Point of Sale malware gaining momentum as holiday shopping season approaches

Data security expert Mark Bower, Global Director, Enterprise Data Security for HPE Security – Data Security, today commented on a new rash of point of sale (POS) terminal malware, including Abaddon, identified just as the holiday shopping season gets underway. Mark provided the following commentary on the issue to @DFMag;

“Point of sale (POS) systems – what consumers often call the checkout system – are often the weak link in the chain and the choice of malware. They should be isolated from other networks, but often are connected. A checkout terminal in constant use is usually less frequently patched and updated, and is thus vulnerable to all manner of malware compromising the system to gain access to cardholder data.

Risks of theft from point of sale (POS) malware like Abaddon is totally avoidable. The good news is that savvy merchants are already tackling this risk and giving the malware nothing to steal through solutions that also have a dramatic cost reducing benefit to PCI compliance. Encrypting the data in the card reading terminal ahead of the POS eliminates the exposure of live information in vulnerable POS systems. If it’s GammaPOS, Abaddon, Dexter or other variations of malware designed to steal clear data in memory from POS applications, resulting in the loss of magstripe data, EMV card data or other sensitive data exposed at the point of sale, the attackers get only useless encrypted data. No live data means no gold to steal. Attackers don’t like stealing straw.

How to do it? The easiest way to deploy this is with contemporary Format-Preserving Encryption based devices which protect data without having to make major changes to POS data flows and applications, going end-to-end to the secure processing host, far out of reach.

Over the past few years the PCI Council has also supported the approach and called it Point to Point Encryption (P2PE) or end to end encryption. For merchants, these solutions address the risk by encrypting the payment card data before it even gets to the POS. This might be in the card reader, a reading pin pad, or even inside a reading “sled” or “wedge” attached to the POS. If POS is breached, the data will be useless to the attacker. On the other hand, the secure card readers are very, very difficult to attack and do not store live data to steal: they encrypt it and pass it up the payment process to the POS. If tampered with they are designed to destroy their contents.

The trick is getting it right so that even though the data is protected and secure, it’s still compatible to the payment applications in the merchants systems and applications in the POS itself to permit regular POS functions to continue without change. That’s where format preserving encryption (FPE) comes in – NIST recognised FFX mode AES in particular. With FPE, the data stays protected from the moment it is captured as its read or entered. The magnetic stripe data and track information (Track 1, Track 2 or even EMV data) or manually entered credit card numbers are all protected while retaining the track structure, PAN format and integrity. To the POS, it still looks and feels like cardholder data, so low impact to the way customer payments are handled. To the merchant the PCI DSS scope is dramatically reduced, the whole POS is potentially out of scope. To an attacker, there’s nothing of value to steal.  The attacker would get nothing but useless encrypted data. Only the other “end” of the payment process, usually an acquirer after the payment data has passed through switches, gateways, networks and applications, can decrypt the data. For post authorisation processes, a token might be returned to the merchant for storage and re-use in applications and databases without needing live PAN data again.

When implemented correctly, this approach can dramatically reduce the cost of PCI compliance and solve huge risk challenges easily. Without having to worry about nasty POS infecting malware and the reducing the cost of PCI DSS compliance, merchants can focus on growing their business.”

(108)

Share

Mobile Wallets: The New Fraud Frontier

By Ryan Wilk, Director, NuData Security

Mobile wallets are enjoying increasing adoption, with payments made via mobile devices in the United States expected to total $90 billion by 2017 according to Forrester Research.

With the near-ubiquity of mobile devices, banks are under pressure to come out with their own mobile banking apps, but security fears abound.

Mobile apps currently hold many credit card details raising concerns about security, and legitimate applications passing data to other applications in an unauthorised manner is gaining more attention. A single pin unlocking all of the stored accounts, allowing much greater exposure is another possible drawback.

With a company’s brand reputation and customer loyalty on the line, how can institutions secure payments via mobile wallets? The key is trusting the used based on behaviour. Deploying advanced user behavioural analytics allows organisations to detect good users more accurately while improving customer experiences. Tracking behavioural patterns shows who the real users are, and when it comes to fraud attempts banks can leverage that same information to identify bad actors.

