Black Hat brags about bank hack – Signal could have spotted it

One of America’s biggest banks took four months to realise it had been hacked. Signal could have helped the bank find and respond sooner to reduce their reputational damage.

In late July the $370bn bank Capital One announced a hack of one million social security numbers and 80,000 credit card-linked bank account numbers which is estimated to  cost over $100m to remedy.

Their announcement came 120 days after the actual hack occurred - the vigilant monitoring that Signal provides could have alerted Capital One to the problem quickly. Instead, it took months before a ‘white hat’ noticed conversation about the breach.   

The number of people affected was staggeringly high – in the words of Capital One itself, “The event affected approximately 100 million individuals in the United States and approximately 6 million in Canada.”

Here’s what happened:

On July 19, 2019, it was determined there had been unauthorised access by an outside individual who obtained personal information relating to Capital One credit card customers.

Capital One says it immediately fixed the configuration vulnerability that the individual had exploited and promptly began working with federal law enforcement.

The FBI arrested Paige Thompson, 33, a software engineer who formerly worked for Amazon Web Services… which Capital One is known to use.

Charges against Ms Thompson state she boasted about the hack on GitHub, Slack, and Twitter, allowing Capitol One the opportunity to quickly alert their cyber teams of a potential breach – if they were utilizing an OSINT tool like Signal.

Capital One claims it is unlikely the information stolen was used for fraud or disseminated by the individual, adding it believes no credit card account numbers or log-in credentials were compromised and that over 99 percent of Social Security numbers were not compromised.

The fact remains: one million social insurance numbers and 80,000 credit card-linked bank account numbers were exposed.

The largest category of information accessed was information on consumers and small businesses created when they applied for credit card products across the last 15 years, including:

  • Customer status data, credit scores, credit limits, balances, payment history, contact information

  • Fragments of transaction data from a total of 23 days during 2016, 2017 and 2018

  • 140,000 Social Security numbers of credit card customers

  • 80,000 linked bank account numbers of our secured credit card customers

  • The Social Insurance Numbers of one million Canadian credit card customers were also compromised in this incident.

The configuration vulnerability was reported to Capital One by an external security researcher through a Responsible Disclosure Program on July 17, 2019. Capital One then began their own internal investigation, leading to the July 19, 2019, discovery of the incident.  the hacker had four months to do what she wished with people’s personal information.  Unfortunately it is common for hacks to take months to be discovered, reported, and patched if the proper monitoring solutions are not in place.

Capital One expects the incident to generate incremental costs of approximately $100-$150 million in 2019. Expected costs are driven by customer notifications, credit monitoring, technology costs, and legal support and notifying customers.

Capital One said in its public statement it has always invested heavily in cybersecurity and will continue to do so.  This breach shows how the convergence of cyber and physical security is continuing to evolve as companies continue to invest in infrastructure and tools to stay at the forefront of cyber threats.  As threat surfaces continue to increase, social media and dark web scanning tools have become even more important to identify threats in real time

Clearly there’s a lot of money at stake, but the worst part of it all is the hacker boasted about it online and the response could have been a lot quicker.

While it doesn’t appear that the breach was for financial gain, the reputational damage for Capital One has been huge (and continues).

Here’s how signal can help prevent this sort of thing happening:

Signal’s point of difference is scanning the web and dark web for chat around data hacks, breaches and stolen information for sale.

We know that the accused thief bragged about what she was alleged to have done to Capital One, and this is precisely the sort of thing Signal is set up to prevent.

Signal offers

  • Monitoring over 15 data sources, including social media, web/forums, surface web, the dark web and online forums.

  • Accurate real-time results centred around the geographical locations you need to monitor

  • Advanced filtering of searches

  • Excellent visuals so you’re not sifting through raw data to find out who’s talking about hacks at  your organisation

  • Situation awareness

  • Online operation centre capability and data

 Please feel free to read how Signal could have helped resolve

Learn How Signal Can Help Your
Corporate Security, Emergency Management or Public Safety Team...

People are selling your stolen data online. Here's what it looks like

The image below shows a typical message from a carrier of stolen financial information looking for a buyer. Using Signal intelligence, we found this on the dark web.

