Comments on: Your Credit Card Could be Funding Terrorism

By: dickIn

dickIn — Mon, 14 Apr 2008 12:13:42 +0000

yeah…cyberscare or “pump my…budget” ?

By: Christian

Christian — Wed, 09 Apr 2008 21:47:53 +0000

b,
You’re just a big fat meanie!

By: mk

mk — Wed, 09 Apr 2008 02:29:58 +0000

I attended the RSA conference and wanted to say that U.S. Secretary of Homeland Security Michael Chertoff said almost word for word what you have been saying on here since you two began this blog. I think he is listening so both of you keep it up!
THANK YOU FOR YOUR EFFORTS

By: DopplerDave

DopplerDave — Tue, 08 Apr 2008 21:23:33 +0000

Just as an FYI, I got a phone call advertising a 6.5% interest rate for my credit card. Interestingly, it did not say which credit card, i.e. bank and card company. The caller ID revealed that the call originated from a Middle Eastern country, Bahrain.
I’m convinced it was a credit card scam. Was it terrorist related? I don’t know, but I wouldn’t be surprised.

By: TrustButVerify

TrustButVerify — Tue, 08 Apr 2008 20:52:16 +0000

I keep waiting for one of these data breaches to catalyze a good ol’ American class-action lawsuit which ruins a major company and thereby scare everyone else into behaving responsibly, but so far it hasn’t happened.

By: SPY GUY

SPY GUY — Tue, 08 Apr 2008 20:38:40 +0000

All anyone has to do is read the news and you will see just how exposed our information systems are currently. I guess “b” can’t read! Symantec just announced internet threats rose over 400% in 2007 from 2006 numbers. We really need to address this!

By: Kevin

Kevin — Tue, 08 Apr 2008 19:43:29 +0000

b YOU JUST DON’T GET IT! Until you protect the massive systems used in business and the sensitive data they collect and store the country is at risk. Read “UnRestricted Warfare” it will help you understand our enemy. Oh by the way, I retired from Netscape and donate about 70% of my time to helping other deal with strategic technology issues. Just for the record.

By: b

Tue, 08 Apr 2008 19:23:17 +0000

Coleman is a propagandist who sells himself for $5,000 a gig, currently for doing “cyberscare” but eventually for anything that might be profitable for HIM.
This has little to do with Defense or Technology, thus doesn’t belong on this ever deteriorating blog, and a lot to do with hyping his business.
If some 23 year old geek confessed (under torture?!) to be the “mastermind” of Al Qaeda’s internet operation I certainly have no fear for the world to be taken over by those.

By: Kevin

Kevin — Tue, 08 Apr 2008 18:09:36 +0000

To Camp — Finally someone who gets it. Security for our systems cannot be piecemeal and must go end to end. Encryption is one way to increase the security of our networks and our data. I am not sure you knew this but, criminal enterprises have been established to sell software exploits, trojans, viruses and other malware to anyone who want them. They have become the new arm dealers. While the government is laser focused on their systems and DoD capabilities, we will not really make a big difference in security until businesses are made to increase their security.
Thanks for reading the article and your posting

By: Camp

Camp — Tue, 08 Apr 2008 17:59:38 +0000

When you say “Hannaford”, I take it you’re referring to this.…
“Hannaford Breach May Presage ’08 Trend“
http://blog.washingtonpost.com/securityfix/2008/03/hannaford_breach_may_presage_0.html
“While the payment card industry standards require retailers to encrypt payment data when it traverses public networks, that requirement does not necessarily apply to a company’s own internal, non-public networks, Sartin said.
“I would say a trend we’re seeing hitting a lot of retailers right now is that these organizations can be [compliant with the credit card industry security standards] and still have customer data stolen,” Sartin said. “The data in transit is allowed to traverse private links and internal infrastructure without being encrypted, and the attackers are taking advantage of that.“
Sartin declined to say whether this dynamic was at work in the Hannaford case (his company had been retained by a party involved in the breach). But he noted that Cybertrust has found with a number of very recent compromises that attackers have seized control over the very terminals that control cash registers or point-of-sale systems within a retail store, or the server through which all registers connect to pass transaction data out across the Internet to the store’s payment processor.“
Whether it’s the cause or not, I think Encrypted LANs (NICs with Crypto ASICs) should be the standard practice and not an exception. The above story is also probably just another push towards a Dynamic Credit Card Model.
Regarding “Al Qaeda’s top cyber terrorist 23 year old Younes Tsouli”. According to the Washington Post article, he was basically a web admin who “stole via phishing scams and the distribution of Trojan horses”. The wording leads me to believe that he didn’t even write the Trojan apps, but instead just used off-the-shelf code.
As for “The game has changed!… Imagine the psychological impact…Imagine the damage to a corporation’s brand”. I have to disagree. Theft has funded criminal organizations & murder since before civilization, how is this any different? Unless somebody gets a bill for a suicide bombing, or a specific entity was intentionally financing terrorism… people probably won’t even notice. Heck, the 9/11 plotters utilized basic U.S. banking services, and with the exception of United Airlines (who are still in business) I don’t recall any other brands.
“Al Qaeda funded the hijackers in the United States by three primary and unexceptional means: (1) wire or bank-to-bank transfers from overseas to the United States, (2) the physical transportation of cash or traveler