How does behavioural analytics work? By focusing on observed characteristics of who the user is it profiles users and accounts through their lifecycle across multiple channels. This empowers two key capabilities; firstly, it enables risk managers to detect and respond to risk sooner, reducing the chance of financial loss. Secondly, when the user does reach a transaction point, fraud managers have the full context of their previous behaviours to make a better decision on the transaction.

To collect all these observed characteristics, non-PII networks analyse billions of transactions, creating a store of anonymous identities that are categorised as either good or risky users. These identities remain completely anonymous, adhering to privacy laws. Utilising this, a bank is provided an early warning system, alerting them when a user is behaving “badly,” even if it is the first time the user is approaching their site.

User behaviour analytics can help answer bigger questions, such as:

• How did the user behave previously when they logged in? Are they behaving the same now?
• Is this “user” creating a fraudulent mobile wallet with stolen account information?
• Is their behaviour repeated? If the behaviour is the same every time, perhaps it is a good user. But if it’s the same behaviour that 1,000 users are all repeating, it could indicate the creation of bogus accounts with stolen credit card data.

Observing user behaviour in detail enables the best chance of beating fraud. There are at least 20 mobile wallet systems currently in use, according to a study from the Carlisle & Gallagher Group, expanding the threat landscape significantly. Relying on a single layer of defence is always going to end badly. Profiling across multiple channels, and using analysis from billions of transactions, provides the insight needed to more accurately detect mobile wallet fraud. Behavioural analytics offers banks the insight they need in order to protect themselves and their customers from fraudulent activity.

(113)

Share

Shrinking the elephant in the room

By: Dietrich Benjes, VP EMEA, Varonis

When it comes to information security, the notion of the insider threat is increasingly rearing its head. The sensational idea that immediately springs to mind is of corporate espionage – competitors going incognito or rogue employees stealing information. Though this certainly does happen, the reality of true insider threats is one that is far less thrilling, yet just as serious. It’s the great, big elephant in the room: employee misjudgement. Sure, you may run training courses, teach them how to spot a phishing email and run awareness programmes, but mistakes are made (we’re all human after all). In fact, the majority (60%) of insider threats according to the 2014 DBIR were not malicious, but due to employee mistakes which can leave an organisation to foot bills of $800k on average.[1] A common example is that of the ‘copy and pasters’ of the world. The employees who, by trying to make life easier for themselves, inadvertently leave private or sensitive data dotted about the corporate network just waiting to be found.

And even if it may go a little deeper, say an employee snooping an area of the network they shouldn’t with any malicious intent, if they’ve seen it from their user account that has been hacked, then so has the hacker. While pure human nature makes us more biased towards fearing the more dramatic of risks, in truth, the frequent mundane threats that stare us in the face every day will be the ones that take us down. So it’s time to shrink the elephant in the room. Here are five tips organisations can implement to help take the emphasis off of employees and put it on something easier to control: the data.

TIP #1: ELIMINATE GLOBAL ACCESS

Global access is a big, blunt weapon that should not be used except for information that is 100% public. Many systems give the option to grant global access to information via a special group like the “Everyone” group or “Authenticated Users” in Windows. When organisations grant access via a global access group, they’re effectively saying, “I don’t care what happens to this data.” It’s not even unheard of to see global access applied to folders with millions of credit card numbers, socials, and more. This is absurd. Seriously, stop using global access groups.

TIP #2: ELIMINATE EXCESSIVE PERMISSIONS

According to a recent study with the Ponemon Institute, four out of five IT pros say their organisations don’t enforce a strict need-to-know data security model. This means that, in most organisations, employees have way more access than they need and, ultimately, the surface area for employee privilege abuse is way bigger than it has any right to be.

This is because:

  • People change jobs, departments, responsibilities
  • Temporary projects often require temporary access
  • Consulting contracts start and end
  • Permissions are granted accidentally
  • People leave the company

Permissions creep plagues most companies. It’s hard to prevent and can be even harder to remediate. Excessive access applies to both people and software. If the web server has a vulnerability and it’s running under a privileged domain user that has access to the file system or, worse yet, network shares, any vulnerability in that web server software is now YOUR problem. Consider software an insider and limit its access to need-to-know.

