Sony has backed down on releasing 'The Interview' in the wake of the company's hack. Plus, how one company is able to go after hackers, and new research shows some children aren't as credulous as parents think when it comes to Santa Claus.
Sony backs down on 'The Interview' in wake of threats
Sony Pictures announced Wednesday it would pull the film, "The Interview," from theaters after hackers who go by the name Guardians of Peace threatened movie goers.
This came after all the major theatre chains dropped it, and reports crossed later in the afternoon that North Korea may indeed be involved in the hacking in some fashion.
Was this an act of terrorism? Michael Orosz is with the USC Information Science Institute and also does research for the school's counter terrorism center, and he weighs in.
Firm representing plaintiffs in Sony lawsuit says company must admit vulnerabilities
Sony Pictures Entertainment is facing legal action in the wake of the hack. Four former employees are now suing the entertainment company for failing to protect their personal information. Hackers posted social security numbers and other personal details on workers to file-sharing sites.
Gretchen Cappio is a partner Keller Rohrback, the firm representing two of the plaintiffs in the case. Michael Corona and Christina Mathis are suing on grounds of negligence and demand that Sony acknowledge it was award of its vulnerabilities. She joins the show for more.
Can Sony be held liable for the cyber attack against the company?
On the heels of the Sony hack, two separate lawsuits have been filed by former employees who allege that the company didn't do enough to prevent hackers from stealing their personal information.
Thousands of current and former Sony employees have been impacted by the security breach. Hackers posted social security numbers, birth dates, and even some medical information to file-sharing sites.
But can companies really be held liable for a cyber attack? And if so, how might this change the nature of business in the future?
John Nockleby, a law professor and director of the Civil Justice Program at Loyola Law School, joins Take Two to explore those questions.
How one credit union monitors and guards against fraud
When imagining what the scene inside a bank's fraud department looks like, the movie "Hackers" comes to mind. Computer screens everywhere, with folks surfing cyber space, parsing through "garbage files" and finding and destroying the enemy with futuristic plexiglass keyboards.
https://www.youtube.com/watch?v=8wXBe2jTdx4
But when walking through the Logix Federal Credit Union in Burbank, California, the reality is very different. No futuristic gadgetry. Just tan walls, desktop PCs and a water cooler. Pretty standard office stuff.
Four people make up the fraud management team at the credit union, which monitors transactions 24/7, for more than 126,000 customers.
Take Two reporter, Jacob Margolis sat down with Matt Overin, Manager of Fraud and Risk Management at Logix to get a behind the scenes look at how banks try to protect their customers.
You can read excerpts from the full interview below, which has been edited for brevity and clarity.
Interview Highlights:
"There are computer programs that do a lot of the stuff for us, so when we talk about credit card fraud, there's a system out there that looks at all the transactions. And looks for anomalies in those transactions and gives us suspect accounts to look at."
What alerts you to fraud?
"Let's say that you went to the gas station this morning and bought gas in Canoga Park. And then you went and bought gas again in Woodland Hills. People normally don't do that. They don't use two gas stations in the same day."
What are some of the ways people have their information stolen?
"I think a big way is skimming machines. Skimming devices on ATM machines and on gas pumps ... as you swipe your card, it's a device on the outside or the inside of the machine that captures the card data and the PIN code as well. And then that data is transmitted by Bluetooth, usually, to a nearby car. That person makes a fake card and starts using it right away."
So, they can go from right outside the gas station to spending with your card in how many minutes?
"15 minutes is the most to make a card with the card machines that are available these days."
That's the number one way?
"Data breaches of big companies that we've seen in the recent past is another way that card information can be stolen."
What happens when you have a big breach like that? At a place like Target or Home Depot... you know that all of this information has been gobbled up by someone who shouldn't have the information. What do you do?
"When we find out about a breach, a lot of the time it's after the fact. We generally will close our members' cards and issue new ones, so that their information won't be out there. But from the time that it takes for a company to notify the financial institutions that the card information has been breached, that card information has been for sale on the internet to anyone who wants to buy it."
How much does it cost the bank to replace all of those cards?
"It's generally about five dollars a card that we're charged from our vendor..."
Is there a particular way that you're raising the anti against hackers, against people that are trying to steal information?
"Well, if you look behind you at the board, I have a list of fraudulent IP addresses that I've come across. So, people that try to apply for accounts with us, if we find out that their application is fraudulent, we will mark down their IP address and look for it in the future."
This is part of Take Two's series on consumer security. Have been the victim of card fraud or identity theft? How did it impact you? How have you changed your spending or online habits to reduce the chances of it happening again? We'd like to hear your story. Leave a comment on our Facebook page or here.
You can also read previous installments of the series on identity theft, the impact of cyber crime on small business and a company that hunts down hackers.
