The plane came in over the desert sands, the far off towers gleaming in the evening light. It was our first trip to Dubai, and I was anticipating a unique experience. As tourists, I knew that we might be unable to appreciate all the challenges we had read about, which are faced by the exploited foreign workers, wealthy expatriates and aloof Arabs, but I hoped to get a genuine taste of the local culture in our brief stay there.
Arriving late at night, our first challenge was to get to our hotel, the newly opened Atlantis at the Palm Jumeira. We were disappointed that even though the hotel knew our flight details, they hadn't arranged transportation, and we had to find our own way there. Fortunately, the airport staff were friendly and helpful, and we only had to wait a couple of hours for a shuttle heading our way.
Soon after midnight, we passed through the huge brass doors of the hotel, adorned by sea-horse and other marine motifs, into a lobby of polished marble floors, filled with colorful murals and amazing glass sculptures. It was like entering into a dream – which we soon did for real, after the rigours of the journey. As I feel asleep, I wondered if Dubai's reality would match its reputation.
We were woken before dawn the next morning by a siren – the fire alarm was going off! We'd heard that the opening of the hotel some weeks earlier had been delayed by a major blaze, and were worried about a repeat performance. Fortunately, a voice with a strong Australian accent came over the tannoy, telling us that “the situation is now under control. Elevators are running again. We apologise for the conven... uh, inconvenience.” Reassured, we went back to sleep.
I'd booked us into the Atlantis in Dubai for a few days, on a stop over for a trip to New Zealand. I had followed the hotel's construction details, starting with the creation of a completely artificial island, the “Palm” (one of three such man-made archipelagos off the coast.) Hotelier Sol Kerzner had left behind the wildly successful Sun City and Lost City resorts he'd created under the apartheid regime in South Africa, to build a new gambling complex in the Bahamas, with a strong aquatic theme.
He continued this theme with the Atlantis in Dubai (minus the gambling of course), and again invested heavily in displays of marine life, and an incredible re-imagining of an archaeological reconstruction of what the fabled lost city of Atlantis might have looked like. Marshalling a team of artists, sculptors, architects, marine biologists and creative engineers, Kerzner has produced a unique artistic statement, which repeats mythical and nautical themes throughout the décor and interior furnishings of the 2,000+ room hotel.
The centerepiece is the lost city itself, which includes a massive sea-water tank with a huge variety of sea-life, swimming around the reconstructed throne room of the sunken kingdom. Selected rooms of the hotel abut directly onto one wall of the tank, so well-heeled guests may be observed at their slumbers by a plethora of marine life. A labyrinth of mysterious artefacts and ancient scrolls in unknown scripts, and murals depicting long-lost gods and goddesses round out the illusion, including crystal power sources and dozens of marvellous living aquaria.
In addition to the indoor marvels, the hotel boasts a 160,000m2 water park, including a remarkable ziggurat water slide taking its riders down underneath a shark-filled lagoon, and 2.3 km of tidal river rapids in a tropical setting – highly incongruous in dry and dusty Dubai. These attractions and the hotel's shopping precinct bring in thousands of visitors every day, most of them families with young children, who seem delighted by the attractions.
We found our basic room (which had already stressed our limited budget) comfortable and well-appointed, with a sea-facing balcony and great attention to detail in the furnishings and fixtures. Navigating the warren of corridors was a little daunting, but eventually we discovered landmarks of unusual wall coverings or art work, leading us back to the central lobby with its massive glass sculpture, looking like a fountain of translucent serpents, illuminated and with trickling water.
A selection of restaurants awaited our palates, from the traditional middle eastern (complete with a too-thin blonde belly dancer) to the upmarket Nobu and European mainstay of Ossiano. I found most of the dining options quite expensive compared to other hotels we have stayed in, although the food of course was a very high standard. We were particularly impressed by the effort made by staff of the cafeteria restaurant, who kindly prepared a travel meal for us, as we had to catch an early flight before breakfast was to be served.