For temporary employees, contractors, consultants, and project teams, entitlements should always be assigned an expiration date **at the time they are granted**. This is the best shot at eliminating permissions creep.

Furthermore, even with auto-expiry at your disposal, it still pays to have business users do periodic reviews. After all, they know the people who use the data. IT admins might not. Put the decisions in the hands of the people with the most context, and give them the power to make changes.

TIP #3: ALERT ON PRIVILEGE ESCALATIONS AND BEHAVIOURAL DEVIATIONS

Not only should you frequently perform an entitlement review on the Domain Admin group to ensure its members are legit, but it is also extremely helpful to setup alerts for additions to that group. Additions to privileged groups should be extremely rare, so it’s nice to get an email alert or SMS message anytime that happens – especially if it happens outside of a change window.

Auditing Active Directory is also vital as it is the heart and soul of access control for many companies. If someone gets access to critical information via an Active Directory group, the organisation will want to know who did it, when, and why. Then use file analysis logs to figure out exactly what the user did with their newfound access.

Another useful tool is behavioural analytics. According to Avivah Litan of Gartner, the Target breach and the Snowden disclosures could have been prevented by behavioural analytics. Who are we to argue? It’s not enough to look at one element out of context, the way traditional IPS systems do. You have to look at events in situ (e.g., Joe deleted 250 legal contracts five minutes ago and he works in the coffee shop – big red flag.)

Creating profiles of normal behaviour on a per-user basis helps build this context. If each user’s normal activity is given a baseline, then alerts can be triggered when that activity spikes or they start behaving uncharacteristically.

Note: this can only be done if and only if you have file analysis software in place to record and analyse every event across your file sharing (and email) infrastructure. However, once file analysis is implemented, you can do all sorts of cool things like:

  • Detect when a sensitive file is created in a public folder and auto-quarantine it.
  • Set up threshold alerts to sound when say, thousands of file copy events are firing within a minute.

This will usually indicate that a user is doing a massive copy/paste from a network share to a potentially unmonitored endpoint: exfiltration.

  • Monitor for normal business users creating or running EXE files on a server.

It’s also a best practice to monitor for excessive activity outside of normal operating hours and information beyond a person’s normal departmental data stores.

TIP #4: SET UP HONEYPOTS

A honeypot is a shared folder with data that looks lucrative and is open to everyone. It is set up purely to be monitored to see who tries to access it. The recipe is quite simple. First, set up a shared folder that is open to everyone. Something like:

X:\Share\Payroll or X:\Share\CEO. Then sit back and see who abuses it. You might find curious employees just snooping around or catch malware in action.

TIP #5: MONITOR HIGH-RISK PEOPLE AND DATA

It’s very important to know where your crown jewels are, and that typically requires some sort of data classification technology. But it shouldn’t end at discovery. Knowing that 700,000 files in the organisation’s environment contain unencrypted credit card numbers is nice (though it may induce a panic attack), but it’s not actionable. The classification software should also answer questions like: Who owns the files (not the creator/owner attribute – who really owns them)? Who has access to them? What are they doing with it? Have they been opened? Copied? By whom? When?

Once context is added through metadata, the classification results become much more actionable and it is possible to find and prioritise the riskiest data sets, keeping close tabs on the permissions, review access often (as mentioned earlier), and set up some alerts to detect abuse and leakage.

In addition to monitoring high-risk data, keep a very close watch on high-risk people, like IT administrators. It can be very difficult to monitor and police admin accounts because they usually need lots of access, but if domain admins are reading email in other people’s inboxes and marking them unread, that’s a red flag.

Whether organisations care to admit it or not, one of the biggest and most common threats to their businesses comes from within; and it isn’t usually best-seller material. While considerable time and money may be spent on contingency plans for the next big catastrophe or installing the latest and greatest security technology that promises to prevent another Heartbleed-esque disaster, many organisations completely overlook and underestimate the simple, albeit no less important, threats that can result from human error or privilege abuse. Following the above security guidelines will go a long way towards cutting back on the number of security incidents that are allowed to happen by focusing on the data itself rather than getting people to change their ways, thus significantly shrinking that elephant in the room.