The guy who hunts down hackers for big companies
The hacking of Sony Pictures Entertainment is pretty epic cyber, but several corporations have suffered major security breaches in the last year, including Target and Home Depot.
To understand how the hacks work, we turned to George Kurtz, the CEO of CrowdStrike. He has been in the online security business since the 1990s, helping to develop different anti-virus software, but he started up CrowdStrike to help go after the hackers who are using those viruses to get into company systems to steal information.
Take Two host A Martinez recently spoke with Kurtz about his company, the sorts of hackers who are trying to infiltrate companies and what they're doing about it.
While Kurtz wouldn't talk about the exact methods that they use to track down hackers, or what they do once they find them, earlier stories have detailed the companies sometimes controversial methods here and here.
You can read excerpts from the full interview below, which has been edited for brevity and clarity.
Interview Highlights:
What is the difference between anti-virus software and CrowdStrike?
"Anti-virus software uses something known as signatures. And this technique has been around for probably the last 25 years. Essentially it's a blacklist, a list of known bad. And, unfortunately, there's about 200,000 or more pieces of new malware that are created every day by the bad guys. So, it's very difficult for traditional anti-virus vendors to keep up with that blacklist. Our technology doesn't use signatures. It looks for behaviors and what the bad guys are trying to do. So, we're able to identify their behavior and their malware without using these signatures so we can basically get in front of the bad guys when they're trying to do something that's not good."
Can you give us an example of a big company that you've helped?
"We've helped some online large internet cloud providers, if you will, helped them identify the bad guys actually trying to get in and stopping them. It's almost like a movie, you know, we would actually see where other technologies were blinded, the adversary trying to get in. Typically what will happen is the adversary will get in. They'll try to steal username and passwords and credentials from the system they're on. And then they'll try to reuse those username and passwords throughout the organization. So we were able to see and stop that in real time, but it was almost like having a camera surfing over the shoulder of the bad guy as they were literally typing the commands. And in many cases we would see almost a shift change where there would be a first level attacker with moderate skill, and when they were stymied trying to get in, we would see another adversary on the same team actually be brought in with much greater skill and trying to get into those systems."
So, what exactly are you watching? Are you watching numbers come over the computer screen? How does it look?
"We can actually see what they're trying to do on the system. So, in many cases, we'll actually allow them onto a system so that we can watch what they're doing and what their intent is. And then we have a very robust incident response and intelligence group that basically tracks, I would say, probably 70 to 80 of the largest adversary groups, nation state and cybercrime groups around the country. So, a lot of times what we're trying to do is look at the tactics, the techniques and the procedures that they're implementing in their tools, so that we can identify them back to one of our known groups to better understand what they're after. Are they after sensitive credit card information? Or are they after the latest chip design for the next processor? You need to understand who the group is to be able to combat them effectively."
Where are these attacks coming from?
"There's a range [of hackers]. You have everything from a 13 year old kid in a basement to nation state and everything in between. Really, the group that we're... focused on are either nation state actors, say from China or Russia, or cyber crime groups, many are out of Russia. The nation state actors out of china have been very focused on getting intellectual property out of the United States, as well as other countries. And really, there's only two types of large companies: those that have been hacked and those that haven't figured it out yet. They're very skilled, very persistent, and they have the ability to get into almost any major corporation. Then you kind of move into the cyber crime groups. And these are the groups that are really focused on getting into a company and getting data and then monetizing that data. And data really is the currency of the 21st century. There is a value for every credit card number. There's a value for every social security number and here's a value for any other piece of personably identifiable information and they will monetize that through a very efficient and anonymous black market system."
In terms of the debit card and credit card information breaches, typically, where are the people that are stealing this information? Where in the world does this information go?
"A lot of the cyber crime that we see, the folks that are really focused on getting credit card information and personal information, a lot of it stems out of Russia and sort of Eastern Block countries. The laws there are such that it's very hard to bring anyone to justice. They have many tools and many smart folks available to them and when they steal that information, then they basically have a complete underground forum system. It's really called the dark web, where you need to know people and have access. But if you have that level of access, you can get into these forums and you could buy and sell all of this information, anonymously."
Once you track them down, what do you do at that point? Do you hack them back? What do you do from there?
"We're focused on protecting our customers. So, really the only reason why we're interested in understanding who it is is to better understand how to protect them. Each group has different tactics... and you want to marshall the limited resources you have as a company to protect against that threat actor. In some cases we'll work with law enforcement and turn that information over to law enforcement, and then we'll let law enforcement handle it if they can. Many times if it's out of the country... it's very difficult to bring those adversaries to justice."
This is part of Take Two's series on consumer security. Have been the victim of card fraud or identity theft? How did it impact you? How have you changed your spending or online habits to reduce the chances of it happening again? We'd like to hear your story. Leave a comment on our Facebook page or here.
