Wednesday, March 18, 2009

New Cyber Security Initiative - click here for full story

From the Wall Street Journal comes word that the Obama admin. is looking at the US cyber security issue and planning to beef it up by a lot. Yes, even Uncle Sam has "issues" with security and it is a growing threat (as you know since you are reading this blog).

WASHINGTON -- The biggest U.S. military contractors are counting on winning billions of dollars in work to protect the federal government against electronic attacks.

U.S. agencies from the Pentagon to the Department of Homeland Security have experienced major cyber-break-ins in recent years, even into classified systems. Cyberspies also have siphoned off critical data from Pentagon contractors, including one breach that cost a major aerospace contractor $15 million.

Intelligence officials estimate annual U.S. losses from cyber breaches to be in the billions of dollars, and some worry that cyber attackers could take control of a nuclear power plant or subway line via the Internet -- or wipe out the data of a major financial institution.

The article says that spending for this initiative could range from $15 billion to $30 billion in the next five years. The article also points out that there is a big debate as to who can do the best cyber security work and that government contracts often go to the wrong people! Duh!

Sunday, March 15, 2009

ID Theft and US PAssports - A new Vulnerability. Click for link to story


We've talked and written a great deal about "composite" identity theft. that's where someone makes up a fake person by stealing pieces of information from real people. Now we discover that US passports are being obtained using these constructed identities.
"Using counterfeit documents and the identities of a dead man and a 5-year-old boy, a government investigator obtained American passports in a test of security measures. Despite efforts to improve passport security since the Sept. 11 attacks, the investigator fooled passport and postal service employees on four separate applications, according to a new report by the Government Accountability Office." From the New York Times article
In the never ending saga of trying to connect a flesh-and-blood human being with a name, birth date, birth place, and Social Security number once again we discover n this problem with passports how difficult this has become. The bad guys have a thousand ways of getting information and creating legitimate looking personalities and authentications.

As a society we are stuck between onerous and almost impossible verification techniques and "customer friendly" delivery of vital documents such as a passport.

Stay tuned to this blog for further exploration of how that might eventually happen.

Keep your documents safe!

Saturday, March 14, 2009

Norm Coleman Donor List Data Breach - click here 4 link


Did you ever give money to a political candidate or a charity on line with your credit card? Have you given your cell phone number to any vendor, bank, political campaign? Then you won't like this story.

Norm Coleman is the Republican incumbent Senator from Minnesta who is in a disputed election ballot recount with his opponent Al Franken.

This week WikiLeaks.org, a whistle-blowing web site, published a list of donors to the Coleman campaign, as well as the street and e-mail addresses of 51,000 voters who supported Mr. Coleman. Later 467 cellphone numbers of people who has signed up for his SMS "alert" service were also made public. It was also discovered that the campaign retained the security code numbers from the credit cards of donors longer than 48 hours which is prohibited by MN law and the credit card payment council.

Furtherore, the campaign did not inform the donors whose credit card and other data had been breached because, as usual, they said there was no evidence that the information had been illegaly used.

How many #@!%^&*(? times do I have to remind you that when sensitive information is beraches and exposed on the Internet you may not knwo if it will be used illegally for a long time because crime organizations obtain such information and slowly put it to work.

This story is another of an endless lesson in bad behavior by data base managers. That's why anyone who handles sensitive personal information such as this MUST get training in secure data management and responsible ID protection.

On the other hand it is also why so many people choose to have ID Theft insurance so that they can get timely alerts or help fixing any problems that result from data breaches.

Saturday, March 07, 2009

Facebook Id Theft Threat.



The attacks never end! The bad guys work 24-7 and the IT industry sleeps.

Read more Yahoo report
As Facebook works to make itself more relevant and timely for its growing member base with a profile page makeover, attackers seem to be working overtime to steal the identities of the friends, fans and brands that connect though the social-networking site.

Indeed, Facebook has seen five different security threats in the past week. According to Trend Micro, four new hoax applications are attempting to trick members into divulging their usernames and passwords. And a new variant of the Koobface worm is running wild on the site, installing malware on the computers of victims who click on a link to a fake YouTube video.

The Koobface worm is dangerous. It can be dropped by other malware and downloaded unknowingly by a user when visiting malicious Web sites, Trend Micro reports. When attackers execute the malware, it searches for cookies created by online social networks. The latest variant is targeting Facebook, but earlier variants have also plagued MySpace
See our new blog teaser! CLICK here

Thursday, March 05, 2009

Video on the Internet and ID Security




Dr Steffen Schmidt on Internet security
click on link above.