[1] CMU Study https://resources.sei.cmu.edu/asset_files/Podcast/2006_016_102_66890.pdf

(193)

Share

Sharing Intelligence beyond boundaries


By Paul Slater, Executive Director of EMEA, Nuix

Investigators face many challenges when dealing with digital evidence. Digital communication technology enables criminals to operate across jurisdictional and national borders, hide their activities and evade detection and prosecution. Large-scale investigations into counterterrorism and organised crime, for example, can involve data from multiple suspects, each with numerous potential evidence sources that hold ever increasing volumes and complexities of digital evidence.

The traditional forensic investigation methodology of examining each data source individually can never hope to keep up. The combination of slow forensic tools and case backlogs mean that by the time investigators examine an evidence source, it may be months old. By this stage much of its intelligence value may be lost.

In search of the truth, forensic investigators know just how important it is to identify, extract and share intelligence. However, it is not uncommon for crucial information to reside outside the evidence gathered for a specific investigation. It may be in a previous or concurrent investigation conducted by the same personnel or someone else. It may be from a different agency, office, location or country. Unfortunately the ever growing volumes of digital evidence, coupled with small budgets and a lack of resources can make the time and cost of sharing intelligence prohibitively high.

If we’re to have any hope of putting together the pieces of the puzzle to understand all the facts, we must be able to identify and share intelligence quickly and easily – both internally and with other stakeholders. Connections between people, locations and events can be crucial to the facts of a case, but aren’t always immediately obvious. It would take superhuman brainpower to correlate connections from a single suspect’s hard drives, mobile devices, instant messages, cloud storage and so on. Multiply this by the number of suspects in an investigation and it becomes impossible
Investigators can use effective investigation technology to work smarter, not harder. Advanced technology gives investigators a shortcut to find hidden connections across large volumes of evidence and multiple jurisdictions, by extracting and correlating intelligence, and visually representing and analysing data. Investigators can then implement workflows to effectively share actionable intelligence with other agencies or investigations.

Here’s how technology can be applied in the right places to make this happen.

Intelligence
Using the traditional digital investigation model, investigators must take time to manually compare intelligence items across each evidence source. Advanced investigative tools use a “named entities” model to extract intelligence items that follow a particular pattern of letters and numbers. Such items may include names, countries, sums of money or credit card or passport numbers. Using technology intelligently allows investigators to see instantly which suspects have those items in common across all the evidence sources in the case. Using techniques such as timelines and network diagrams they can also identify who shared what, with whom and when.
Investigators can easily compile lists of relevant names, email addresses, phone numbers and bank account numbers, and search any available evidence sources for those intelligence items. These can also be securely shared with other agencies, who can then enrich their investigation by quickly searching their case files for the same items to see if any connections emerge.

Visualisation
Visually representing large volumes of data is a highly efficient way to locate the key facts and connections within the case. It also gives people a way to follow a hunch or idea down to very specific details in seconds – even if they have limited technical knowledge.
For example, an investigator could filter an entire evidence set to just display email messages within a relevant date range that contain credit card numbers. If that returns too many results, they could use other techniques such as keyword searches to further filter the evidence. These results can then be quickly visualised using a network diagram to see who is emailing sensitive material to whom.

Collaboration
By setting up an investigative lab, and changing investigation workflows, investigative teams can easily share evidence with those who need to see it – irrespective of where they are.
The first stage of this process involves the investigative team assembling all available evidence – including forensic images, email and mobile phone communications – into a single location. Once processed, the team can then divide up the task of reviewing the evidence between multiple investigators to complete the task faster. It can also be a way to distribute different types of evidence to the people most quali?ed to understand it and its context. For example, investigators could pass on financial records to forensic accountants, Internet activity to technical specialists or suspect images to specialist child protection teams.
Larger law enforcement agencies, advisory ?rms and businesses are already using this model to set up centralised evidence processing facilities that can provide access to the results to any desktop across the organisation.