Hackers will go wherever the money is, from NZ to Europe to the US or – as in this case – Australia.

They also recently attacked New Zealand, where equipment and clothing retailer Kathmandu suffered a data breach at the start of 2019. Intruders took customers’ credit card and personal information.

The ASX-listed Kathmandu said the following in a public statement on March 13:

“Kathmandu has recently become aware that between 8 January 2019 and 12 February 2019, an unidentified third party gained unauthorised access to the Kathmandu website platform. During this period, the third party may have captured customer personal information and payment details entered at check-out.”

It was only March 13 Kathmandu that publicly responded to the breach; intelligence software like Signal could have helped spot people trying to sell the stolen data online.

Doug Hunt of Auckland described on social media how on February 15 $2581.72 was taken from his credit card account. A second fraudulent transaction was noticed by the bank and blocked.

Hunt says he found out about the breach only after his bank, ANZ, phoned him.

Hunt told media he was appalled it took Kathmandu a month to respond.

 Who hackers are and how they operate

Taking credit card numbers is one of many ways hackers make money. Another is to get ATMs to spew cash.

  • Jackpotting attacks can empty ATMs in minutes and are performed by prying open a panel to access a USB port on the machine and injecting malicious code, Tech Republic reports. Jackpotting has been a growing security threat in Europe and Mexico.

  • Most ATMs can be hacked in under 20 minutes, according to Zero Day. Typically splicing a black box into the cable between the ATM’s computer and cash dispenser is the way it’s done.

  • Another way is by plugging a flashdrive into one of the ATM's USB or PS/2 ports then running commands on the operating system to cash out money.

  • There’s also malware. North Korean-linked Lazarus Group (aka Hidden Cobra) is believed responsible for malware known as FASTCash which stole $13.5 million from India’s Cosmos Bank between August 10 and August 13, 2018. That group committed thousands of fraudulent ATM transactions across 28 countries and came down to three unauthorized money transfers using the SWIFT international financial network.

 Data breaches can be stopped before they happen

The Ponemon Institute’s 2018 IBM Cost of a Data Breach study reported the average time it takes to identify a data breach is a shocking 196 days.

The time it takes Signal security intelligence to identify a potential breach being arranged on the dark web: minutes. Australian and New Zealand banks, institutions, businesses, hospitals and ASX/NZX-listed companies can all receive early indicators so you can be proactive about security and not caught off guard.

 If you know potential threats, you can set your own search terms

Signal is an extremely user-friendly app and can be utilised by any staff members with minimal training. Simply put in the search terms you feel your institution needs to monitor; Signal’s easy interface then provides alerts when what you’re looking out for appears online.  

  • Signal is designed to recognise conversations in which criminals name your bank or business

  • Every day, Signal observes and captures data around Dark Web users offering to sell stolen material

  • Signal parses through postings and conversations and can spot questionable behaviour which might harm your brand, your interests or even your staff.

 Breaches happen to many different types of online businesses

  • LinkedIn lost 6.5 million encrypted passwords in 2012

  • Ashley Madison had 36 million accounts compromised in 2015. In July that year, a group calling itself The Impact Team threatened to release users' names and personally identifying information if Ashley Madison would not immediately shut down. The group then leaked 25gb of company data, including user details causing huge embarrassment for the thousands of Saudi executives and US military and government employees who had accounts on Ashley Madison. The company which owns Ashley Madison then faced lawsuits, as users who had in the past asked Ashley Madison to delete their accounts found themselves caught up in the leak and sued the company.

  • Dropbox login data for 68 million users has been offered for sale on the dark web. The data set came from a 2012 breach. The trafficker was known in 2016 as TheRealDeal and offered a disturbingly low price: two bitcoins.

Which data is valued most?

Various online computer hacking magazines estimate the value of stolen information like so:

  • Passports are estimated to be worth $2,000

  • Medical records:  $1,000

  • Online payment account credentials typically valued at up to $200

  • Credit or debit card information – usually sold for up to $110

  • Diplomas: $400

 Trend Micro research shows the main types of data stolen are financial and insurance data, which can be twisted to then become a tool for blackmail; healthcare details; payment card information; account logins; and educational information such as transcripts.

