Sunday, May 10, 2009

Berkeley Hackers.

Image - UC Berkeley had NOTHING about the hack of their sensitive data! If I were a Berkeley alumnus or student I would be raging mad!


New York Times - This is all they wrote. It no longer matters. We are resigned. Ten years ago this would have been HUGE!
"Officials at the University of California, Berkeley, said hackers infiltrated restricted computer databases, putting at risk health and other personal information on 160,000 students, alumni and others. The university said the data included Social Security numbers, birth dates, health insurance information and some medical records dating to 1999. Personal medical records were not compromised, officials said. The databases also included personal information of parents, spouses and Mills College students who used or were eligible for Berkeley’s health services. The breach occurred Oct. 6 and lasted until April 9."

CNET had more info so we linked to their story.

Please get some Id theft insurance.

Saturday, May 09, 2009

$10 Million Ransom for Hacked Records? YES!

Virginia leading the way in what, sensitive data losses?!

Yes the tragedy continues. Now data is basically hacked by "Cyber Pirates," people who seize massive data bases and try to get ransom for returning them.

Fox News Thursday, May 07, 2009. "The FBI is investigating a $10 million ransom demand by a hacker or hackers who say they have stolen nearly 8.3 million patient records from a Virginia government Web site that tracks prescription drug abuse, an FBI official confirmed Wednesday. The state police in Virginia are also investigating the possible breach of confidential records."

According to Government Technology:

"The breach was originally reported on WikiLeaks, a site that publishes and comments on reports of leaked documents. According to the site, when people logged on to the Web site of the Virginia Prescription Monitoring Program on April 30, they saw a ransom note containing the following information:

"I have your s@*t! In *my* possession, right now, are 8,257,378 patient records and a total of 35,548,087 prescriptions. Also, I made an encrypted backup and deleted the original. Unfortunately for Virginia, their backups seem to have gone missing, too. Uhoh :(

"For $10 million, I will gladly send along the password. You have 7 days to decide. If by the end of 7 days, you decide not to pony up, I'll go ahead and put this baby out on the market and accept the highest bid."

The security of critical information is normally a very low priority in state and federal government because there are no lobbying and interest groups advocating for information security.

More importantly, there is no massive campaign funding going to candidates for pubic office coming from any PAC's or lobbying groups to secure critical data.

The BIG question? Is this a precursor of what will happen to all of our medical records when they are put on the Internet?

The second question. Will the provider of the software and web service for storing and managing this sensitive data be liable for this or will they get off scott-free as they usually do?

By the way the web site Welcome to the Prescription Monitoring Program http://www.dhp.state.va.us/dhp_programs/pmp/default.asp is down and cannot be accessed.

Labels: , , ,

Friday, May 08, 2009

FAA Hacked - What's Next?


The story is this:

"Hackers breached the network of the Federal Aviation Administration earlier this week and gained access to sensitive records, according to an aviation trade publication. The FAA breach has prompted President Obama to order an immediate review of federal cyber security."

The hackers got access to the personnel files of 45,000 FAA workers.

This is not good because now they know who these people are and can direct either financial or total identity theft at the. They now know whom to attack with hacks on their personal computers which for the most part will not be well secured like most computers in the USA.

I was just at the FAA web site. Not a word on there.

Worst case scenario?

They may now be able to "clone" the identity of some of these critical workers, duplicate their security pass information, which would give them access to the air traffic system. Moreover it will make it possible for them to forge ID cards and get past airport security as FAA employees.

why did Clinton and Bush do so little tos ecure cyber space?

Why are we spending hundres of billions on harware and airplanes when the next war will clearly be a cyber war?

Why is the mainstream media reporting so little about this? Is it because they don't understand it or because it's so frightening they'd rather go the swine flu route as a way to scare the pubic?

Stay tuned. We will cover it all.

Tuesday, May 05, 2009

Flores-Figueroa v. U. S.

Are you aware of Flores-Figueroa v. U. S., No. 08-108. May 4, 2009?

A federal “aggravated identity theft” statute that adds two years to the sentence of someone who uses false identity documents in commission of another crime requires proof that the offender knew the information belonged to another person, the U.S. Supreme Court ruled.

The defendant in Flores-Figueroa v. U. S. worked illegally at a steel plant using forged Social Security and alien registration cards he had purchased.

His employer became suspicious of the documents and contacted federal authorities, who found that the Social Security and alien registration documents listed numbers that belonged to other people.

The defendant pleaded guilty to charges of misuse of immigration documents and illegal entry. After a bench trial, he was also convicted of violating the identity theft statute U.S.C. § 1028A(a)(1), which tacks an additional two years onto the sentence of anyone who “during and in relation to any felony violation enumerated in subsection (c), knowingly transfers, possesses, or uses, without lawful authority, a means of identification of another person.”

The defendant appealed the additional sentence, arguing that the government had presented no evidence that he knew the numbers belonged to an actual person.

The 8th Circuit upheld the conviction. The Supreme Court granted certiorari.

In reversing the 8th Circuit, the Court rejected the government’s argument that the statute requires only that the offender knowingly used false documents, not that the information necessarily belonged to another.

“As a matter of ordinary English grammar, it seems natural to read the statute’s word ‘knowingly’ as applying to all the subsequently listed elements of the crime,” wrote Justice Stephen Breyer for the majority.

“The government cannot easily claim that the word ‘knowingly’ applies only to the statute’s first four words, or even its first seven.”

The Court also dismissed the government’s argument that proving knowledge that the documents identify someone else would be difficult, if not impossible, thwarting the intent of the law.

“Congress used the word ‘knowingly’ followed by a list of offense elements,” the opinion states. “And we cannot find indications in statements of its purpose or in the practical problems of enforcement sufficient to overcome the ordinary meaning, in English or through ordinary interpretive practice, of the words that it wrote.”

U.S. Supreme Court. Flores-Figueroa v. U. S., No. 08-108. May 4, 2009. Lawyers USA No. 993-729.

  • All Material is Copyright © 2009 Michael McCoy and SEAS, L.L.C
  • Deter. Detect. Defend. Avoid ID Theft - www.ftc.gov/idtheft