What about forensics?
The above techniques allow investigators to apply technology where it is most suited, free themselves from tiresome menial work, make the best use of their brainpower and intuition and effectively share relevant and actionable intelligence.
These techniques don’t eliminate the need for forensic analysis, particularly in the areas of provenance and authenticity. But because the volume of evidence in most cases makes it too time-consuming to conduct deep forensic analysis on every data source, in-depth forensic analysis must become the exception, not the rule.
Using these techniques is a faster and more efficient way of identifying the evidence sources that contain the data required to prove or disprove the case. The investigative team can then pass a small number of evidence sources back to digital forensics specialists who now have more time to undertake the deeply technical and in-depth analysis needed to satisfy courts and authorities.

About the author:
Paul Slater, Executive Director of EMEA, Nuix
Paul Slater has over 20 years of experience in investigations, digital forensics and eDiscovery as a police officer and consultant. Slater has an MSc in Computer Forensics and started his career in forensic technology as a computer forensic investigator in the UK’s Greater Manchester Police. Slater has been a senior manager within PwC’s and Deloitte’s regional UK Forensic Technology teams and has served as interim head of the Digital Forensics Unit in the UK’s Serious Fraud Office where he implemented workflows that enabled them to process 20 times more electronic evidence each year. Slater was also a member of the review board for the 2012 update of the UK Association of Chief Police Officers’ Good Practice Guide for Digital Evidence.

(334)

Share

8th Annual Chief Information Security Officer Middle East Summit & Roundtable – full agenda announced

The vision of the leadership in the United Arab Emirates is to deliver government designed security in partnership with other institutions to pre-empt hostile actors by diagnosing and treating any disruptive attack on communications and critical infrastructure. Such advanced security design will change cyber security thinking around the world towards pre-emptive design and action.

As regional governments and companies continue investing heavily to protect, detect, and react to global cyber threats, MIS Training Institute plays a vital role in reducing cybercrime by providing a platform for regional, national, and international cooperation and addressing urgent cyber security challenges at the 8th Chief Information Security Officer Middle East Summit & Roundtable 2016. The event will be returning to Dubai, The UAE, 29 February to 3 March 2016, following its previous successes there and its subsequent tour across the GCC

Attended by the business community, Ministries of Defence, Police, Royal Navy, Central Banks and CERTS across the GCC region, MISTI’s CISO Middle East Summits are a well-established global platform for CIOs, CISOs, Directors of Information Security, Cyber Security and Technology Risk to meet and build trusted contacts and discuss specific priorities. The CISO Middle East Summit & Roundtable brings together global companies and governments in the Middle East and GCC region with peers internationally to share insights on recent projects, deployments, transformations and achievements.

Topics discussed for the summit will include:

  • Cyber Crime & Threat Intelligence – Cloud, Mobile, Data Analytics & Forensics Capabilities
  • Incident Response – Serious Attacks & CERT Responses, Cyber Insurance, Managing Reputation
  • Vulnerability Risk Management – Penetration Testing, Human Engineering, Securing Websites
  • Securing Smart Cities – CNI & Commercial Infrastructures; Bringing Virtual & Real Worlds Together
  • Security Trends & Emerging Technologies – IAM, Encryption, Artificial Intelligence, Internet of Things

For full agenda and registration, visit the event website:
http://www.ciso-summit.com/ciso-middle-east.html

MIS Training Institute is proud to highlight Digital Forensics Magazine as a valued event partner for this summit and invite its readers to benefit from this four day event.

Contact information:

MIS Training Institute: www.misti.com

Delegate enquiries: Joleen Sibley – jsibley@misti.com – +44 (0) 203 817 0809

Marketing enquiries: Chris Smout – csmout@misti.com – +44 (0) 203 824 4545

(127)

Share

Capturing Reality Forum will be taking place in Salzburg, Austria from 23-25 November 2015.

