Connect with us

Technology

Espionage, ID theft? Myriad risks from stolen Marriott data

Editor

Published

on

[ad_1]

The data stolen from the Marriott hotel empire in a massive breach is so rich and specific it could be used for espionage, identity theft, reputational attacks and even home burglaries, security experts say.

Hackers stole data on as many as 500 million guests of former Starwood chain properties over four years including credit card and passport numbers, birthdates, phone numbers and hotel arrival and departure dates.

It is one of the biggest data breaches on record. By comparison, last year’s Equifax hack affected more than 145 million people. A Target breach in 2013 affected more than 41 million payment card accounts and exposed contact information for more than 60 million customers.

But the target here — hotels where high-stakes business deals, romantic trysts and espionage are daily currency — makes the data gathered especially sensitive.

The affected reservation system could be extremely enticing to nation-state spies interested in the travels of military and senior government officials, said Jesse Varsalone, a University of Maryland cybersecurity expert.

Watch: Data breach affects up to 500M Marriott Hotel guests

The Marriott hotel chain says up to half a billion people who stayed at Starwood hotels between 2014 and 2018 may have had their personal information stolen. 1:47

“There are just so many things you can extrapolate from people staying at hotels,” he said.

And because the data included reservations for future stays, along with home addresses, burglars could learn when someone wouldn’t be home, said Scott Grissom of LegalShield, a provider of legal services.

The affected hotel brands were operated by Starwood before it was acquired by Marriott in 2016. They include W Hotels, St. Regis, Sheraton, Westin, Element, Aloft, The Luxury Collection, Le Meridien and Four Points. Starwood-branded timeshare properties were also affected. None of the Marriott-branded chains were threatened.

‘Marriott may never share their findings openly’

Email notifications for those who may have been affected begin rolling out Friday and the full scope of the breach was not immediately clear.

Marriott was trying to determine if the purloined records included duplicates, such as a single person staying multiple times.

Security analysts were especially alarmed to learn of the breach’s undetected longevity. Marriott said it first detected it Sept. 8 but was unable to determine until last week what data had possibly been exposed — because the thieves used encryption to remove it in order to avoid detection.

Marriott said it did not yet know how many credit card numbers might have been stolen. A spokesperson said Saturday that it was not yet able to respond to questions such as whether the intrusion and data theft was committed by a single or multiple groups. (Matt Rourke/Associated Press)

Marriott said it did not yet know how many credit card numbers might have been stolen. A spokesperson said Saturday that it was not yet able to respond to questions such as whether the intrusion and data theft was committed by a single or multiple groups.

Cybersecurity expert Andrei Barysevich of Recorded Future said Saturday he believed the breach was financially motivated.

We will have to wait until an official forensic report, although Marriott may never share their findings openly– Cybersecurity expert Andrei Barysevich

A cybercrime gang expert in credit card theft such as the eastern European group known as Fin7 could be a suspect, he said, noting that a dark web credit card vendor recently announced that 2.6 million cards stolen from an unnamed hotel chain would soon be available to the online criminal underworld.

“We will have to wait until an official forensic report, although Marriott may never share their findings openly,” he said.

Marriott said the stolen credit card information was encrypted but the hackers may have obtained the “two components needed to decrypt the payment card numbers.” It said it cannot “rule out the possibility that both were taken.”

For as many as two-thirds of those affected, the exposed data could include mailing addresses, phone numbers, email addresses and passport numbers. Also dates of birth, gender, reservation dates, arrival and departure times and Starwood Preferred Guest account information.

Theft of passport numbers a concern

The breach of personal information could put Marriott in violation of new European privacy laws, as guests included European travellers.

Marriott set up a website and call centre for customers who believe they are at risk.

The FBI would not say whether it is investigating, but said in a statement that anyone contacted by Marriott should “take steps to monitor and safeguard their personally identifiable information and report any suspected instances of identity theft to the FBI’s Internet Crime Complaint Center at www.ic3.gov.”

Passport numbers have previously been part of a hack, though it’s not common. They were among records on 9.4 million passengers of Hong Kong-based airline Cathay Pacific obtained in a breach announced in October.

Combined with names, addresses and other personal information, passport numbers are a greater concern than stolen credit card numbers because thieves could use them to open fraudulent accounts, said analyst Ted Rossman of CreditCards.com.

The data purloining highlights just how dangerous hotels can be for people worried about their privacy.

“Hotels have long been important government sources of local information for tracking foreigners: reservation systems and loyalty programs took the surveillance global and made it easier for us to give up our privacy,” said Colin Bastable, CEO of Lucy Security.

Consumers have become collateral damage… And we are all consumers– Colin Bastable, CEO of Lucy Security

Intelligence agencies including the U.S. National Security are well plugged into the global travel industry “by fair means or foul,” he said, non-government cybercriminals now have the same hacking tools.

