking beyond its ‘caliphate,’ putting neighboring countries at risk E-HEIST CYBERCRIMINALS INFILTRATE FINANCIAL NETWORK, PUTTING US BANKS AT RISK EVERETTCOLLECTION(BANKBUILDING);VECTORKAT(LABEL);PAULROMMER/SHUTTERSTOCK(BORDER);EPOCHTIMES(PHOTOILLUSTRATION) By Joshua Philipp Epoch Times Staff U niTeller is a financial ser- vices company that spe- cializes in making inter- national money transfers, servicing a network of some 87 banks and 32,000 payment locations worldwide. According to an expert in cybersecurity, those banks have potentially been compromised by hackers who have breached UniTel- ler’s network. Edward Alexander is a cybersecu- rity expert who tracks and sometimes prevents digital crime. He has a team of more than 200 digital investiga- tors working specifically on the cases related to the UniTeller breach. Their beat is the darknet, a large segment of the internet only accessible with special software and often used by criminal groups to conspire and sell illicit goods and services. In 2015, Alexander’s team learned that hackers employed by the Chi- nese regime had begun penetrating the world’s financial systems as early as 2006. Also in 2015, after having gained high-level access they used to map and mirror the world’s financial sys- tem for their official employers, these hackers sought to monetize the infor- mation they had gained through pri- vate transactions. They sold information on UniTel- ler’s system, and on Banorte, Mexi- co’s third-largest bank and owner of UniTeller, to a group of international cybercriminals. The world learned of this when the central bank of Bang- ladesh revealed hackers had stolen $81 million from it. See Global Heist on A4 Thestudyalsocriticizeshost governmentsandtheIOCfornot beingtransparentaboutthetrue costandcostoverrunofthegames. News Analysis
  • 2. NATIONwww.TheEpochTimes.com A4 July 8–14, 2016| GlobalHeistcontinuedfrom A1 Now, according to Alexander, this same group is changing its tactics while looking to enlarge its operations. Alexander knows what the criminalgroupisdoing,because hisoperativesbefriendedsome of its members and gained their trust to such a degree thattheychattedaboutand sharedproofoftheircrimes. This is what Alexander calls “offensivecounter-intelligence.” His people learn how to pen- etrate criminal networks and bring back intelligence that can be used to stop those networks. Banks and other institutions often pay well for such infor- mation. IncludedintheevidenceAlex- ander obtained is a series of screenshots that show the hack- ersstealingmoneybywayofthe UniTeller system. ProlongedBankRobbery Among the screenshots are some showing the cybercrimi- nals changing the daily spend- ing limits on credit cards, and accessing transactions of pre- paid uLink MasterCards issued forUniTellercustomersthrough Fifth Third Bank in Cincinnati. “In theory, rather than make it look like a large $81 million heist,itcouldbethattheycantry to nickel and dime the accounts using smaller amounts,” said Alexander. Stolen credit cards and debit cardsarecommonlysoldinbulk on darknet cybercrime markets in what people call “dumps” or “dumpz.” Criminals who pur- chase them will often use their informationtomakefakecards, which they then use to make purchases. He noted the cybercriminals mayalsobetestingthenetworks beforelaunchingalargerattack. While the criminal group has the tools it needs to access Uni- Teller’s system, they need time, Alexander said, to learn how to exploit the breach. Alexander said the hackers have “traversed into the net- works” of banks connected to UniTeller, and have begun launching additional attacks to gain deeper access to the con- nected banks. Alerts WhenAlexandersawtheattacks begin,healertedU.S.federallaw enforcement and made numer- ous attempts to alert the finan- cial institutions the hackers had breached. OnMay27,Alexanderalerted UniTellerandfourdayslatersent afollow-upmessageonLinkedIn to UniTeller CEO Alberto Guerra. In response, Alexan- der said, Guerra blocked Alex- ander from sending him addi- tional messages on LinkedIn. “We have attempted to con- tact the victim banks to offer our support and intelligence. However, the response received fromFifthThird,UniTeller,and Banorte seems to be the stand- ardresponseworldwide—denial and hope the alert is not valid,” he said. Theheadofaleadingcyberse- curityintelligencefirmhadalso contacted some of the financial institutions and warned of the breach. The firm received the same responses. The individual requestedtoremainanonymous due to his company’s ongoing investigation into the attacks. UniTeller did not respond to two emails from Epoch Times toconfirm;andBanortedidnot respond to two emails, a phone call, and a voice message. Alexander attempted to