The must-attend event for professionals in the forensic, laser scanning, LiDAR, 3D data capture & modelling industry

Capturing Reality has a world class conference programme of groundbreaking papers, including a presentation from Noam Meir, Senior Systems, Bnei Eli Etkes, Israel on ‘Suspect height measurement from security camera images’ which reviews the challenges that forensic investigators face with security footage, major factors that influence the outcome results and suggested methods to overcome them. The conference is held over 3 days and offers 47 presentations from leading industry experts.
View the full conference programme online >

The conference is supported by an exhibition of 40 stands displaying the world’s leading manufacturers, software developers and service providers of 3D imaging, laser scanning and LiDAR products and services all under one roof.
View the exhibitor list online >

As an extra benefit to delegates, many exhibiting companies will host technical workshops, providing an opportunity for further in-depth discussion of technology. Workshops sessions are held throughout the 3 days running in 30 minute slots.
View the workshop programme online >

Network with visitors, exhibitors and fellow colleagues at the complimentary cocktail reception on opening night, Monday 23 November, 5.00pm until 7.00pm. All full delegates, Monday day/student delegates and Monday exhibition visitor badge holders are welcome.
View more information here >

Located in the centre of Europe, travelling to Salzburg couldn’t be easier. The Salzburg congress is just a five minute walk from the train station and is easily accessible from the W.A. Mozart Airport and via a scenic shuttle bus journey from Munich Airport.
View travel information here >

Salzburg is famous for their popular Christmas markets which are held from mid-November into December. Soak up the local atmosphere whilst browsing the traditional stalls in the beautiful Cathedral Square
View more information here >

Visitors are encouraged to register online in advance. Register for as little as 65 Euros for an exhibition day visitor or 360 Euros for a conference day delegate
Register online in advance now >

The Capturing Reality Forum combines the best of SPAR Europe and the European LiDAR Mapping Forum to create one unique event. For more information on the conference, exhibition, workshops, networking opportunities and to register, please visit: www.CapturingRealityForum.com
For the latest news join our LinkedIn group Capturing Reality Forum and follow us on twitter @CRealityForum #capturingreality

DigitalForensicsMagazine_BannerAd_300x200px_Static

(134)

Share

How secure are the world’s largest Cyber Security companies?

After recent high profile security breaches at the likes of TalkTalk and Vodafone, cyber security is big news. With 9 out of 10 companies claiming to be victims of cyber-crime, security is proving to be big business as companies battle to offer their clients the best protection.

However, new research shows that when choosing a provider it is also imperative to check how financially stable they are. Global market analysts Plimsoll have produced a new study on the world’s 300 largest Cyber Security companies which shows:

1 in 6 of the world’s largest Cyber Security companies are losing money 44 companies are in perilous financial danger The market looks primed for consolidation with 26 companies ripe for acquisition in 2016

David Pattison, lead analyst at Plimsoll explains, “It’s something of a gold rush at the minute with most companies completely unprotected until they are attacked. However, the latest Plimsoll Analysis has identified 44 providers that are financially unstable”.

Pattison continues, “When choosing a company to protect your business you need to invest a significant amount of time and money integrating their products into your own business. With this in mind, isn’t it prudent to check if your chosen provider is likely to be around to give the cover you need for at least the next few years?”

The Plimsoll Analysis provides an individual health assessment and valuation on the world’s 300 leading Cyber Security companies. A series of charts and written summaries show you which companies are strong and those that could be heading for financial trouble over the next few years.

(214)

Share

KilerRat: Taking over where Njrat remote access trojan left off

This remote access trojan (RAT) has capabilities ranging from manipulating the registry to opening a reverse shell. From stealing credentials stored in browsers to accessing the victims webcam. Through the Command & Control (CnC) server software, the attacker has capabilities to create and configure the malware to spread utilizing physic devices, such as USB drives, but also to use the victim as a pivot point to gain more access laterally throughout the network.

This remote access trojan could be classified as a variant of the well known njrat, as they share many similar features such as their display style, several abilities and a general template for communication methods . However, where njrat left off KilerRat has taken over. KilerRat is a very feature rich RAT with an active development force that is rapidly gaining in popularity amongst the middle eastern community and the world.

To read more about it visit:
https://www.alienvault.com/open-threat-exchange/blog/kilerrat-taking-over-where-njrat-remote-access-trojan-left-off

(422)

Share

Closed circuit TV standard available

BSI, the business standards company, revised BS 7958:2015 Closed circuit television (CCTV) – Management and operation – Code of practice. The changes take into account the introduction of the CCTV Code of Practice issued by the Surveillance Camera Commissioner (SCC) as required by the Freedoms of Information Act 2012.