Training my binoculars on the far-off Dubai cityscape, the dominant feature of the Burj Dubai tower was impressively prominent, soon to open as the planet's tallest building. The city inspires a sense of vibrancy and energy, with evidence of construction everywhere you look. The latest model cars race around streets that might be seen in a PlayStation game, with mile after mile of aseptic concrete, steel and glass. This is a city that never really followed the slow evolution of European metropolises, but rather sprang as if fully formed like Athena from the brow of Zeus, its towers spearing into the air from the hot dry sands, pushed up from underneath by subterranean oceans of oil.
We took a taxi to visit one of the largest shopping malls in the world at the base of the Burj tower, with over 600 retailers covering 12 million square feet. Size isn't everything however, as I discovered few bargains in the Dubai Mall, with mostly well-known brands and luxury goods which may be found in almost every airport duty free store. Taxis leaving the mall are in high demand – if you depart at a peak time, be prepared to queue for more than an hour.
One highlight which delighted my wife was a perfumery nestled in the Gold Souk within the mall. Eschewing the traditional western brands, this small shop is a treasure house of garish bottles and jars, replete with mysterious herbs and tree barks, essences and attars, merging into a harmonious olfactory note which soothed and uplifted. We observed middle-eastern women dressed head to toe in black burkas, attended by an Indian serving girl, taking tea and sampling the wares.
My impressions of the city were consistent with my understanding of its culture. Dominated by expatriates and low-wage guest workers, Dubai has many faces. To the tourist, it is a shopping mecca, and fantastic children's holiday destination, lacking the sleaze of Las Vegas or the sophistication of Paris. To the labourers and domestic servants subsisting on near slave salaries under harsh conditions, the city recites a litany of broken promises and shattered dreams, especially as the realities of the global economic crisis have closed down all but the most well-funded construction projects. To the less than twenty percent of locals, the emirate presents a Disneyfied face of Arab culture and opulence, untempered by economic modesty yet trammelled by Islamic mores.
I had the sense that there is a darkness at the heart of Dubai, hidden behind a thin veneer of opulence, and characterised by stark inequalities of consumption and excess, both of consumer items and natural resources. The Atlantis stands out as a triumph of engineering and artistry, demonstrating a dominance over the natural world, rather than an efficient stewardship of resources. One cannot fail to be impressed by the grandeur, the excitement and beauty of the surroundings, yet at the same time feel guilt over the exploited under-classes, who must have suffered in building this temple of excess and the city that surrounds it.
Would I go back? Probably yes. As an experience, Dubai is remarkable for its unflinching focus on tomorrow, its apparent disregard of market forces and its steadfast determination to find a new economic reality based on tourism rather than the rapidly depleting oil reserves of the region. The Palm symbolizes the triumphalism of man's expropriation of Nature's bounty, and yet it retains a unique beauty and impressive artistry, that celebrates the latest pinnacle of Marx's concentration of capital. The Atlantis hotel is a meeting place, of Western and Middle Eastern cultures, of economic power and mythical legend, that entertains and sustains the weary soul – until the money runs out.
A cynical view of Information Security and Risk Management, along with smatterings of philosophy, metaphysics, suspect writing and good science fiction. For more about me, see http://www.gillingwater.org/.
24 April 2009
23 April 2009
A Delicate Balance: A Visual Guide to Secured Business
Unisys have released a great high-level booklet on managing risk in large enterprises, which is surprisingly easy to read and helpful. Although I was not involved in writing it, I certainly concur with the conclusions, and would be pleased to discuss its implications and application to different industries.
A Delicate Balance: A Visual Guide to Secured Business Operations
A Delicate Balance: A Visual Guide to Secured Business Operations
22 April 2009
SECURING CONSUMER TRUST AS THE RECESSION TAKES HOLD
The International Monetary Forum recently forecast that the global economy will shrink this year for the first time in more than 70 years. Appropriately dubbed the ‘Great Recession’, the current financial crisis is causing unrest across the world for consumers, businesses, governments and financial institutions. Paul Gillingwater, European lead, Fraud and Risk Intelligence at Unisys, examines the growing link between this time of unrest and a rise in financial fraud and provides insight for businesses and governments on how to tackle growing consumer fears.
Over recent years we have seen a significant rise in financial fraud across Europe. This form of fraud, which primarily encompasses identity theft and credit card fraud, is now the number one consumer complaint and billions of Euros are lost each year to unscrupulous operators, hackers and gangs.
And how are consumers reacting to this burgeoning offense? According to research from Unisys - poorly. The Unisys Security Index, a bi-annual global study, shows that nearly two thirds (61 per cent) of Europeans believe that the world financial crisis will increase the risk that they will personally fall victim to financial fraud.
According to fraud prevention agency CIFAS, in 2008 fraud levels increased by 16 per cent compared to the previous year. Facility takeover frauds – when a fraudster takes over a victim's bank, credit card or catalogue account - increased by 207 per cent. Specifically, a survey conducted by MessageLabs directly following the bank chaos which began in August 2008, reveals that phishing attacks rose by 16 per cent between August and September before a surge of 103 per cent the following month.
So why is this happening? During a time of financial unrest when banks are making global headlines, it makes sense for spammers to use the credit crunch as a hook to exploit the worried and confused customers who have been shaken by recent events and are looking for a way out.
And how can we explain the sudden increase in the number of perpetrators of these attacks? Hand in hand with a recession comes insecurity. It is this insecurity which increases the motivation for some employees and consumers to commit crimes in order to maintain their existing lifestyles, replace lost funds, or meet increasingly challenging sales targets. In short, difficult economic times can foster the criminally opportunistic and create desperate individuals who embark on desperate measures to deal with personal debt. An overall rise in white-collar crime is in turn seeing attacks such as identity theft and credit card fraud explode.
Additionally, consumers are an easier target for credit card fraud during a recession – leaving themselves more open and vulnerable to fraudsters. As they desperately shop online for bargains, they are not as cautious as they might have previously been.
Finally, there has been a serious breakdown in the relationship between financial institutions and their customers. Consumers have lost faith in banks and no longer trust them to protect their livelihood and money. As faith in financial institutions declines, consumers become a prime target for online attacks such as fraudulent mass e-mail campaigns designed to lure customers into providing personal financial information such as passwords or account information – phishing attacks.
Revisiting Unisys Security Index results from March 2009, the survey reveals significant disparity across Europe, with only one third (32 per cent) of Dutch consumers believing that there is an increased risk of fraud during the recession, compared to 83 per cent of Spaniards. Interestingly, the Spanish were more concerned than their German counterparts over this issue, with just over half (56 per cent) of German consumers thinking that the global crisis will increase the risk of ID theft. This figure falls as income rises – Germans with monthly household incomes of 4,000 Euros or more worry the least. Surprisingly, the research places Germany as one of the least worried nations over this issue, coming fourth out of the five countries questioned.
Perhaps the impact of the financial crisis has not yet filtered down from company level to consumer in Germany, or perhaps the German public planned well for it.
Despite the Belgians relatively low levels of concern in the overall Security Index, residents are clearly worried about this issue, as two thirds (63 per cent) think that their personal risk of ID theft and credit card fraud will increase in light of the recession.
The British are also extremely anxious about ID theft, with a clear majority (72 per cent) believing their personal risk will increase. This puts the UK as the second most worried European country, at 11 per cent below Spain.
While there is disparity across all of the regions surveyed in Europe, these results underscore the urgent need for companies to address this burgeoning fear. Banks and financial service providers in particular must now do everything to win back the trust of their customers. These include strict security measures to protect data, identities, credit cards and cash cards.
It is important that any company doing business online or handling sensitive data take note that the current financial crisis has deepened consumer fear and intensified risks. Outside of the financial services industry, all organisations in both the public and private sector must demonstrate good security practices, ensuring that the high profile security breaches and customer data losses of the past 12 months become a thing of the past. Although cyber criminals will continue to attempt to access our private information, consumers, companies and governments can all work together to combat the threat and reduce the risk of fraudsters succeeding.
While the debate rages on about the mechanics of government bailouts and optimal interest rates, one thing is certain: there will be no return to economic stability without increased trust and rising consumer confidence. Restored trust among banks will open the flow of credit and boost deposits. Stronger trusts between governments and citizens will promote the sense that economic growth and fair markets can be sustained over the long term. And importantly, secure operations and high-quality customer experiences will help inspire the confidence necessary to boost consumer spending.
For more information about the Unisys Security Index and full European results, visit http://www.unisyssecurityindex.com.
Over recent years we have seen a significant rise in financial fraud across Europe. This form of fraud, which primarily encompasses identity theft and credit card fraud, is now the number one consumer complaint and billions of Euros are lost each year to unscrupulous operators, hackers and gangs.
And how are consumers reacting to this burgeoning offense? According to research from Unisys - poorly. The Unisys Security Index, a bi-annual global study, shows that nearly two thirds (61 per cent) of Europeans believe that the world financial crisis will increase the risk that they will personally fall victim to financial fraud.
According to fraud prevention agency CIFAS, in 2008 fraud levels increased by 16 per cent compared to the previous year. Facility takeover frauds – when a fraudster takes over a victim's bank, credit card or catalogue account - increased by 207 per cent. Specifically, a survey conducted by MessageLabs directly following the bank chaos which began in August 2008, reveals that phishing attacks rose by 16 per cent between August and September before a surge of 103 per cent the following month.
So why is this happening? During a time of financial unrest when banks are making global headlines, it makes sense for spammers to use the credit crunch as a hook to exploit the worried and confused customers who have been shaken by recent events and are looking for a way out.
And how can we explain the sudden increase in the number of perpetrators of these attacks? Hand in hand with a recession comes insecurity. It is this insecurity which increases the motivation for some employees and consumers to commit crimes in order to maintain their existing lifestyles, replace lost funds, or meet increasingly challenging sales targets. In short, difficult economic times can foster the criminally opportunistic and create desperate individuals who embark on desperate measures to deal with personal debt. An overall rise in white-collar crime is in turn seeing attacks such as identity theft and credit card fraud explode.
Additionally, consumers are an easier target for credit card fraud during a recession – leaving themselves more open and vulnerable to fraudsters. As they desperately shop online for bargains, they are not as cautious as they might have previously been.
Finally, there has been a serious breakdown in the relationship between financial institutions and their customers. Consumers have lost faith in banks and no longer trust them to protect their livelihood and money. As faith in financial institutions declines, consumers become a prime target for online attacks such as fraudulent mass e-mail campaigns designed to lure customers into providing personal financial information such as passwords or account information – phishing attacks.
Revisiting Unisys Security Index results from March 2009, the survey reveals significant disparity across Europe, with only one third (32 per cent) of Dutch consumers believing that there is an increased risk of fraud during the recession, compared to 83 per cent of Spaniards. Interestingly, the Spanish were more concerned than their German counterparts over this issue, with just over half (56 per cent) of German consumers thinking that the global crisis will increase the risk of ID theft. This figure falls as income rises – Germans with monthly household incomes of 4,000 Euros or more worry the least. Surprisingly, the research places Germany as one of the least worried nations over this issue, coming fourth out of the five countries questioned.
Perhaps the impact of the financial crisis has not yet filtered down from company level to consumer in Germany, or perhaps the German public planned well for it.
Despite the Belgians relatively low levels of concern in the overall Security Index, residents are clearly worried about this issue, as two thirds (63 per cent) think that their personal risk of ID theft and credit card fraud will increase in light of the recession.
The British are also extremely anxious about ID theft, with a clear majority (72 per cent) believing their personal risk will increase. This puts the UK as the second most worried European country, at 11 per cent below Spain.
While there is disparity across all of the regions surveyed in Europe, these results underscore the urgent need for companies to address this burgeoning fear. Banks and financial service providers in particular must now do everything to win back the trust of their customers. These include strict security measures to protect data, identities, credit cards and cash cards.
It is important that any company doing business online or handling sensitive data take note that the current financial crisis has deepened consumer fear and intensified risks. Outside of the financial services industry, all organisations in both the public and private sector must demonstrate good security practices, ensuring that the high profile security breaches and customer data losses of the past 12 months become a thing of the past. Although cyber criminals will continue to attempt to access our private information, consumers, companies and governments can all work together to combat the threat and reduce the risk of fraudsters succeeding.
While the debate rages on about the mechanics of government bailouts and optimal interest rates, one thing is certain: there will be no return to economic stability without increased trust and rising consumer confidence. Restored trust among banks will open the flow of credit and boost deposits. Stronger trusts between governments and citizens will promote the sense that economic growth and fair markets can be sustained over the long term. And importantly, secure operations and high-quality customer experiences will help inspire the confidence necessary to boost consumer spending.
For more information about the Unisys Security Index and full European results, visit http://www.unisyssecurityindex.com.
18 April 2009
Automation of Bank Card Fraud
I was interested to read about an old scam resurfacing with modern technology, as reported in the Police blotter of the Denton, Texas Police Department.
The scam is as follows. An automated calling system is programmed with an "Interactive Voice Response (IVR)" (set of audio menus, to which the callee must respond by pressing digits on their phone.) Such calling systems are cheap and easy to set up, e.g. using the great open source software Asterisk.
The initial call is made using a message that identifies itself as coming from a local Bank (which is of course a lie.) The message tells the callee that there is a problem with their credit card, and that it has been blocked. (More lies.)
In order to solve the problem, the callee is invited to enter their credit card number, expiration date, CVE code and other confidential details, and to record their name and address. This might be done using the touch-tone system (for the numbers), and with simple audio recording for the name and address.
The scammers will often use a phone link which is able to block caller ID (typically by routing using SIP through a VOIP provider over an anonymous relay,) or they will spoof the Automated Number Identification to pretend that they are originating from the genuine business.
As soon as the hapless victim falls for the scam, their credit card details will usually be sold on via an aggregator, to the next stage in the criminal chain who will then use the stolen information to order goods over the Internet. These goods are then usually laundered through yet more victims, who think they are working at home for a real business.
The insidious aspect of these crimes is that the originator is very hard to track down (and may be operating off-shore.) Furthermore, because the process is automated, they can program the system to call tens of thousands of targets without any additional effort -- and if even 1% of the victims fall for the scam, then the criminals are making money.
What can be done? In the absence of good technical solutions that can make it easier for law enforcement to track down such criminals, and the lack of strong international Policing cooperation, such criminals can operate with relative impunity. Therefore, our only option is to get the word out, and educate the intended victims to never give confidential information over the phone, especially to automated calling systems.
If someone calls you claiming to be from a Bank with whom you do business, then ask for a number and call them back -- but even this might not be enough, so check on the Internet whether that number is listed for your bank.
The scam is as follows. An automated calling system is programmed with an "Interactive Voice Response (IVR)" (set of audio menus, to which the callee must respond by pressing digits on their phone.) Such calling systems are cheap and easy to set up, e.g. using the great open source software Asterisk.
The initial call is made using a message that identifies itself as coming from a local Bank (which is of course a lie.) The message tells the callee that there is a problem with their credit card, and that it has been blocked. (More lies.)
In order to solve the problem, the callee is invited to enter their credit card number, expiration date, CVE code and other confidential details, and to record their name and address. This might be done using the touch-tone system (for the numbers), and with simple audio recording for the name and address.
The scammers will often use a phone link which is able to block caller ID (typically by routing using SIP through a VOIP provider over an anonymous relay,) or they will spoof the Automated Number Identification to pretend that they are originating from the genuine business.
As soon as the hapless victim falls for the scam, their credit card details will usually be sold on via an aggregator, to the next stage in the criminal chain who will then use the stolen information to order goods over the Internet. These goods are then usually laundered through yet more victims, who think they are working at home for a real business.
The insidious aspect of these crimes is that the originator is very hard to track down (and may be operating off-shore.) Furthermore, because the process is automated, they can program the system to call tens of thousands of targets without any additional effort -- and if even 1% of the victims fall for the scam, then the criminals are making money.
What can be done? In the absence of good technical solutions that can make it easier for law enforcement to track down such criminals, and the lack of strong international Policing cooperation, such criminals can operate with relative impunity. Therefore, our only option is to get the word out, and educate the intended victims to never give confidential information over the phone, especially to automated calling systems.
If someone calls you claiming to be from a Bank with whom you do business, then ask for a number and call them back -- but even this might not be enough, so check on the Internet whether that number is listed for your bank.
Subscribe to:
Posts (Atom)