We have dozens of examples of top sharelisted companies relying on Signal software to avert risk.


Learn How Signal Can Help Your
Corporate Security, Emergency Management or Public Safety Team...

How Watching The Dark Web Could Have Stopped A $140,000 Theft

Dayne Lynn, a young Lloyds Bank employee from Scotland, was convicted at the start of 2019 for stealing $AUD140,000 from his customers’ accounts after he was blackmailed by criminals he met on the dark web.

The crimes began when Mr Lynn joined an internet chat forum and made the mistake of revealing he worked at Lloyds Bank in Glasgow. Mr Lynn was working as a member of a team that investigates fraudulent payments and transfers, where he had access to the accounts of many bank customers.

It wasn’t long before a group of criminals on the dark web forum ordered him to steal from accounts and transfer the money to them.

On July 18, 2016, between 7:45 a.m. and 9:30 a.m. Lynn accessed almost 20 customer accounts and took tens of thousands of pounds, overcoming bank transfer restrictions using his Lloyds Bank employee credentials to access the accounts. The bank reversed all of the stolen money, however the identity of the culprit couldn’t be established for  over a year and Mr Lynn and his dark web associates almost got away with the crime.

The theft could have been averted if the bank had used Signal. Signal constantly monitors dark web traffic and simple search terms such as Lloyds Bank, banker or bank accounts might have allowed the bank to stop its staffer before he went down the road of fraud.

 Data Breaches Can Be Stopped Before They Happen

The Ponemon Institute’s 2018 IBM Cost of a Data Breach study reported the average time it takes to identify a data breach is a shocking 196 days.

The time it takes Signal security intelligence to identify a potential breach being arranged on the dark web: minutes.

Australian and New Zealand banks, institutions, businesses, hospitals and ASX/NZX-listed companies can all receive early indicators so you can be proactive about security and not caught off guard.

As the Office of the Australian Information Commissioner recently found

  • 78 per cent of data breaches involve individuals’ contact information

  • a third of the data breaches are financial details and a third health information.

 If You Know Potential Threats, You Can Set Your Own Search Terms

Signal is an extremely user-friendly app and can be used by any staff members with minimal training. Simply put in the search terms you feel your institution needs to monitor; Signal’s easy interface then provides alerts when what you’re looking out for appears online.

  • On a daily basis, Signal spots and reports Dark Web users offering to sell documentation and templates from banks and government as well as credit card numbers and logins

  • Signal parses through millions of postings and conversations to recognise questionable behaviour.

  • Signal is designed to recognise conversations regarding your business (bank, hospital, university) and determine the tone and context of potentially harmful language

  • ·You as the client set up your own monitoring parameters. For example, our Hollywood filmmaking clients ask us to identify those who want to hack, leak and illegally distribute intellectual property and scripts

  • Signal does all the heavy lifting, trawling the internet and sending you proactive alerts so that you hear about risks first – not 196 days later.

Data breach study author Larry Ponemon estimated a business is more likely to experience a data breach of 10,000 records than a person is to catch the flu over winter.

The average cost of EACH data breach in 2020 is anticipated to exceed $150 million, with worldwide costs estimated at $2 trillion

Don’t let a failure to watch the web cost your company.

Signal offers free demonstrations of outstandingly effective software. We have dozens of examples of top sharelisted companies relying on Signal software to avert risk. or email


Learn How Signal Can Help Your
Corporate Security, Emergency Management or Public Safety Team...

Don’t Wait For The News To Tell You About A Threat Outside

When Nur Islam became frustrated over a routine withdrawal at a Commonwealth Bank branch in Melbourne on November 18 2016, he poured petrol onto the carpet and set the building on fire, injuring himself and dozens of others.

The $2.5 million building in Springvale was soon destroyed.

Some of the first alerts to Commonwealth Bank’s staff, executives, owners, patrons and passers-by came from social media posts and ‘What we know so far’-style updates from online newspapers, full of urgent bits of information.