Tuesday, March 03, 2009

New Iowa ID Theft Law



Iowa is proposing a new law to help victims of ID theft. On March 3, 2009 the Des Moines Register "Plan eases clearing of record in ID thefts" reported that
"If Iowans have their identity stolen and criminals who get hold of their identity rack up traffic convictions under the false name, it's very difficult for the victims to have their records cleared, officials said Monday. Transportation and courts officials would like to craft a new system that would make it easier for ID theft victims whose driving records are falsely marred to get the records corrected.

Even if the ID thief was convicted of just one speeding ticket in one county, the victim currently has to hire a lawyer and go before the courts in all 99 counties to get his or her record changed statewide, said Bill Brauch, director of the consumer protection division of the Iowa attorney general's office."
"That's just an extraordinarily difficult task to impose on someone who's a victim," Brauch said.

Senate Study Bill 1266 seeks to create a sort of "one-stop shop" at the Iowa Department of Transportation, said Elizabeth Baird, legislative liaison for the transportation department. Motor vehicle enforcement officials would investigate whether the fraud had occurred, then issue a decision. The victim could then take the decision to one court to have the record changed statewide, Brauch said.

Every year, hundreds of Iowans face ID theft problems in connection with stolen Social Security numbers, bank accounts, credit cards and other facets of their lives. The attorney general's office is currently working with two non-Iowans whose identities were stolen, Brauch said. Criminals used their Social Security numbers to get fake licenses, then got ticketed for traffic violations in Iowa, he said.

"It happens routinely," Brauch said. "I'm not saying there are hundreds of victims, but this happens enough that the Legislature needs to do something to streamline the process - but make sure people aren't trying to trick the system if they really do have a bad driving record."

The proposed bill would also change one word in the law about foreign nationals.

Foreign nationals under current law can get an Iowa driver's license for as long as they're legally in the country, for a maximum of two years, Baird said.

Transportation officials by law must "determine" whether the foreigner has the correct paperwork to be eligible for a license.

Officials want to change that to say they must "verify" that he or she has the proper paperwork, Baird said.

This is clearly a step in the right direction and other states must follow this example.

Sunday, March 01, 2009

ID theft Unstoppable?


More and more we are seeing and hearing breathless coverage (but no solutions really) on ID theft. One headline recently read - "Is identity theft unstoppable?" (This seems rhetorical).

"Some 50 million identities have been compromised or stolen in the last six months alone. It's an infuriating, never-ending battle against determined hackers and identity thieves who are constantly probing for our names, dates of birth, credit cards, Social Security numbers, bank accounts, pin numbers and passwords.

A detective from Springfield, Ore. is quoted as saying "We can't protect your identity. We're left with picking up the pieces after it's been stolen."

Wow! Finally law enforcement is telling it like it is. ID theft is not the strength of most police departments. Since crimes are often committed from far away the question of jurisdiction becomes a huge obstacle in a victim getting help.

Oregon's solution to this law enforcement problem is a task force led by Assistant U.S. Attorney Sean Hoar that " ... has recovered dozens of forged IDs, checks, bank statements and a treasure trove of high-tech tools used by identity thieves — some of whom used couriers to carry and encrypt personal data. But overall, they were small players."

In 2009 there is still no national law on data protection and the system is a patchwork of state laws.

"If this were an illness, Congress and the United States would be calling for an all-out war on this illness, because it would be critical for the American people," says Rob Douglas, who runs the Web site PrivacyToday.com.

The issue is gaining momentum, with several bipartisan proposals aimed at restricting the use of Social Security numbers and creating a new cyber-security center. The latest bill would require companies that collect data to tighten controls and tell customers how that information is used.

"I don't want to know my info is being sold in some chat room in Eastern Europe because some company handled it improperly," says Sen. Patrick Leahy, D-Vt.

But many financial institutions — some of the very institutions that prosecutors say have failed to do even basic double-checking — oppose new laws, promising instead better self-regulation.

"What we found is that a lot of entities don't actually cross-check the names or dates of birth associated with Social Security numbers," says Conrad.

The Obama administration and Congress have moved up cyber-security and ID theft to a higher level of alert.

Moreover, many tens of thousands of people have been attending our workshops and trying to develop a "Culture of ID Security" for themselves and their clients. This has already helped slow down the frequency of casual ID theft according to FTC statistics.

Our book The Silent Crime and the new small companion booklet "Silent Crime Too" (also called the "Red Book") as well as articles such as "Get Smart About Identity Theft" in the magazine Smart Solutions (March 2009) have been widely read and followed.


© 2008 msnbc.com Reprints URL: http://www.msnbc.msn.com/id/8422940/

  • All Material is Copyright © 2009 Michael McCoy and SEAS, L.L.C
  • Deter. Detect. Defend. Avoid ID Theft - www.ftc.gov/idtheft