Tag: crime

By Cheryl Kahla for The South African

The National Cyber Security Centre (NCSC), a UK cyber security watchdog, recently released their list of the most-used passwords on the Internet.

A quick look at the most common passwords is enough to know that a lot of work still needs to be done to educate computer users about cybersecurity.

The most common password was ‘123456’ which was beat out by ‘123456789’, ‘qwerty’, ‘password’ and ‘1111111’.

While these common passwords are incredibly problematic, the most pervasive problem for home internet users was a combination of these easily guessed passwords, and the fact they were being re-used across multiple sites.

Re-using passwords on multiple platforms
Password re-use is problematic as a security breach on one site could compromise a users security on every other site the password is in use.

NCSC technical director Ian Levy explains:

“We understand that cybersecurity can feel daunting to a lot of people, but the National Cyber Security Centre has published lots of easily applicable advice to make you much less vulnerable.

He added that re-using a password is a major risk which can be avoided because “nobody should protect sensitive data with something that can be guessed”.

Favourite celebrities
Sports teams and first names are another common choices for passwords with ‘Ashley’ the most common name used as a password and ‘Liverpool’ the most common premier league football team name used as a password. ‘Blink182’ was the most common band.

“Using hard-to-guess passwords is a strong first step, and we recommend combining three random but memorable words. Be creative and use words memorable to you, so people can’t guess your password,” added Levy.

There are several password management tools available that can generate unique passwords and store them in a central place for users who want to take their online security to the next level.

You could be jailed for lying on your CV

By Tom Head for The South African

The National Qualifications Amendment Bill is not here to play, ladies and gentlemen. The adjustment to the existing legislation comes with some pretty stern updates, which aims to clamp-down on dishonesty from applicants who embellish the truth on a CV.

The South African Qualifications Association (SAQA) will be charged with monitoring the registered qualifications of each citizen in South Africa. That’s quite the task for such a modest regulatory body, but the ANC has voted the move through in Parliament.

What is the National Qualifications Amendment Bill?

Cyril Ramaphosa now has the final say on what happens next – it’ll be his decision on whether the government should plough ahead with the proposals should they remain in power after Wednesday 8 May.

The bill isn’t likely to impact working-to-middle class workers too much, but it will serve as a deterrent to citizens applying for high-profile jobs. Executives, CEOs and even our politicians will be subject to rigorous background checks. If they are found to be lying about their educational history, stiff penalties await:

“Any person convicted of an offence in terms of this act is liable to a fine or to imprisonment for a term of no longer than five years, or to both a fine and such imprisonment.”

“Any person, educational institution, board member or director may be ordered to close its business and be declared unfit to register a new business for a period not exceeding 10 years.”

Lying on your CV could soon be a serious legal issue

The punishment is not retroactive – so if your name is Jacob Zuma or Hlaudi Motsoeneng, you can breathe a sigh of relief. But if Ramaphosa decides to give this the green light, you may well have told your last porkie on a resume.

As IOL report, 97 national qualifications and 95 foreign qualifications were misrepresented between last October and November. That increased the total number of fraudulent applications up to 1 564 over the past 10 years.

The bill also aims to publish a “name and shame” list for those who try and push their luck just a little too far. So, if your CV is looking a little bare at the moment, try and think outside of the box – and not outside of reality.

 

By Lisa Du and Ayaka Maki for Bloomberg/Fin24

It’s watching, and knows a crime is about to take place before it happens.

Vaak, a Japanese startup, has developed artificial intelligence software that hunts for potential shoplifters, using footage from security cameras for fidgeting, restlessness and other potentially suspicious body language.

While AI is usually envisioned as a smart personal assistant or self-driving car, it turns out the technology is pretty good at spotting nefarious behaviour. Like a scene out of the movie “Minority Report,” algorithms analyse security-camera footage and alert staff about potential thieves via a smartphone app.