“Consumers have become collateral damage,” he said. “And we are all consumers.” He advises providing hotels with as little information as possible when making reservations and checking in.

Last year, the cybersecurity firm FireEye highlighted an effort in which Russian state agents allegedly tried to infiltrate the reservation systems of hotels in Europe and the Middle East.

When its acquisition by Marriot was first announced in 2015, Starwood had 21 million people in its loyalty program. The company manages more than 6,700 properties across the globe, most in North America.

Marriott, based in Bethesda, Md., said in a regulatory filing that it was too early to say what financial impact the breach might have on the company. It said it has cyber insurance and is working with its carriers to assess coverage. (Danny Johnston/Associated Press)

Marriott, based in Bethesda, Md., said in a regulatory filing that it was too early to say what financial impact the breach might have on the company. It said it has cyber insurance and is working with its carriers to assess coverage.

Elected officials were quick to call for action.

The New York attorney general opened an investigation.

Virginia Sen. Mark Warner said the U.S. needs laws that limit the data companies can collect on customers and ensure that companies account for security costs rather than making consumers “shoulder the burden and harms resulting from these lapses.”

[ad_2]

Source link

قالب وردپرس

Technology

Top 5 Analytics Trends That Are Shaping The Future

Editor

Published

on

By

Digital transformation is increasingly becoming the focus for many CIOs around the world today—with analytics playing a fundamental role in driving the future of the digital economy.

While data is important to every business, it is necessary for businesses to have a firm grip on data analytics to allow them transform raw pieces of data into important insights. However, unlike the current trends in business intelligence—which is centred around data visualization—the future of data analytics would encompass a more contextual experience.

“The known data analytics development cycle is described in stages: from descriptive (what happened) to diagnostic (why did it happen), to discovery (what can we learn from it), to predictive (what is likely to happen), and, finally, to prescriptive analytics (what action is the best to take),” said Maurice op het Veld is a partner at KPMG Advisory in a report.

“Another way of looking at this is that data analytics initially “supported” the decision-making process but is now enabling “better” decisions than we can make on our own.”

Here are some of the current trends that arealready shaping the future of data analytics in individuals and businesses.

  1. Growth in mobile devices

With the number of mobile devices expanding to include watches, digital personal assistants, smartphones, smart glasses, in-car displays, to even video gaming systems, the final consumption plays a key role on the level of impact analytics can deliver.

Previously, most information consumers accessed were on a computer with sufficient room to view tables, charts and graphs filled with data, now, most consumers require information delivered in a format well optimized for whatever device they are currently viewing it on.

Therefore, the content must be personalized to fit the features of the user’s device and not just the user alone.

  1. Continuous Analytics

More and more businesses are relying on the Internet of Things (IoT) and their respective streaming data—which in turn shortens the time it takes to capture, analyze and react to the information gathered. Therefore, while analytics programspreviously were termed successful when results were delivered within days or weeks of processing, the future of analytics is bound to drastically reduce this benchmark to hours, minutes, seconds—and even milliseconds.

“All devices will be connected and exchange data within the “Internet of Things” and deliver enormous sets of data. Sensor data like location, weather, health, error messages, machine data, etc. will enable diagnostic and predictive analytics capabilities,” noted Maurice.

“We will be able to predict when machines will break down and plan maintenance repairs before it happens. Not only will this be cheaper, as you do not have to exchange supplies when it is not yet needed, but you can also increase uptime.”

  1. Augmented Data Preparation

During the process of data preparation, machine learning automation will begin to augment data profiling and data quality, enrichment, modelling, cataloguing and metadata development.

Newer techniques would include supervised, unsupervised and reinforcement learning which is bound to enhance the entire data preparation process. In contrast to previous processes—which depended on rule-based approach to data transformation—this current trend would involve advanced machine learning processes that would evolve based on recent data to become more precise at responding to changes in data.

  1. Augmented Data Discovery

Combined with the advancement in data preparation, a lot of these newer algorithms now allow information consumers to visualize and obtain relevant information within the data with more ease. Enhancements such as automatically revealing clusters, links, exceptions, correlation and predictions with pieces of data, eliminate the need for end users to build data models or write algorithms themselves.

This new form of augmented data discovery will lead to an increase in the number of citizen data scientist—which include information users who, with the aid of augmented assistance can now identify and respond to various patterns in data faster and a more distributed model.

  1. AugmentedData Science

It is important to note that the rise of citizen data scientist will not in any way eliminate the need for a data scientist who gathers and analyze data to discover profitable opportunities for the growth of a business. However, as these data scientists give room for citizen data scientists to perform the easier tasks, their overall analysis becomes more challenging and equally valuable to the business.