alert Fifth Third Bank of the attacks, only to receive an email stating thebankhadnotbeenbreached and declined his help. Larry Magnesen, spokesper- son for Fifth Third Bank, told Epoch Times, “Our team has, withduediligence,evaluatedthe claim, and there is no reason to be concerned here with respect to Fifth Third Bank.” Alexander notes that Fifth Third Bank’s system has likely not been directly hacked, but has been compromised due to its connection to the UniTeller network. AQuietResponse WhileUniTellerdidnotrespond toAlexanderandmadenopublic announcement of the breach, it appearsthatitdidtakethewarn- ings seriously. Around June 1, UniTeller’s online services for customers to log in to their accounts and create new accounts were taken offline. As of July 7, the login page was still offline. AccordingtoJamesScott,sen- iorfellowattheInstituteforCrit- ical Infrastructure Technology (ICIT), the three business days UniTellerhadbetweentheinitial alertfromAlexanderonMay27 (since it was given ahead of the Memorial Day weekend) would havelikelybeen“enoughtimeto freezeongoingtransactionsand prepare the system for ‘offline maintenance.’” Scott said in an email that if UniTeller was breached, its sys- tem administrators “may have had mirrors of backups of the QUOTABLE QUOTABLE ACROSSTHE NATION I’mreadytopass thebaton. Nochargesare appropriatein thiscase. The number of traffic crash deaths per 100,000 people in the United States in 2013, the highest rate of nearly 20 affluent countries studied and almost double the rate of the next country on the list, Belgium 10 OLIVIERDOULIERY-POOL/GETTYIMAGESALEXWONG/GETTYIMAGES PresidentBarackObama ashejoinedHillary Clintononthecampaign trailatarallyinNorth CarolinaonJuly5 FBIDirectorJames Comeyannouncinghis conclusionthatthere wasnoevidencethat showedintentional mishandlingofclassified informationinClinton’s emailpractices,despite sayingthatClintonand heraideswere“extremely careless”inhandling sensitiveinformation QUANTIFY The Fifth Third Bank building in Cincinnati in this file photo. AP PHOTO/AL BEHRMAN Screenshot E: A screenshot of a cyberattack shows files the hackers have access to. COURTESY OF EDWARD ALEXANDER Cybercriminals InfiltrateFinancial Network,Putting USBanksatRisk Intheory,rather thanmakeitlook likealarge $81millionheist, itcouldbethat theycantryto nickelanddime theaccountsusing smalleramounts. EdwardAlexander, cybersecurityexpert AMIDZIKAFEARS,BUG REPELLENTSUPPLIERNAMED FORRIOGAMES ConsumerproductsmakerSC Johnson says its OFF! brand has been named the official insect repellent supplier for nextmonth’sOlympicGames, to be held in Rio de Janeiro amid ongoing fears about the mosquito-borne Zika virus. TheRacine,Wisconsin-based company says the repellant will be provided to athletes, volunteers, staff, and media. FLORIDAMAYSPEND MILLIONSBATTLINGSTINKY ALGAEBLOOMS Florida Gov. Rick Scott says he’ll push state legislators to spend millions to battle the massive algae bloom fouling some of the state’s southern rivers and beaches with a cen- tral sewer system. Part of the blame for the bloom has been placed on discharges from Lake Okeechobee, but Scott says septic tank runoff also contributes to the problem. PFIZERAGREESTONOTE ADDICTIONRISKSIN OPIOIDMARKETING The city of Chicago and Pfizer announced an agree- ment July 7 committing the drugmaker to disclosing the serious risks of addiction in its marketing of prescription opioid painkillers. Chicago is suing five pharmaceutical companies, alleging they have misrepresented the ben- efits of opioids while conceal- ing serious health risks asso- ciated with the drugs. 7VIDEOSHOWSGRUESOME AFTERMATHOFMINNESOTA POLICESHOOTING A woman who watched as a police officer fatally shot her boyfriend during a traffic stop streamed the gruesome aftermath of the slaying live on Facebook, telling a world- wide audience that her com- panion had been shot “for no apparentreason”whilereach- ing for his wallet. It was the secondfatalpoliceshootingin asmanydays.Ablack37-year- oldmanwaskilledTuesdayby officers in Baton Rouge, Lou- isiana. Alton Sterling’s death was caught on video. 1 3 4 TINYSOUTHCAROLINA TOWNBANSSAGGINGPANTS, THREATENSFINES Wearing saggy pants could get expensive in tiny Tim- monsville, South Caro- lina. A new town ordinance outlaws wearing sagging pants, trousers or shorts that intentionally display a person’s underwear. After initial warnings, third and subsequent offenses carry a fine ranging from $100 to $600. 5 TEENLOSESPARTOFLEGWHEN 180SPARKLERSEXPLODE A Texas teenager who lit 180 sparklers that were taped together needed to have part of his leg amputated and suf- fered burns after the spar- klers exploded. The family of 15-year-old Rowdy Radford saidhealsomaylosehisvision duetotheaccident.Matagorda Countysheriff’sSgt.JamesOrr said July 5 the teen was at a home in the Gulf Coast com- munity of Sargent when he wrappedthesparklerstogether. 