The goal is prevention; if the target is approached and asked if they need help, there’s a good chance the theft never happens.

Vaak made headlines last year when it helped to nab a shoplifter at a convenience store in Yokohama. Vaak had set up its software in the shop as a test case, which picked up on previously undetected shoplifting activity. The perpetrator was arrested a few days later.

“I thought then, ‘Ah, at last!’” said Vaak founder Ryo Tanaka, 30. “We took an important step closer to a society where crime can be prevented with AI.”

Shoplifting cost the global retail industry about $34bn in lost sales in 2017 – the biggest source of shrinkage, according to a report from Tyco Retail Solutions. While that amounts to approximately 2% of revenue, it can make a huge difference in an industry known for razor-thin margins.

The opportunity is huge. Retailers are projected to invest $200bn in new technology this year, according to Gartner, as they become more open to embracing technology to meet consumer needs, as well as improve bottom lines.

“If we go into many retailers whether in the US or UK, there are very often going to be CCTV cameras or some form of cameras within the store operation,” said Thomas O’Connor, a retail analyst at Gartner. “That’s being leveraged by linking it to an analytics tool, which can then do the actual analysis in a more efficient and effective way.”

Because it involves security, retailers have asked AI-software suppliers such as Vaak and London-based Third Eye not to disclose their use of the anti-shoplifting systems. It’s safe to assume, however, that several big-name store chains in Japan have deployed the technology in some form or another.

READ: Amazon facial AI matched politicians with criminals in test
Vaak has met with or been approached by the biggest publicly traded convenience-store and drugstore chains in Japan, according to Tanaka.

Big retailers have already been adopting AI technology to help them do business. Apart from inventory management, delivery optimisation and other enterprise needs, AI algorithms run customer-support chatbots on websites. Image and video analysis is also being deployed, such as Amazon.com’s Echo Look, which gives users fashion advice.

“We’re still just discovering all the market potential,” Tanaka said. “We want to keep expanding the scope of the company.”

Founded in 2017, Vaak is currently testing in a few dozen stores in the Tokyo area. The company began selling a market-ready version of its shoplifting-detection software this month, and is aiming to be in 100 000 stores across Japan in three years. It has ¥50m ($450 000) in funding from SoftBank Group’s AI fund, and is in the middle of its series A round, seeking to raise ¥1bn.

What makes AI-based shoplifting detection a straightforward proposition is the fact that most of the hardware – security cameras – is usually already in place.

READ: Microsoft seeks to restrict abuse of its facial recognition AI
“Essentially this is using something that’s been underutilised for decades,” said Vera Merkatz, business development manager at Third Eye. Founded in 2016, the startup offers services similar to Vaak in the UK market, where it has a deal with a major grocery chain. Third Eye is looking to expand into Europe.

The ability to detect and analyse unusual human behaviour also has other applications. Vaak is developing a video-based self-checkout system, and wants to use the videos to collect information on how consumers interact with items in the store to help shops display products more effectively.

Beyond retail, Tanaka envisions using the video software in public spaces and train platforms to detect suspicious behavior or suicide jumpers. At Third Eye, Merkatz said she’s been approached by security management companies looking to leverage their AI technology.

“The potential is broad since it can be applied outside of shoplifting prevention and outside of retail — such as with manufacturing or other types of marketing,” said Hiroaki Ando, a retail consultant at Ernst & Young Advisory & Consulting in Tokyo.

By Raymond Brown for Cambridge News

A secretary sold £48 000 of office supplies bought on a company credit card on eBay and told police she “got a buzz from treating her family and friends to nice things they could not afford”.

Jessica Prince, 35, of North Brink, Wisbech, was suspected of fraud after her employer’s accountant received an invoice from an unregistered supplier.

Prince had been selling ink cartridges and other office supplies purchased on her company credit card for a profit using her personal eBay account.

She has been jailed for 20 months.

