Continue reading »]]> MOSCOW – Russia’s biggest retail bank is testing something that the old K.G.B. might have loved, an automated teller machine with a built-in lie detector intended to prevent consumer credit fraud.

New customers could talk to the machine to apply for a credit card, with no human intervention required on the bank’s end.

The machine scans a passport, records fingerprints and takes a three-dimensional scan for facial recognition. And it uses voice-analysis software to help assess whether the person is truthfully answering questions that include “Are you employed?” and “At this moment, do you have any other outstanding loans?”

The voice-analysis system was developed by the Speech Technology Center, a company whose other big clients include the Federal Security Service – the Russian domestic intelligence agency descended from the Soviet K.G.B.

Dmitri V. Dyrmovsky, director of the center’s Moscow offices, said the new system was designed in part by sampling Russian law enforcement databases of recorded voices of people found to be lying during police interrogations.

The big bank involved, Sberbank, whose majority owner is the Russian government, said it intended to install the machines in malls and bank branches around the country, but had not yet scheduled the rollout. Technology consultants say it would be the banking world’s first use of voice analysis in automated teller machines.

It was the global financial crisis, partly prompted by loans that people could not or would not repay, that prompted Sberbank to tap Russia’s national security experts as it set out to automate banking activities, said Victor M. Orlovsky, a senior vice president for technology at the bank.

The software detects nervousness or emotional distress, possible indications that a credit applicant is dissembling. That information, Mr. Orlovsky said, would be used in combination with other data, including credit history.

Sberbank says that to comply with Russian privacy law, the bank plans to store customers’ voice prints on chips contained in their credit cards rather than on a central database.

In addition, Mr. Orlovsky said the bank planned to make consumers aware of the types of information, including biometrics, that the machine would be collecting. But the technology center says even people who know about the voice-stress program would have trouble fooling it.

One of the center’s other products measures anger and is already installed at the telephone call center of the Russian national railways.

“We are not violating a client’s privacy,” Mr. Orlovsky said.

“We are not climbing into the client’s brain. We aren’t invading their personal lives. We are just trying to find out if they are telling the truth. I don’t see any reason to be alarmed.”

Continue reading »]]> Quite often I hear comments like “so what if they hack into my system there’s nothing on my system of interest.”  I can’t tell you how more wrong you can be.  The only thing I can think of when I hear someone say that is that person is not aware of just what type of information they have access to.   I’ll show you exactly what type of information a “hacker” has access to once your system has been broken into.  Try to remember this is not meant to scare you, it is meant to inform you.  Keep in mind you are reading this to gain a better understanding of how to protect your-self.

Bank Account Information

I’m sure if you’re like most people you have web banking of some kind. Most banks require you to use 128bit encryption browsers to do your banking online.  This form of banking online does encrypt your information and protect it from otherwise prying eyes of the world that may wish to gain access to such vital information. This should further illustrate how powerful the encryption method is: 

•  40-bit encryption, means there are 2  possible keys that could fit into the lock that holds your account information. That means there are many billions (a 1 followed by 12 zeroes) of possible keys.  

•  128-bit encryption, means there are 288 (a three followed by 26 zeroes) times as many key combinations than there are for 40-bit encryption. That means a computer would require exponentially more processing power than for 40-bit encryption to find the correct key.

Unfortunately it’s useless to you once your computer has been compromised.

Question: How? One of the features of a “Trojan” is a key logger.  The principle behind this is all keystrokes pressed will be recorded and sent back to the “hacker.”

You’re probably asking yourself well “How do they know what bank I’m with?” This information is easily achieved by doing what is called a screen shot.  This gives the “hacker” a picture of your desktop and all windows currently open at the time.

As you can see although you are on a secure web site, it still doesn’t protect your information once your computer is compromised.

Email

Simply put all emails sent to you are accessible to a “hacker” once your system has been compromised.  They can read them and possibly check your mail before you do.  

Pictures

If you have pictures of yourself or family members on your system, they are also available to the “hacker.”  I don’t think I need to explain the danger here.  Not only has the individual compromised your computer system, they also know what you look like.

Resume

This may not sound like a priority file for a “hacker” but stay with me for a second.  How many of you have resumes typed up on your computers? I’m sure a lot of you do.  If a “hacker” were to download your resume they now have access to:

Name:

Address:

Phone:

Workplace:

It doesn’t stop there either.  Those are just a few of the things that can happen when your system is compromised.  This is no science fiction these are real life possibilities.  The extent of that information was gathered just from files on your system.