2 BOSTONCABBIETURNSIN $187,000LEFTBEHINDINTAXI Amanwholeftabout$187,000 cash in a Boston taxi has been reunited with his money thanks to an honest cabbie, police said July 5. Raymond “Buzzy”MacCausland,adriver fortheIndependentTaxiOper- ators Association, picked up a fare with a cast on one leg on July 2. “He told me he was homeless and had been living in a shelter for six months,” MacCausland said. 6 8GEORGIAPRISONSLOCKED DOWNAFTERDEATH,BRAWL Eight Georgia prisons are on lockdown after a bloody June that included the killing of an inmate in one prison that prompted murder charges against a guard and three gang members, and a brawl at another facility that sent 16 inmates to hospitals, author- ities said July 7. The lock- downs are a response to ris- ing tensions between prison gangs following the vio- lence, the Georgia Depart- ment of Corrections said in a statement. 8 From Epoch Times and The Associated Press NATION IN BRIEF 4 2 1 7 3 6 8 5
  • 3. NATIONwww.TheEpochTimes.com A5July 8–14, 2016 | system,thatwereupdatedhourly or daily.” He added that most financialinstitutionskeepback- ups for “redundancy,” for “per- sistent up time during mainte- nance,”andindifferentlocations “in case of natural disasters.” “However, if the vulnerability lies within the system itself,” he said, “then the mirrors or back- upswillexhibitthesamevulner- ability because they are essen- tially clones of the system.” After freezing or halting transactions, as in the case of UniTeller taking its login sys- tems offline, Scott said incident responders “could disconnect the system from the internet to blockinboundconnectionsand makealivecopyofthesystemto conduct forensics on.” Henotedthat“properincident respondersneveroperateonthe system itself,” and always use a mirror or live copy; and noted thattakinganetworkofflinefor a month in the case of an attack “does not seem that unreasona- bleifthevulnerabilityliesinthe system itself, or if the incident response team could not ascer- tain what was wrong. Figure, the IRS GetTranscript tool was offline around a year.” After the UniTeller service had been down for 19 days, on June 20, Alexander called Uni- Teller’s toll-free customer ser- vice number to ask why the ser- vice was offline. He was told in the recorded call that “the site is undergoing maintenance.” Meanwhile,Alexander’sdark- net investigations showed that while UniTeller was likely try- ing to fix the breach, the hack- ers were still very much active. InsidetheAttacks The gang member befriended by Alexander’s operatives pro- vided many screenshots show- ingnamesofindividuals,names of banks, and money transfers. Alexander said the screenshots show the criminals in the pro- cess of launching their attacks against UniTeller. Scott took time to corrob- orate the claims, and said the content of the screenshots align with Alexander’s analy- sis of their contents. He noted that while it would be possible to spoof images such as these, it wouldn’t be something an indi- vidual could do on short notice. The images also demonstrate anaccuratepictureofdatabases thatafinancialinstitutionwould likely have. Screenshot A shows transac- tions remitted from a senders’ third-party bank connected to UniTeller’s network, then cred- ited to a uLink MasterCard account at Fifth Third Bank, and then finally converted to the uLink cardholders’ native currency, according to Alexan- der. The screenshot also identi- fiesthenamesofaccountholders andtheamountofmoneybeing transferred. Alexander said the money is being sent through the UniTel- ler network to Fifth Third Bank to transfer funds to the loada- ble uLink MasterCard. He said the number sets in the center- left column appear to be money being sent in foreign currency from the United States, to the uLink cardholders in their respective country. “Thesecanverywellbemulti- ple transactions that are occur- ring,” he said, noting the mem- ber of the gang who took the screenshot did not specify on this particular screenshot. He pointed out the word “remittance” at the top of the center-right column, and noted “When you see the word ‘remit- tance’ that is a money transfer.” Scott said that while it’s diffi- cult to make a definite conclu- sion of what the image shows, without having a full picture of the system, “the basic state- ments are correct, at least,” and saidthattheimageshowingmul- tiple transactions “is definitely correct” and that remittance transfers are also taking place. In Screenshot B, Alexander pointed out the “May 25” date without a year, and noted that the system won’t give the year if it’s the current year, and so