Mishcon Cyber Watch - November 2014

Posted on 28 November 2014

Welcome to the November edition of Mishcon Fraud Watch. Its aim is to provide businesses and their advisors with a snapshot of what has been happening in the world of fraud in the last month.


Research by PriceWaterhouseCoopers on behalf of the Department of Business, Innovation and Skills claims that 60% of small to medium sized businesses have suffered some kind of data breach within the past 12 months, and that nearly half of those firms had a significant incidence. The most widespread problems were staff introducing infected external devices or opening infected emails, along with poor password security.
Vicki Owen, Mail on Sunday, 26 October 2014

Ernst & Young's annual Global Information Survey claims that over a third of companies do not have the necessary insight to combat cyber security threats. The report, which surveyed over 1800 companies in 60 countries, shows that around half of all companies inspected had neither the budget nor the skilled employees to face the increase in cyber security. These figures are very similar to those reported in 2013, highlighting that few companies are making efforts to combat cyber threats.
PR Newswire, 29 October 2014

Francis Maude of the Cabinet Office issued a call for companies to be more transparent over cyber attacks they have suffered, to assist the insurance industry with developing the necessary cover. He argues that secrecy over attacks severely limits everyone's ability to effectively protect themselves against current risks.
Alistair Gray,Financial Times, 5 November 2014

The City of London Police's commissioner and the New York Department of Financial Services have jointly warned that the City of London is at high risk of a cyber attack by jihadi terrorists such as Isis and that more needs to be done to protect against such attacks. They also announced that from early 2015, staff from the two departments will be permanently located in each other's offices.
Helen Warrell, Financial Times, 19 November 2014



A study conducted by the Poneman Institute on behalf of Hewlett Packard has revealed that for large American companies, the cost per year of dealing with cyber crime has reached nearly $13m. This figure has doubled over the past 5 years.
Greg Edwards, Memphis Business Journal, 22 October 2014

Banks and financial services companies have been investing heavily in cyber security start-ups in the belief that they may play a significant role in the fight against cyber criminals and hackers. According to figures from CB Insights, corporate entities have doubled their investment in cyber security over the past two years.
Hannah Kuchler, FT.com, 26 October 2014

The US Department of Justice has tabled amendments to allow the FBI to have a wide-ranging ability to hack into civilian PCs, smartphones and tablets within the US and internationally
Legal Monitor Worldwide, 3 November 2014

The US Postal Service has been the victim of a cyber attack. The dates of birth, addresses and social security numbers of their employees have been potentially compromised, along with the telephone numbers, email addresses and related information of customers using its call centre.
Tom Raum, Associated Press, 10 November 2014

The Department of Justice announced that Cameron Harrison, aka “Kilobit,” was sentenced by a Georgia federal court to over nine years in prison and ordered to pay $50.8 million in restitution for his involvement with the identity theft and credit card fraud ring known as “Carder.su.”  Fifty-five individuals have been charged with involvement in the Carder.su organisation; 26 have been convicted so far.
Department of Justice Press Release, 13 November 2014

The Department of Justice announced that federal law enforcement agents from the Department of Justice, the U.S. Attorney’s Office for the Southern District of New York, and law enforcement agencies from 16 countries seized website addresses and computer servers relating to Tor hidden service .onion website addresses that were selling a range of illegal goods and services.  The addresses and servers were part of a special network designed to hide the locations of users, and the action represents the largest move against the Tor network to date.
Department of Justice Press Release, 7 November 2014

The Department of Justice announced that Cameron Lacroix was sentenced to four years in prison by a Massachusetts federal court for hacking into various computer networks around the country, altering academic records, and stealing credit and debit card numbers.  Mr. Lacroix admitted that between May 2011 and May 2013 he collected the card data of more than 14,000 account holders, that between August 2012 and November 2012 he hacked into law enforcement computer servers, and that between September 2012 and November 2013 he hacked into Bristol Community College’s servers to change his and two other students’ grades.
Department of Justice Press Release, 27 October 2014



The Australian government has introduced new data retention laws which force internet companies to store their customers metadata for two years. Concerns have been raised from the industry that the new requirements mean companies may need to purchase extra cloud storage, and the cost implications could mean them purchasing cheap offshore storage that is considered much less secure. The government has said it will consider this issue before the new data retention rules come into force.
Matthew Knott, David Wroe, Sydney Morning Herald, 1 November 2014



A Danish court has sentenced the founder of the Pirate Bay file-sharing site to three years in prison. Gottfried Svartholm Warg was found guilty of hacking into the servers of a private company which handles information for the Danish authorities, and of stealing social security numbers, police records and drivers' licence details.
i-Independent, 1 November 2014



A new bill introduced by the Nigerian government aims to introduce sentences of up to seven years for anyone convicted of cyber crime and computer-related frauds including cyber-stalking and cyber-squatting.
Nigerian Tribune, 24 October 2014



Senior members of Hewlett Packard's security division claim that lack of disclosure regulations in Latin American countries is significantly slowing the continent's fight against cyber crime.  Columbia and Mexico are considered to have made the most noticeable advances by introducing data privacy protection laws which require the disclosure of breaches.
Business News Americas, 2 November 2014