As time goes by, machine learning would be applied in other areas such as feature and model selection. This would free up some of the tasks performed by data scientist and allow them focus on the most important part of their job, which is to identify specific patterns in the data that can potentially transform business operations and ultimately increase revenue.

Continue Reading

Technology

Waterloo drone-maker Aeryon Labs bought by U.S. company for $265M

Editor

Published

on

By

[ad_1]

Waterloo’s Aeryon Labs has been bought by Oregon-based FLIR Systems Inc. for $256 million, or $200 million US.

The acquisition was announced Monday. 

Dave Kroetsch, co-founder and chief technology officer of Aeryon Labs, says not much will change in the foreseeable future.

“The Waterloo operations of Aeryon Labs will actually continue as they did yesterday with manufacturing, engineering and all the functions staying intact in Waterloo and ultimately, we see growing,” he said.

“The business here is very valuable to FLIR and our ability to sell internationally is a key piece of keeping these components of the business here in Canada.”

Aeroyn Labs builds high-performance drones that are sold to a variety of customers including military, police services and commercial businesses. The drones can provide high-resolution images for surveillance and reconnaissance.

The drones already include cameras and thermal technology from FLIR. Jim Cannon, president and CEO of FLIR Systems, said acquiring Aeryon Labs is part of the company’s strategy to move beyond sensors “to the development of complete solutions that save lives and livelihoods.”

‘A piece of a bigger solution’

Kroetsch said this is a good way for the company to grow into something bigger.

“We see the business evolving in much the direction our business has been headed over the last couple of years. And that’s moving beyond the drone as a product in and of itself as a drone as a piece of a bigger solution,” he said.

For example, FLIR bought a drone company that builds smaller drones that look like little helicopters.

“We can imagine integrating those with our drones, perhaps having ours carry their drones and drop them off,” he said.

FLIR also does border security systems, which Kroetsch says could use the drones to allow border agents to look over a hill where there have been issues.

“We see the opportunity there as something that we never could have done on our own but being involved with and part of a larger company that’s already providing these solutions today gives us access not only to these great applications, but also to some fantastic technologies,” he said.

Aeryon Labs has done a lot of work during emergency disasters, including in Philippines after Typhoon Hagupit in 2014, Ecuador after an earthquake in 2016 and the Fort McMurray wildfire in 2016.

[ad_2]

Source link

قالب وردپرس

Continue Reading

Technology

Inuvik infrastructure may not be ready for climate change, says study

Editor

Published

on

By

[ad_1]

The Arctic is expected to get warmer and wetter by the end of this century and new research says that could mean trouble for infrastructure in Inuvik.

The study from Global Water Futures looked at how climate change could impact Havipak Creek — which crosses the Dempster Highway in Inuvik, N.W.T. — and it predicts some major water changes.

“They were quite distressing,” John Pomeroy, director of Global Water Futures and the study’s lead author, said of the findings.

Researchers used a climate model and a hydrological model to predict future weather and climate patterns in the region. They also looked at data gathered from 1960 to the present. 

If greenhouse gas emissions continue at their current rate — which Pomeroy said they are on track to do — the study projects the region will be 6.1 C warmer by 2099 and precipitation, particularly rain, will increase by almost 40 per cent.

The study also found that the spring flood will be earlier and twice as large, and the permafrost will thaw an additional 25 centimetres. While the soil is expected to be wetter early in the summer, the study said it will be drier in late summer, meaning a higher risk of wildfires.

John Pomeroy is the director of Global Water Futures. (Erin Collins/CBC)

“The model’s painting kind of a different world than we’re living in right now for the Mackenzie Delta region,” Pomeroy said.

He noted these changes are not only expected for Havipak Creek, but also for “many, many creeks along the northern part of the Dempster [Highway].”

Pomeroy said the deeper permafrost thaw and a bigger spring flood could pose challenges for buildings, roads, culverts and crossings in the area that were designed with the 20th century climate in mind.

He said the projected growth of the snowpack and the spring flood are “of grave concern because that’s what washes out the Dempster [Highway] and damages infrastructure in the area.”

Culverts and bridges may have to be adjusted to allow room for greater stream flows, Pomeroy said. And building foundations that are dependent upon the ground staying frozen will have to be reinforced or redesigned.

Pomeroy said the ultimate solution is for humans to reduce greenhouse gas emissions.

“This study is the future we’re heading for, but it’s not the future we necessarily have if we can find a way to reduce those gases,” he said.  

“It’d be far smarter to get those emissions under control than to pay the terrible expenses for infrastructure and endangered safety of humans and destroyed ecosystems.”

[ad_2]

Source link

قالب وردپرس

Continue Reading

Chat

Trending