Lives were irreversibly changed that day; millions of dollars in insurance had to be paid out; injured staff had to be compensated and healed. Commonwealth Bank also had to protect customers’ sensitive information while ensuring communications around the attack were accurate and helpful.

 Get Faster Responses to Developing Danger

Part of Signal’s job is to aggregate online notifications around threats to buildings and the staff inside which affect business and personal safety in various ways.

Signal monitors online traffic, from social media to news to emergency alerts to the dark web, and can be set to notify any business instantly about

•         Fire and weather emergencies that might spill over into my building.

•         Political events happening, from nearby terrorism to far-away occurrences

•         Issues at airports, from terrorism to flight delays to blizzards

Signal lets users with large assets, distributed workforces and global reach especially large corporations and top banks in Australia, NZ and the US, pre-empt, prevent and develop strategic responses to emerging situations.

 Watch The Web and Respond Faster

Signal Open Source Intelligence assists a business’s 'Duty of Care' by

1. Letting you be the first to know – saving precious minutes

2. Covering many platforms – enabling you to monitor local and global events through news, social media and emergency services

3. Increasing situational awareness by corroborating real-time visual data

4. Monitoring community chatter and reputation in the incident aftermath

Signal lets you monitor everything affecting your organisation’s real and potential crises, staff safety, supply chain, fraud risks, cyber security and reputation – not to mention threats to your buildings whether from humans or hurricanes.

Signal has a global customer base that includes major corporations across finance, retail, pharmaceutical, and technology industries who utilize Signal to stay aware of potential threats to safety and security.

In Australia and New Zealand, Signal uses heightened situational awareness and real-time intelligence to monitor, gather, and analyse potential risks then make informed decisions to speed incident response time while reducing overhead costs.

Don’t let a failure to watch the web cost your company. or email

Learn How Signal Can Help Your
Corporate Security, Emergency Management or Public Safety Team...

[Infographic] Terror on the streets of Melbourne

Unfortunately no-one is exempt from terror events happening as was the case in Melbourne on Friday 9th November 2018. During events of this nature it is critical to get rapid information from a variety of sources.

Signal customers were quickly able to identify the existence of the incident and gather on-going information related to the incident.

 Read on to see information gathered by Signal in infographic format.


Learn How Signal Can Help Your
Corporate Security, Emergency Management or Public Safety Team...

Seeing in the Dark - Exposing the Dark Web

There is plenty of online information regarding the dark web – mostly accurate, although it can be daunting to understand the various nuances. One of the better overviews I have seen can be seen at

The article and supporting infographic provide a good summary of the various ‘layers’ of the Internet and how they can be accessed.

Understanding that, by its very nature, the Dark Web is the place to lurk out of sight, which makes it a logical source of information and vehicle to perform nefarious or illegal activities.  

These conversations and activities may be relevant to Signal subscribers, hence the addition of Dark Web as a data source for Signal Gold subscribers.

Examples of activities that have been identified from dark web content include;

  • Online markets selling stolen and fake goods

  • Impersonation of individuals or organizations

  • Details in regard to hacking or incitement to hack

  • Reputational risk via fake news or impersonation

  • Illegal activities such as drugs and drug paraphernalia

One of the benefits that Signal provides is the ability to review the dark web post content (text only) without needing to utilize a Tor browser – simply review the content from within your Signal browser session.

Screen Shot 2017-12-18 at 11.44.00 AM.png

Dark Web is available today for Signal subscribers with a gold or better subscription– if you are interested in more information in regard Signal or the dark web content, then contact us

Learn How Signal Can Help Your
Corporate Security, Emergency Management or Public Safety Team...

The Power of Emotional Analysis - introducing Signal Spotlight

Signal Spotlight provides a real-time overview of the emotional state of Signal search results. Using Signal Spotlight, Signal users can better understand the prevalence and drivers of emotions and what is happening in real-time. Spotlight taps into the results  from Signal search criteria across many data sources to better understand the prevalence and drivers of emotions. For example during an incident or event, an important attribute is how people are feeling about what has happened and how the emotional state may be changing real-time as that incident/event unfolds.



