Looks like Alistair Osborne of The Telegraph really has it in for Betfair after having been denied access to their AGM!
http://www.telegraph.co.uk/finance/news ... theft.html
Unfortunately, the content of the above article doesn't really surprise me. I've always been a critic of Betfair's lax security measures.
"Betfair is in for a rough ride over data theft"
There's currently a slightly different version of that article on the Telegraph website.
It states (http://www.telegraph.co.uk/finance/news ... float.html):
'Cyber-criminals stole the payment card details of almost 2.3m Betfair customers only months before the betting exchange's controversial £1.39bn float.
[...]
However, the betting exchange did not inform its 3m-plus registered customers. Neither did it provide any details of the crime in the prospectus for last October's £13-a-share listing, raising questions over the adequacy of its disclosures.'
This is not good enough!
Criminals could have been emptying our bank accounts, but Betfair decided to cover up the matter in case it damaged their flotation!
This is like something out of a John Grisham novel!
Jeff
It states (http://www.telegraph.co.uk/finance/news ... float.html):
'Cyber-criminals stole the payment card details of almost 2.3m Betfair customers only months before the betting exchange's controversial £1.39bn float.
[...]
However, the betting exchange did not inform its 3m-plus registered customers. Neither did it provide any details of the crime in the prospectus for last October's £13-a-share listing, raising questions over the adequacy of its disclosures.'
This is not good enough!
Criminals could have been emptying our bank accounts, but Betfair decided to cover up the matter in case it damaged their flotation!
This is like something out of a John Grisham novel!
Jeff
Betfair are quoted as saying that:
'Because of our security measures, the data was unusable for fraudulent activity and we were able to recover the data intact. At the time, we contacted all the relevant authorities and worked closely with them regarding this matter and it was established that there was no risk to customers'.
If that is the case, I can understand Betfair not informing customers, and worrying them needlessly.
But if I were an IPO investor, I'd want to know about a major security breach...
Jeff
'Because of our security measures, the data was unusable for fraudulent activity and we were able to recover the data intact. At the time, we contacted all the relevant authorities and worked closely with them regarding this matter and it was established that there was no risk to customers'.
If that is the case, I can understand Betfair not informing customers, and worrying them needlessly.
But if I were an IPO investor, I'd want to know about a major security breach...
Jeff
-
andyfuller
- Posts: 4619
- Joined: Wed Mar 25, 2009 12:23 pm
I don't care if they recovered the data safely or anything else for that matter - if someone broke into my home and my neighbour shouted at them so they ran away without stealing anything I would still want to know that my house had been broken into, likewise I would have liked to have found out that my bank details may have been stolen from the people who were broken into (Betfair) and not find out via a link on a forum to the Daily Telegraph - Disgraceful as ever from Betfair!
Just looked on the Betfair Forum and can't find any comment from them....
Just looked on the Betfair Forum and can't find any comment from them....
They should put out an official statement somewhere. I realise this journalist obviously has it in for Betfair, but Betfair should respond by clearing things up a bit and stating if there is any impact anywhere. Was anything of value stolen or was it completely unusuable, or just parts of it? What was stolen?
It does raise questions.
How could Betfair be so confident that the criminals wouldn't be able to use the data?
Was the data so well encrypted that even the FBI wouldn't have had a snowflake in hell's chance of cracking the code?
Or did Betfair make self-serving assumptions (ie guesswork) about the criminals' technical capabilities?
Jeff
How could Betfair be so confident that the criminals wouldn't be able to use the data?
Was the data so well encrypted that even the FBI wouldn't have had a snowflake in hell's chance of cracking the code?
Or did Betfair make self-serving assumptions (ie guesswork) about the criminals' technical capabilities?
Jeff
The below excerpt from the article kind of contradicts the statement "the data was unusable for fraudulent activity":
So surely, they can clone the cards, and use them for offline payments..!"We have taken the prudent view that the criminal has the expertise to decrypt the payment card details," Betfair admitted, though stressed that the "CVV2/CVC security numbers" were not stolen.
Let's say you have 3 million stolen cards numbers, but no 3 digit security numbers.
You pick a number at random between 0 and 999, and get a computer program to try making small payments using that number with all of those cards.
About 0.1% of the computer's attempts will be successful. You now have the card nos and CVC numbers of 3,000 cards...
Repeat the process every few days (but not often enough to automatically trigger a fraud alert), and get another 3,000 CV2 nos every time.
People who are clever enough to hack into Betfair are clever enough to think up a method like that...
Jeff
You pick a number at random between 0 and 999, and get a computer program to try making small payments using that number with all of those cards.
About 0.1% of the computer's attempts will be successful. You now have the card nos and CVC numbers of 3,000 cards...
Repeat the process every few days (but not often enough to automatically trigger a fraud alert), and get another 3,000 CV2 nos every time.
People who are clever enough to hack into Betfair are clever enough to think up a method like that...
Jeff
Ethanol wrote:!"We have taken the prudent view that the criminal has the expertise to decrypt the payment card details," Betfair admitted, though stressed that the "CVV2/CVC security numbers" were not stolen.
-
andyfuller
- Posts: 4619
- Joined: Wed Mar 25, 2009 12:23 pm
Looks like we have prime suspect Number 1Ferru123 wrote: People who are clever enough to hack into Betfair are clever enough to think up a method like that...
Jeff
I'm flattered you think I'm clever enough to hack into Betfair! But given that I can't even get the microphone attached to my computer to record at above a whisper 
, I suspect it would be a bit beyond my abilities! 
Jeff
But given that I can't even get the microphone attached to my computer to record at above a whisper , I suspect it would be a bit beyond my abilities! Jeff
andyfuller wrote: Looks like we have prime suspect Number 1