How Prince’s scheme worked
Her scheme was discovered after it was found that the company had spent more than £48,000 on ink cartridges and other office equipment in the space of seven months, with invoices being doctored to conceal what was actually being ordered.

Prince had been employed as the company director’s personal secretary and was responsible for the smooth running and administration of the company office, including ordering stationery, office furniture, booking taxis, flights and hotels.

An internal investigation revealed Prince had been abusing her position to make large purchases but hiding it from the company director and accountant.

Prince was arrested on July 26 last year and in interview admitted having used her company’s credit card to purchase items and then sell them on for profit.

Officers were told it started off as a mistake after she accidentally purchased the wrong printer toner and was told it was non-refundable. She claimed she was told to sell it through eBay and give the money back to her company. She used her own personal eBay account to sell the toner but kept the money.

This was the first of many instances, placing bigger orders worth thousands of pounds on the company credit card, selling them on for a profit using her personal eBay account.

Prince told officers she “got a buzz from treating her family and friends to nice things they could not afford” but “felt like scum at work because she knew she was committing fraud”.

By Shanice Naidoo for IOL

A Bloubergstrand man had his Absa business account swindled out of R3.1 million while he was in Miami for two months.
Feruccio Ferucci left Cape Town in October without suspecting that his banking information had been stolen.

Around the end of October, his Vodacom SIM card stopped working as well as his internet banking. Growing suspicious, he contacted his daughter in Cape Town to find out from Vodacom what had happened. They informed her that a SIM swap had been done.

“I did not authorise the SIM swap. My phone stopped working for about three weeks and then started working again.

“I haven’t heard anything from Vodacom telling me what happened because my phone just started working again three weeks later,” said Ferucci.

When he returned on December 2, he was shocked to find out from his staff about transactions which were not approved by them at his business in Paarl or by himself. These were fraudulent transactions which had gone off the business account during two of the weeks which his phone had not been working equating to R3.1m.

“These transactions were around R300 000 each and there were about ten transactions. I then contacted my attorney and he referred me another attorney who specialises in this type of crime. I then wrote a protest letter to Absa threatening to close my account with them and my money was refunded around December 23,” said Ferucci.

On speaking to the new attorney, he was told that this was often done to people who are overseas because perpetrators assume one would not check their phone regularly.

“The attorney told me that 90% of the cases he deals with involved people who went overseas. There is no doubt in my mind that what happened to me was promoted by employees of both Vodacom and Absa.

“They probably didn’t steal the money but they probably sell the information,” said Ferucci.

Both Absa and Vodacom have said they are investigating the matter.

IRS Forensic Investigations, which investigates financial, organised and cyber crimes director Chad Thomas said sim swaps are a major issue, with some victims reporting that they have become victims of crime while their phones have been off while they have been travelling long distances.

However, the breach of personal data, including credit card numbers is not just confined to individual hacks via trojans or malware but is also as a result of highly sophisticated cyber attacks on data stored by corporates.

“People need to take cognisance of the fact that a sufficiently determined and capable hacker can take over someone’s online footprint if the correct measures are not taken to protect their information. However, it is not just the individual that needs to take precautions, but also corporates that are storing client’s information and have a responsibility to safeguard that information,” said Thomas.

Source: IT News Africa

As South Africa’s business sector continues to expand across a myriad of digital platforms, cybercrime continues to threaten this burgeoning digital sphere. “There are many victims of cybercrime, with limited recourse available in terms of current South African law. The need for tighter and more effective legislation is pressing,” says Grant Christianson, e4’s Group Legal Advisor.

The end of October 2018 hopefully saw the legislative cycle for the Cybercrimes Bill nearing completion, as the Department of Justice and Constitutional Development tabled an updated version. Christianson says that the existing laws have become problematic in adequately combatting cybercrime and the new Bill is needed to effectively “fill-the-gaps” that exist in current legislation and the common law.

