Increasing malware sophistication vexes lawmakers, industry

But members of the US Senate Judiciary Committee also point to failure of industry to implement stronger measures

By , IDG News Service |  Security

The need for such protection was evident well before the most recent data breaches, in which as many as 110 million shoppers were affected in the Target intrusion and 1.1 million in the Neiman Marcus attack. U.S. shoppers transact one-fourth of credit-card purchases globally but yet one-half of all data breaches occur in the U.S., noted Senator Al Franken, a Democrat from Minnesota.

Target had been implementing the use of chip-and-PIN cards in its stores before the breach occurred and had worked toward that implementation previously, but without other retailers joining in and financial institutions moving toward smart cards, such efforts fall short, noted Target Executive Vice President and CFO John Mulligan.

"To prevent this from happening again," he said of data breaches "none of us can go it alone. We need to do this together."

Senator Dianne Feinstein, a California Democrat, questioned the notification procedures of retailers, saying that for about 13 years she has been tracking data breaches and has been frustrated by how reluctant companies have been to come forward.

"Up until recently, companies would not step forward," she said. Directing her attention to Kingston, she added that she shops at Neiman Marcus, but "I don't recall getting any notice that my data had been breached. When would I have had notice? I would have shopped during that period of time."

After Kingston laid out the time frame in which notifications were sent to shoppers and how the company has gone about dealing with the data breach, Feinstein said she would check to see if she did, in fact, receive notification about the breach.

As the hearing progressed, lawmakers asked officials from the Federal Trade Commission, the Department of Justice and the Secret Service to elaborate on the steps being taken to combat cybercrime, as well as specifics of how the criminals operate.

Organized cybercrime rings are large and widespread, with different people in charge of different aspects of the thievery, and the ability to hide their financial trail, said William Noonan, deputy special agent in charge of the Criminal Investigative Division of the U.S. Secret Service.

"They're moving their money back and forth with virtual currency," he said, adding that makes it all the more difficult to bust such rings.

The difficulties of investigating cybercrimes and making arrests didn't seem to sway Sheldon Whitehouse, a Democrat from Rhode Island and a former U.S. attorney, as he questioned Mythili Raman, acting assistant attorney general at the DOJ, regarding how many times cybercriminals have been indicted following data-breach cases. She provided information on previous cases, saying that the DOJ has "resolve" to hunt down cyberthieves and prosecute them, even when they are overseas, as has been the case in the past.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness