This is a follow up post to my blog yesterday about the $45m cyber heist.http://infosecgallery.blogspot.com/2013/05/one-swallow-does-not-summer-make.html
I just got pointed out to a Reuters post http://www.reuters.com/article/2013/05/11/net-us-usa-crime-cybercrime-india-idUSBRE94A06P20130511
All I can say is that I am hassled, very hassled by some of the quotes and this piece is in response to the inane comments of a clueless Mr Eddie Schwartz.
Well he may be the CISO of RSA but he seems to have forgotten that his company (which is considered the holy grail of Information Security) was compromised and, in turn, exposed organizations all over the world to an INSECURE SECURE ID !!!
The breach at Lockheed was traced to RSA among others. You were going to replace 4 million tokens across the world but a few people i know never got a phone call from RSA. Apology ? Maybe Indians do not deserve them, or should i make a racist comment.
Well today he is talking about Indian laws and goverment oversight - please ask your local RSA folks to educate you differently Mr E. The USA and the UK are no better and as I write to you no one in the world can claim to be an expert or to have a zero risk environment.
Your homeland and other countries that (supposedly) have government oversight depend on class action lawsuits more than any other tool. The governments are as full of reactionary folks as anywhere in the world.
So.... grow up... and let's not try brinkmanship here just because you are head C!
I am dead sure you checked with you India office to confirm that Electra Card and En Stage are not your customers else I would have loved to see your comments. And when it is a commercial disaster you do not go about bad mouthing a host country.
A hack can happen to anyone and anytime. It happened to Global Payments, Worldpay, TJ Maxx, Heartland and countless government departments and private companies. So how come you have not written off the USA or UK governments. How come you did not insult the PCI-DSS standard which is the holy grail for card processors or the ASVs or QSAs .... ?
Anyway, this is not just nationalist pride at my end but common sense.
Every "expert" has the right to make comments and sound like a global statesman but learning is always round the corner - so please look at what Madeline Aufseeser says in the same article.
Note: I have not spoken about the omissions and commissions of the four victims on purpose. This piece is from my heart only because irresponsible statements are not expected from people who purportedly are experts in this line of business.
Labels: $ 45 m cyber heist, credit card, cyber crime, eddie schwartz, electra card, enStage, PCI-DSS, RSA