this gives a timestamp on the file. He pointed out the third line down “FifthThird-UTLR,” whichreferstoFifthThirdBank andUniTeller.Onthefourthline down,the“From53rd”in“TEST- ACKFileFrom53rd” suggests it was a transmission from Fifth Third Bank to UniTeller, which further suggests the hackers have access between UniTeller’s compromisednetworkandFifth Third Bank. Finally, he pointed to the name “uLink” in the lower-right corner, and noted it referstotheuLinkprepaidMas- terCard. “That is showing there is clearly admin access to where those files are,” he said, adding thatit’spossiblethefilescontain wiretransfercredentialsbutthe gang member did not specify. Scott said at the very least, the image shows the hackers have a level of access to the system that allows them to read, write, and execute files on the system. ScreenshotCshowsACHpay- mentsbeingdoneonabreached bank network. An ACH is an automatic clearinghouse. An example would be if you had a bank account set to automati- cally pay a cellphone bill. “Each one of those are pay- ment transactions, when you see the ACH in there,” Alexan- der said, noting the screenshot shows payments being made at set times. “That shows they have access totransactions,”hesaid.“Those were all ACH text files. They could easily open any of those files to see the types of transac- tions and leverage that type of information.” He pointed out the center-left column, which states “swad- min staff,” and noted it shows thegangmemberwithadminis- trator-levelaccesstothesystem. Scott said the image shows the hackers have the ability to read files shown on the page, but wouldn’t be able to alter the files. He noted, “if they’re try- ing to steal files, that’s all they actually need.” He also pointed out that the word “staff” next to “swadmin” shows the system is recognizingtheaccountaslegit- imate. ScreenshotDshowslogincre- dentials to UniTeller networks, and Alexander pointed out the mention of “api” in the screen- shot. An API, or “application pro- gram interface,” allows applica- tionstocommunicatewitheach other. They could, for example, allow a computer to access a databaseorrespondtocallsfrom another system. “It’s another vector, and the factthatit’sthere,weknowUni- TelleriscompromisedandUni- Teller’s API sends and receives calls from others that are con- nected to it,” Alexander said. “How all these banks connect toUniTelleristhroughtheAPI,” he said, noting this could be how hackers are gaining access to bank systems connected to UniTeller. Scott noted that the page shows website links to IDolo- gy’s IDCenter, which is a login portal for companies, and that the hackers may have been run- ning attacks to gain a set of user credentials for the portal. Screenshot E, Alexander said, “We’reseeingrootaccessthesec- ond line down, but what’s really interesting is the names of the files.” He pointed out the bottom name, which states “Internet User,” and noted it’s a “user cre- dentialsexcelsheet”whichcould givethehackersalistofusercre- dentials. He also noted the line near the center, which states “CC_ DC_Limits_mobetize.sql,” and said it ties to the gang member’s claims that the cybercriminals wereabletochangedailyspend- ing limits on credit cards, and access payments for uLink pre- paidMasterCard.Henotedthat “CC”standsfor“creditcard”and “DC” stands for “debit card.” Alexander pointed out other files listed in the screenshot, whichsuggestthegangmember had also gained access to trans- actions,storage,theencryptions utility, and the FTP file root. Scott noted the image shows the hackers have the ability to read, write, and execute files on the FTP system, which would allow them to transfer informa- tion to and from the system. He saidusingtheFTP“isacommon waytoexfiltratedata”—todown- load data from the system. Alexander took a step back to reflect on the implications of the UniTeller breach. “This is impacting everybody that has to do with banking, and that’s pretty much everybody.” Screenshot A: A screenshot of a cyberattack shows transactions being made. COURTESY OF EDWARD ALEXANDER; THIS IMAGE HAS BEEN EDITED BY EPOCH TIMES TO HIDE SENSITIVE INFORMATION Screenshot B: A screenshot from a cyberattack shows files relating to UniTeller, Fifth Third Bank, and uLink cards. COURTESY OF EDWARD ALEXANDER Screenshot C: A screenshot from a cyberattack shows payments being made. COURTESY OF EDWARD ALEXANDER ScreenshotD:Ascreenshotfromacyberattackshowslogincredentials. COURTESY OF EDWARD ALEXANDER; THIS IMAGE HAS BEEN EDITED TO HIDE SENSITIVE INFORMATION Ifthevulnerability lieswithinthe systemitself, thenthemirrors orbackupswill exhibitthesame vulnerability becausetheyare essentiallyclones ofthesystem. JamesScott,seniorfellow, InstituteforCritical InfrastructureTechnology