“According to the South African Banking Risk Information Centre (SABRIC), South Africa’s annual loss is estimated at R2,2 billion, making it a significant threat to an already volatile economy.”

While the Bill does no longer address cybersecurity, he says that it will provide a framework for combatting cybercrime. Initially drafted in 2015, it addresses criminal activity that is computer-based and is related to unlawful access to, interference with or distribution of data, electronic communications, information systems and networks. He says the Bill also creates new offences for hacking; phishing, cyber bullying, unlawful interception and distribution of data, ransomware, cyber forgery and extortion, as well as acts involving malware and identity theft. Anyone convicted is likely to be fined and/or imprisoned up to 15 years.

The Bill is also expected to align with international best practice: “There will be a requirement to co-operate with other countries to effectively deal with multi-jurisdictional cybercrime activity, as often the cyber offence is created in one jurisdiction and felt in another,” says Christianson.

As a country, with the third highest number of cybercrime victims worldwide, South Africa is a target. Christianson says that mobile technology will further impact users as the country’s growing reliance on the app economy and other mobile trends will drive cyber criminals to penetrate mobile networks: “As devices become more connected and smarter, users are more exposed and so the threat grows. Digitisation is a trend that has no end in sight and while it brings with it innovation and exciting changes, cybercrime continues to grow in parallel.”

While the timeframe for the Bill’s signature is uncertain, Christianson says that it is at least in its final stages and once signed into law, the law-enforcement industry can become more proactive in its pursuit of cybercriminals.

By Genevieve Quintal for Business Live

The VBS Mutual Bank is “hopelessly insolvent” and should be wound up as the purpose and object of the bank no longer exists.

This is according to the Reserve Bank’s Prudential Authority’s application to the high court in Pretoria.

The bank was placed under curatorship in March after looting by executives led to a liquidity crisis. A damning Reserve Bank report by advocate Terry Motau and Werksmans Attorneys, released earlier in October, detailed looting at VBS bank of nearly R2bn and identified the role of political players from the ANC and the EFF.

In an affidavit to the high court, Prudential AuthorityCEO Kuben Naidoo said the bank was hopelessly insolvent.

“Despite the efforts of the curator, the vortex of the black hole created by the role-players named in the investigator’s report, has resulted in the disappearance of VBS’s substratum and it being objectively impossible for VBS to achieve the purpose of its existence,” he said.

This decision will not sit well with various ANC MPs and those from the EFF who have called for the bank to be recapitalised.

During his maiden medium-term budget policy statement (MTBPS) last week, finance minister Tito Mboweni also indicated that the embattled bank could be saved. But Naidoo said the restatement of the 2017 financial statements, which were falsified and signed off by KPMG partner Sipho Malaba, was a monumental task for the curator, Anoosh Rooplal, to reconstruct the VBS balance sheet.

The results of this indicated that VBS’s liabilities exceed its assets and therefore it was “factually insolvent”. Naidoo said there was no possibility that VBS would be in a position to pay its debts and there was no possibility or prospect of the bank becoming a successful concern.

Rooplal also determined that curatorship was no longer viable for VBS.

It was necessary to bring an end to the curatorship as it would enable a liquidator to utilise the mechanisms provided by the insolvency and company law legislation, to recover monies from recipients in terms of void and impeachable transactions.

Naidoo said that after receiving a letter from the curator and after considering the investigator’s report he, in consultation with the governors of the Reserve Bank, determined that VBS must be placed in final winding up. “VBS is hopelessly insolvent and massive frauds have been perpetrated against it. There is no prospect of entering into any resolution plan in respect of VBS.”

The present activities relating to VBS are primarily directed at recoveries resulting from the thefts and frauds addressed in the Motau’s report, he said, adding that in the circumstances, it would not serve any purpose to grant a provisional winding-down order, as the conclusion of the “hopeless financial position” and the conduct of those who managed VBS, was unavoidable

He has asked the court to hear the urgent application to finally liquidate VBS on November 13, and has also asked the high court to appoint Rooplal as the liquidator as he has been inextricably involved in the affairs of VBS for the past seven months.

