Tuesday, April 10, 2007

Blog exposes risk in reporting ID Theft

(Screenshot courtesy of the In Security Blog)

I'm surprised no one has called this one out before. John Sharp, author of the In Security Blog writes:

Those of you who follow my blog know that I'm worried about the increasing sophistication of keyloggers. Which is why, when I went on the FTC site this morning, I was a little shocked to discover that the format of the FTC ID Theft Complaint Form presents a veritable gift to keyloggers.

Full post from the In Security Blog (great read), here. There are also some great tips on how to avoid becoming a crimeware victim on the PR release on this from Authenium (John's company), here.
John's concerns are well founded. The Anti Phishing Working Group, which tracks phishing, malware and crimeware (normally keylogger variants) shows their use increasing, monthly.
Keyloggers (once on a system) record keystrokes, sending them back to the person, who covertly placed the software on the system. Criminals often install (drop) these cybernasties using spam e-mails, which lure people to click on their links.
The information, the criminals intend to log (steal) is personal and financial, which is then used to steal money.

(Chart courtesy of Websense and the APWG)

Sadly enough, keylogging software has so-called legitimate uses and can be legally purchased by anyone. One of the legitimate (so-called) uses is to spy on other people (invade their privacy).

Just about anyone can buy this wonderful technology right on the Internet, which can bee seen, here. Perhaps if it wasn't so easily available, the problem wouldn't keep getting worse?

The FTC does a lot of good in their battle to fight identity theft. You can get a lot of good information about how not to become a victim by visiting their page on it, here.

Once a computer has been compromised with crimeware (keylogging software), anything entered on it can be logged (exposed). Even if the site you are sending the information to is "secure," your computer IS NOT!

The Internet is full of sites requesting your personal details, the bottom line is to make sure your system is secure, or if it IS NOT - avoid sending personal or financial details, anywhere.


nanciesweb said...

You can make "legal" software hard to get, but like guns, criminals won't follow "ethical" roots of acquiring of what they want and bypass all the laws to get it.

The only people who won't get it are the law abiding citizens. Most of these people will use it on their kids because they are worried about the dangers of the internet.

JC Hartman said...

Gee Nancie,

I hope you keep all your guns away from children. An awful lot of them get shot by mistake when their parents don't.

Anonymous said...


There are other ways to block children from unwanted sites besides spying on them.

This is a sad commentary on society - that we need to spy on our children.

CFA said...

Trying to reach Ed Dickson via email.

Pls contact: Timothy Gillespie nsarts@canada.com or 877-235-4449 re: eBay land sales fraud