You can also read previous installments of the series on identity theft, the impact of cyber crime on small business, how banks protect our money and attitudes towards consumer security one year after the Target hack.
The Wheel Thing: Huracan, Kia Soul EV, F-150 – the best cars of 2014
Our auto critic Susan Carpenter drives a lot of cars. Pretty much every week, she pulls up in something new she's testing out. Here are her three faves for 2014
Lamborghini Huracan: Although it's Lambo's "entry-level" vehicle, it will still set you back almost a quarter of a million bucks. But, if you've got that kind of dough to throw around on a supercar, Sue says this is a great choice. She loves the way it handles, the way it sounds, and the way it looks.
Kia Soul EV: As the electric market has begun to mature, Carpenter says Kia has put together a model that has the best range and the most utility at the best price. Plus, she says the Korean import has regenerative braking (much like that on the far more expensive Tesla) which is part of why it can get almost 100 miles on a charge.
Ford F-150: Technically, this is a 2015, and won't show up in dealerships until January, but Carpenter says Ford has taken their best-selling truck and made it quite a bit better. An all aluminum frame helps the pickup get economy car-style mileage, and Carpenter says great little design features, like spotlights in the side mirrors make it a great vehicle for campers and back country explorers.
Susan Carpenter is auto and motorcycle critic for the OC Register, and joins us on Thursdays for The Wheel Thing.
Philippe The Original changes cash-only rule, accepts credit cards
While most businesses rely on new technologies like chip and pin or iPad card scanners, a few have remained very old school.
Take, for example, the restaurant Philippe The Original. It's been a dining staple, dishing out French Dip sandwiches in downtown Los Angeles for 106 years.
For all that time, Philippe's has been cash only. But starting Thursday, they'll be accepting plastic.
"The main thing that prevented us from switching over to accepting cards was the quick service we provide," said Andrew Binder, manager and partner at Philippe's. "If you've been in the restaurant, you know you're surrounded by people and long lines."
Lucky for us, a soft roll-out proved that wait times did not increase with the acceptance of cards.
"It seemed to be working great. The 'cash only' sign will be coming down," he said.
Here to tell us more is Andrew Binder, a manager and partner at Philippe's.
To hear the full interview, click on "Listen Now" above.
NBC4's LADWP solar panel rebate investigation
An investigation by NBC4 Los Angeles has uncovered problems with LADWP's solar panel rebate program.
Customers have complained that once the panels are installed, it can take LADWP several months to inspect the work. The home cannot be taken off the electricity grid until an inspection has taken place, meaning customers are forced to continue paying LADWP for power long after the panels are converted.
NBC4's consumer rights investigator Randy Mac has more on the investigation.
The six 'sexiest' stories in California politics this year
The year is fast coming to a close, and this week is our last 2014 edition of our weekly political segment State of Affairs, so we're rounding up the six "sexiest" political stories of the year (in no particular order) with Southern California Public Radio political reporters Alice Walton and Frank Stoltze:
- Back in January, longtime Los Angeles Sheriff Lee Baca abruptly resigned amid widespread allegations of misconduct within his department. November brought the election of a new sheriff, Jim McDonnell, who has promised to reform the agency.
- Another big story, the elaborate FBI sting which busted all sorts of folks, including state Senator Ron Calderon. That and the bust of State Senator Leland Yee, made this year a notable one for indictments of California politicians.
- There was a changing of the guard in Los Angeles County politics this year: Long-time political figures Gloria Molina and Zev Yaroslavsky were termed out of office. They've loomed large in so many ways that their absence really marks the end of an era.
- One of the biggest trends in California politics has be the rise of Asian American political power. We saw evidence of this on the local and state-wide level this year.
- Another notable trend: gay political power grew this year. Voters elected a first gay mayor of Long Beach, first gay L.A. County Supervisor, and first gay L.A. County Assessor, and more.
- And we can't forget about the unprecedented election of Governor Jerry Brown. He'll serve a historic fourth term as governor of the Golden State.
The science of Santa: new study probes children's belief
How sure are you that your kids believe in Santa Claus? A new study out of Occidental College suggests children are not as gullible as we might think.
Psychology professor Andrew Schtulman studied how children ages 4-8 perceived extraordinary situations, things like fantasy tales, the possibility of an alligator appearing under the bed or the existence of Santa.
He found that as children grow older, they become quite skeptical of the possibility of extraordinary and physically impossible things happening.
To test how this applied to beliefs in Santa, Schtulman had kids write letters to Santa and prompted them to ask Santa questions. The older children asked more probing questions, trying to get to the bottom of the more mysterious practices of Santa - such as flying through the air, visiting the entire world in a night or fitting down a chimney.
The exercise suggests that children quickly begin thinking critically about how realistic Santa mythology is. Schtulman says most children stop believing in Santa altogether around age 8 or 9.