Source: MyBroadband

If your bank card gets stolen and you cancel it, this does not automatically mean that all payments from it will be blocked.

This was the case when two FNB customers contacted MyBroadband about their frustrating experiences with the bank.

The customers both had their FNB bank cards stolen in different scenarios – and both contacted FNB to have their cards cancelled.

Despite cancelling the cards, both users noted small payments still going off their bank accounts via card transactions.

The charges were toll gate fees.

In one case, the customer reportedly asked FNB why the cancelled card could still make transactions. He said he was told by FNB that he would have to blacklist the card, on top of cancelling it, to stop the transactions.

In the other case, the customer stated that all he could do was get a refund for the toll gate fees.

This customer subsequently contacted the toll gates where his card was being used to ask them to block transactions on it.

He also managed to obtain an image of the vehicle using his stolen card – it was a white Toyota minibus taxi with a Gauteng registration.

FNB responds
MyBroadband contacted FNB for feedback on the matter, and the bank confirmed that the bank cards were cancelled as described above.

“Unfortunately, due to toll gate merchants operating in an offline environment, this prevents them from obtaining authorisation from the bank for transactions of this nature. As a result, additional transactions were posted,” said FNB.

“The customer will not incur any loss resulting from fraud in this scenario.”

FNB was asked what a bank customer should do to ensure their cancelled card is not used to make these types of transactions, but the bank did not provide feedback.

Offline transactions
According to PASA (Payments Association of South Africa) documents, lost and stolen card fraud at toll gates has been highlighted as a significant concern in recent years.

“Although toll card transactions are a card present transaction, fast throughput of vehicles is important and transactions are thus processed in an offline and delayed manner – cleared in batch,” states PASA.

“Importantly, unlike any other offline card present card transactions, toll gate transactions are not verified by the cardholder in any way.”

It added that while toll gate transactions are checked against the “Hot Card” file, this “only contains a limited number of all lost and stolen card details”.

By Andile Sicetsha for The South African

The South African Police Service’s (SAPS) cybercrime unit has been forced to drop investigations into hundreds of cases because software licenses have not been paid.

A report in the Sunday Times revealed that investigations into organised crimes, hacking and EFT scams have been halted due to expired software licenses for equipment used to decode and interpret cellphone data.

Other forensic capabilities have also been hindered by this. Data that would’ve been vital in the trial of alleged Islamic State members, Aslam Del Vecchio and Fatima Patel, is not available because of this.

Earlier this year, a service provider appointed by the State Information Technology Agency (SITA) threatened to halt essential services due to lack of payment, and the parliamentary portfolio committee on police said several police and SITA agreements were major security risks.

Speaking to the Sunday Times, a source with knowledge of the cybercrime unit’s operations said the police were migrating from technology that could be used in the field to a solution which tied officers to their desks.

In the past, investigators used a system called Cellebrite Touch. This was a device that could be used to interpret cellphone data in the field. It was quick and efficient.

This time, however, it seems that the unit has been moved to a desktop system, meaning that there would be a larger gap in turnaround times, and in this form of crime, time is everything.

Craig Pederson, the head of digital forensics at Computer Guyz, expressed the importance of the work conducted by the cybercrime unit.

“We live in an age where technology is used broadly and plays a definite role in many of the more serious crimes. The unit is a vital link in the complex task of collecting evidence”, Pederson stated.

Brenda Muridili, the SAPS’ spokesperson, could only state that the police would not be commenting on the issue.

“We are not able to disclose any information with regard to covertly required IT solutions”, she said.

Follow us on social media: 

               

View our magazine archives: 

                       


My Office News Ⓒ 2017 - Designed by A Collective


SUBSCRIBE TO OUR NEWSLETTER
Top