The Spotlight underlying technology uses a large vocabulary of emotion terms that were compiled from multiple sources, including the ANEW and LIWC corpora, and a list of moods from LiveJournal.  In addition a crowdsourcing task was run to organise these terms against Parrott's hierarchy of emotions. The emotions are colour-coded using a dataset of affective norms provided by the Center for Reading Research at Ghent University.

Spotlight leverages technology and research undertaken by the Language and Social Computing team in the Digital Economy Programme of CSIRO's Digital Productivity Flagship and originally developed as a joint project between computer scientists at CSIRO and mental health researchers at The Black Dog Institute.


Milne, D., Paris, C., Christensen, H., Batterham, P. and O'Dea, B. (2015) We Feel: Taking the emotional pulse of the world. In the Proceedings of the 19th Triennial Congress of the International Ergonomics Association (IEA 2015), Melbourne, Victoria, Australia, August 2015.

Learn How Signal Can Help Your
Corporate Security, Emergency Management or Public Safety Team...

[Infographic] Hurricane Harvey victims take to social media

When catastrophic events strike, emergency services are seeing a growing reliance on social media by those affected. Citizens are going online to ask for help, mark themselves as safe and support relief efforts.

When Hurricane Harvey struck Texas at the end of August 2017, due to the scale of the disaster, traditional tools were unable to cope. 

Although unprecedented in modern history, the impact of Harvey shows that agencies need to recognize the importance of channels like social media.

With our analysis, we have pinpointed aspects that occurred during the event. Post-event recovery is another area where additional situational awareness can be gained ... but that’s a topic for another blog.

Read on for all the information we gathered in infographic format.


Learn How Signal Can Help Your
Corporate Security, Emergency Management or Public Safety Team...

Case Study: How Emergency Management Victoria Leverage Social Media Intelligence To Their Advantage

Justin Kibell, Manager of Operational Intelligence, Emergency Management Victoria

Justin Kibell, Manager of Operational Intelligence, Emergency Management Victoria

We spoke with one of our customers, Justin Kibell - the Manager of Operational Intelligence for Emergency Management Victoria (EMV), to see what he thought the most important uses for monitoring online data were, when emergencies arose.

Here's what Justin had to say:

One of the key principles we use in our Intelligence section is to consider a broad range of information from different sources and agencies. Open source is a key source of information directly from the community, but it comes with a lot of noise.

It can often be difficult to locate the key pieces of information and this is why we have been using Signal to assist us with efficiently gathering and collating open source content across a range of platforms.

The key drivers for information gathering from social media platforms are similar to that of other information channels monitored by Intelligence Analysts.  Open source information such as social media provides an opportunity to corroborate information from other sources and in some cases discover additional (important) information shared directly by the public who are on scene or potentially impacted.

"... Intelligence Analysts utilise the powerful search and monitoring features of Signal..."

Our Intelligence Analysts utilise the powerful search and monitoring features of Signal to search through various open source streams to locate information across a range of intelligence requirements such as:

1. Gauging Public Sentiment – to assist the social media team in our Public Information team, we use Signal to help determine what the community is saying about the emergency and the Governments response, both positive and negative.

2. Monitor News Coverage – searching local and interstate news websites, journalists and associated influencers, we use Signal to help obtain a bird’s eye view of what media are reporting which we pass onto the Public Information team to address and minimise misinformation.

3. Situational Awareness – using Signal to search and collate information from videos, images and descriptions of damage posted online is incredibly useful to our analysts both in building a more complete picture of what is going on (including known and potential impacts), but also in assisting our predictive services team with on scene observations which help validate their modelling such as photos with smoke plumes and fire behaviour showing.


4. Survey Damaged Areas – pinpointing the worst hit areas with observations directly from the community assists us in more efficiently deploying resources to areas with the most need. The geo-located content he at map feature quickly highlight key areas of interest.


"... using Signal for over two years now"

At the State Control Centre we have been using Signal for over two years now. Our Intelligence Analysts have positively commented on improvements to the usability and features of the tool and look forward to using the new information offered through the new “Spotlight” functionality.