Closed circuit television (CCTV) schemes provide the public with added reassurance that the environment in which they have the ‘right to visit’ is safe and protected. However it is crucial for them to have confidence that surveillance cameras are being used to protect and support them, rather than spy on them. The government considers that wherever overt surveillance in public places is used it shall be in pursuit of a legitimate aim and meets a pressing need.

CCTV schemes are set up in public places such as:

Areas where the public are encouraged to enter, such as town centres, shopping malls, public transport, educational and health establishments, etc
Schemes that overlook a public place, such as public footpaths, roads, bridle-ways for traffic monitoring and traffic enforcement schemes
Private schemes where a camera view includes a partial view of a public place
CCTV schemes that process personal data are obliged to conform to certain legislation such as the Data Protection Act 1998 (DPA), the Human Rights Act 1998 (HRA), the Freedom of Information Act 2000, the Protection of Freedoms Act 2012 and the Regulation of Investigatory Powers Act 2000. BS 7958 is designed to supplement this legislation and aims to ensure fairness, purpose and responsibility. For a public space CCTV system to be in use an Security Industry Authority (SIA) licence is required. Although monitoring for traffic offences does not require a SIA Licence*.

Anne Hayes, Head of Market Development for Governance & Risk at BSI said: “The Surveillance Camera Commissioner has already endorsed the use of this suite of CCTV standards for systems which need to follow the Surveillance Camera Code of Practice. This type of unity across standards can only provide the best reassurance and peace of mind for the public who rely on Video Surveillance Systems and CCTV to be operating optimally, should they need to be accessed at a later date.”

BS 7958 will be part of the best practice guidance for all local authority monitoring centres, police CCTV control rooms and all private industry CCTV control rooms.

What BS 7958 does:

Provides a set of a code of practice for  public space CCTV systems, taking due regard of the 12 principles of the Surveillance Camera Code of Practice
Gives recommendations for the management and operation of CCTV within a controlled environment, where data that might be offered as evidence is received, stored, reviewed or analyzed
Offers advice on best practice to assist owners in obtaining reliable information that can be used as evidence.
It applies to the monitoring and management of public spaces, including automatic number plate recognition (ANPR) and traffic enforcement cameras
Includes the operation and management of body worn cameras
Pays attention to the Private Security Industry Act 2001, which contains provisions for regulating the private security industry
Some of the organizations that have been involved in the collaborative consensus-based development process include: British Security Industry Association, Home Office Science,  IQ Verify, ITS UK Security and Resilience Interest Group, National Security Inspectorate, S S A I B, Security Industry Authority, Security Monitoring Centres Ltd and Scottish CCTV & Executive.

(266)

Share

More websites hit by Armada Collective with ‘most powerful DDoS ever’

An online criminal gang calling itself the “Armada Collective” has been demanding that online businesses pay thousands of dollars in Bitcoins, or face having their websites brought to their knees by some of the most powerful DDoS attacks recorded (http://www.forbes.com/sites/thomasbrewster/2015/11/09/armada-bitcoin-crooks-go-big/), Corero’s Chief Technical Officer Dave Larson has offered the following insight:

“Bitcoin ransom attacks are on the rise, with private email providers in the cross hairs as of late.  Any individual, with an internet connection and the motivation to strike, can execute a DDoS attack. With the anonymity of the attacks and Bitcoin payout transactions, DDoS represents an interesting new revenue stream for clever attackers.

“Organizations cannot wait until an attack has occurred before considering a contingency plan. The Internet connected business can eliminate DDoS threats, ransom related or otherwise, with purpose built DDoS protection solutions. Specifically, appliance-based network security products can be deployed at the Internet edge to defeat this problem before it enters the network. A first line of defense approach prevents network and service outages due to DDoS attacks by inspecting traffic at line-rate and blocking attacks in real time, while enabling complete and sophisticated visibility for actionable security intelligence related to DDoS attacks targeting Internet-facing services.”

(374)

Share