News in brief: Experian PIN fail; SEC hacked; AI vs terror

Experian

Experian can give away your credit freeze PIN

Shortly after Equifax disclosed a breach affecting 143 million customers, many experts — Naked Security included — recommended people put a freeze on their credit files. Now comes word that credit bureau Experian has a free online service that lets pretty much anyone request the PIN that unlocks a previously frozen credit file at Experian.

Brian Krebs reports that Experian’s page for retrieving someone’s credit freeze PIN requires “little more information than has already been leaked by big-three bureau Equifax and myriad other breaches. Krebs wrote:

One just needs to input an email address to receive the PIN and swear that the information is true and belongs to the submitter. I’m certain this warning would deter all but the bravest of identity thieves!

The final authorization check Experian asks for is for you to answer four knowledge-based authentication (KBA) questions. The trouble with KBA questions, Krebs said, is that so much of the information needed to successfully guess the answers to those multiple-choice questions is now indexed or exposed by search engines, social networks and third-party services online.

Despite this issue, and Equifax’s own issues with PINs, freezing your credit files is still a good idea.

Hackers trade stocks with SEC data

The SEC says hackers probably accessed its corporate disclosure database and stole information they then used for some profitable stock trading.

The theft likely happened last year, though the SEC didn’t connect it with illicit trading until last month, the Reuters news agency reported. The culprits reportedly exploited a software glitch in the test filing process to access private information. From Reuters:

The SEC hosts large volumes of sensitive and confidential information that could be used for insider-trading or manipulating U.S. equity markets. Its EDGAR database houses millions of filings on corporate disclosures ranging from quarterly earnings to statements on mergers and acquisitions. Although the SEC “promptly” patched the vulnerability after detecting it in 2016, the regulator only became aware last month that the glitch “may have provided the basis for illicit gain through trading”, it said.

The Washington Post says the breach could hamper the SEC’s efforts to collect more detailed information about stock trades into a central database that could make it easier for the agency to detect market manipulation.

The U.S. Department of Homeland Security (DHS) found five “critical” vulnerabilities on SEC computers as of Jan. 23, 2017, Reuters reported.

China says AI can fight terrorism

China’s security and intel chief wants his nation’s police force to use artificial intelligence (AI) to predict and prevent terrorism and social unrest.

The South China Morning Post reports that Meng Jianzhu wants to use AI through machine learning, data mining and computer modeling to help stamp out risks to stability. The paper quotes him as saying:

Artificial intelligence can complete tasks with a precision and speed unmatchable by humans, and will drastically improve the predictability, accuracy and efficiency of social management.

He also called for renewed efforts to integrate all the footage from surveillance cameras around the country.

Catch up with all of today’s stories on Naked Security