Over the last three years our social media emergency management intelligence capability has grown and throughout this period Signal has been an important and valuable tool in the tool chest used by our team.

Justin Kibell,  Manager of Operational Intelligence, EMV

Justin's experience with Signal demonstrates the various benefits social media offers for emergency management intelligence. 

How are you using open source intelligence in your emergency reponse efforts?

Learn How Signal Can Help Your
Corporate Security, Emergency Management or Public Safety Team...

5 Signs Your Corporate Security Department Needs a Better Way of Monitoring Social Media

It’s no secret social media is now a key source of intelligence for corporate security professionals. But with so many social media monitoring tools to choose from; departments can easily end up choosing software that hasn’t been developed with their needs in mind, i.e. social media monitoring software built for marketing purposes.

This poor choice often impacts efficiency, results and ultimately hurts the bottom line and, in some cases, employees.

Here are 5 tell-tale signs that’ll help you work out if the social media monitoring tool your corporate security department uses, needs an overhaul.

1.     Sometimes they’re the “last to know”

News travels fast these days. Some call it “the speed of internet”. What this means is, everyone and anyone with an internet connection can learn about and/or spread the breaking news happening at your corporation.

This increases the chance of staff members finding out things before your corporate security department does. Especially when it’s happening in a retail store or near the event your CEO is speaking at.

Corporate security departments using operationally focused social media monitoring tools give themselves a better chance of being in the “first to know” camp.

2.     Reports are missing known threats

Lack of awareness can linger long past the date something occurred (especially for potentially threats that haven’t developed fully).

When regular reports are missing developed or developing threats, that are already known to senior executives (whose lives and lively hoods depend on it), it may result in a loss of confidence from the executive team. Even when the corporate security department think they are being as effective as possible.

The wrong tooling might provide you with what looks like the most relevant and timely information, but you’re often missing the complete picture.

The right tooling, developed specifically for protecting executives, assets and supply chains, often provides more advanced/targeted search capabilities, e.g. Boolean search, than typical marketing related tools - where the focus is on brand and reputation management as well as social engagement.

3.     Incident response times are slow

Further to point 1. above, if your team is unaware of a threat, or simply hear about it too late, this can have a flow on effect and impact the overall incident response time. Potentially putting the safety of staff and executives at risk, impacting “Duty of Care” responsibilities and even losing revenue or impacting costs.

Having the right monitoring tool often means you can plan ahead (building out a calendar of events to monitor), giving you a better chance of being the “first to know” and therefore speeding up incident response times.

4.     Small incidents often escalate

You guessed it! Catching threats early can keep small incidents… Well, small. Saving you and your team from troublesome bigger incidents in the future. So, how does Social Media come into this?

Sometimes the earliest signals come from the most unusual sources. Social Media, if used with the right monitoring software, can act as an early warning system for you and your team. It can even supply this early intelligence directly to your phone via SMS or email so you are always on top of new incident’s.

5.     Your team is too reactive

If you’re the Head of Corporate Security and you can’t understand why your team never seems to be prepared for events such as executive travel and retail store/office openings.

It could be a sign they need to move to operationally focused social media monitoring software where they can plan ahead and schedule monitoring at certain locations over certain dates, times or seasons.

This not only instils a more active team culture, it’ll also reduce stress and allows your team to be in a better frame of mind when things really matter.


Just three years ago there was very little in the way of social media monitoring software tailored for corporate security professionals. Early adopters persevered, as a stop gap, with tools designed for marketers.

These days’ things are a little different:

  • The role of corporate security in any large corporation is becoming more important
  • Social media is an open source of intelligence when it comes to protecting executives, digital/physical assets and supply chains
  • Access to social media is now in the hands of the majority (wherever they are)
  • Threats can be indirectly identified via social media posts made by the public and media

And, most importantly, tools have been created specifically for corporate security professionals to make use to this free intelligence source.

The question is: Are you already making the most of these new tools or is it time to make the shift?

Learn How Signal Can Help Your
Corporate Security, Emergency Management or Public Safety Team...