TD Whistleblower: Bank offshoring work & data without customers knowledge


Weekly Axis Of Easy #23


In this issue:

  • Facebook feed change will leave independent news out in the cold
  • Baby *do* Fear The Reaper: new botnet bigger than Mirai 
  • BadRabbit Ransomware spreading from Eastern Europe
  • TD Whistleblower: Bank offshoring work & data without customers knowledge

Facebook feed change will leave independent news out in the cold

Does your organization depend on unpaid traffic from Facebook? Perhaps from content you write that gets shared a lot? Better start working on a “Plan B” as Facebook tests a new algorithm in six countries (Eastern Europe and Sri Lanka) where all unpaid posts get moved to a secondary tab called “Explore newsfeed” while your main feed will contain only posts from friends and promoted (paid) content.

“Utterly devastating” are the early results. Independent news publishers, citizens outreach groups and NGOs in the test beds are seeing their traffic plunge 60% to 80% literally overnight.

I’ve written about this as far back as 2007, cautioning around the temptation to build an entire model around somebody else’s 800 lb gorilla.  When you do, you literally exist at the whim of the gorilla. But in the age of gigantic social networks and pervasive search engine reach, how do you minimize your dependancy on them? This is one of the main themes I’ll be covering in the Guerrilla Capitalism newsletter. (That, and bitcoin 🙂

Baby *do* Fear The Reaper: new botnet bigger than Mirai 

Security researchers have been following the growth of a new Internet of Things botnet, dubbed “Reaper”. While researchers dispute the current size of the botnet (early reports were at 1 million, Arbor Networks says 10,000 to 20,000); they have identified as many as 2 million vulnerable devices that are online and prone to being roped into the botnet. Where Mirai targeted IoT devices with stupid default passwords, Reaper uses a suite of 9 known IoT security vulnerabilities discovered in the past month.

Recall it was Mirai brought about one of the worst DNS outages ever about a year ago when it knocked Dynect right off the internet.

BadRabbit Ransomware spreading from Eastern Europe

MIT Technology Review reports of a new ransomware strain originating out of Eastern Europe. Dubbed “BadRabbit”, the strain encrypts the files of infected systems and demands a 0.05 BTC (currently about $380 CAD) for the decryption key, and the ransom increases after 40 hours.

All the more reason to have backups, and if you already have backups, backup the backups. We’ll have more to say about this shortly (can anybody say “easyBackup”?)

TD Whistleblower: Bank offshoring work & data without customers knowledge

A whistleblower at TD, one of Canada’s “big 4” banks, is warning that the bank is employing offshore workers in India to process fraud claims. The workers have access to customers personal data such as social insurance numbers, credit and banking details.  The whistleblower alleges that TD is camouflaging this by reverting the process back to Canada if a call to the customer is required, originating the call from a Canadian agent instead of the offshore worker handling the case. She has released details via “Go Public” and filed a complaint with the Canadian Privacy Commissioner.

 

2 thoughts on “TD Whistleblower: Bank offshoring work & data without customers knowledge

  1. You really got my attention with your comment about “easyBackup” (30 October blog). I use Easy DNS and Easy Mail. I have been looking for a Canadian-based backup service and would definitely be interested if you offer one. I am also interested in a VPN service because I travel a lot for work and always feel vulnerable when using the insecure wifi in hotels and airports. Any possibility you might offer Easy VPN?

    1. easyBackup should be available soon. It will be using acronis backup with all storage here in Canada. easyVPN is something we’ve considered several times, there are additional complications with offering VPN services. Because of pressure from IP lobby (RIAA, etc) payment providers are under pressure to terminate payment processing to VPN providers. It’s a whole new deal legally to setup properly.

Leave a Reply

Your email address will not be published. Required fields are marked *