Saturday, June 30, 2007

Japanese cop exposes confidential information on 6,000 people using P2P (file-sharing) software

Japanese police car picture courtesy of Flickr

We spend a lot of MONEY protecting computer systems and the information in them. Despite this, information is stolen or compromised from computers, pretty frequently.

One reason for this is it only takes one person, with access to compromise a system and it's security.

Recently, Japan Today, disclosed that a policeman did just this by using P2P file sharing software:

Personal information on some 12,000 people related to criminal investigations has leaked onto the Internet from a computer of a Tokyo police officer via Winny file-sharing software, the Metropolitan Police Department said Friday. This is believed to be the largest volume of data leaked from the police on record, the department said.

In case you've never been exposed to P2P (file sharing) software, it's normally used to share porn, movie, or music files.

Wikipedia lists the dangers of using this type of software, of which there are many:
  • poisoning attacks (e.g. providing files whose contents are different from the description)

  • polluting attacks (e.g. inserting "bad" chunks/packets into an otherwise valid file on the network)

  • defection attacks (users or software that make use of the network without contributing resources to it)

  • insertion of viruses to carried data (e.g. downloaded or carried files may be infected with viruses or other malware)

  • malware in the peer-to-peer network software itself (e.g. distributed software may contain spyware)

  • denial of service attacks (attacks that may make the network run very slowly or break completely)
  • filtering (network operators may attempt to prevent peer-to-peer network data from being carried)

  • identity attacks (e.g. tracking down the users of the network and harassing or legally attacking them)
  • spamming (e.g. sending unsolicited information across the network- not necessarily as a denial of service attack)

Using any of these services, normally slows a computer down to a slow crawl. It can even destroy your computer.

Besides that, it's illegal to share copyrighted material (I think it's considered stealing). Not a very good situation for a policeman to get caught up in. What was he thinking?

Japan Today story, here.

Here is another post, I wrote about the murky world of P2P last year:

How P2P Software like Limewire Compromises Personal and Financial Information tracks how often information is compromised, and the reasons why, here.

Friday, June 29, 2007

Scambusters predicts a lot of scammers will use the iPhone as a lure to steal money

IPhone picture, already up on eBay, at the time I posted this. It comes from an offer to become a iPhone distributor. did a thoughtful article on the iPhone, and how, scammers will probably take advantage of the situation.

After reading Audrey and Jim's well though-out predictions, I'm going to opt to share their sage advice.

In Audrey and Jim's own words:

Apple's iPhone is one of the most anticipated -- and hyped -- products ever. And with any huge product launch, the scammers come out in droves. So, if you want to make sure you don't get ripped off, you've come to the right place.
For's sage predictions, link here.

I've written a lot about auction fraud, which is where we will probably see a lot of these scams surface, here.

A good place to look at iPhones is the Apple store. You can go to their site, here.

From what I hear, discount iPhones will not be available for awhile!

A too good to be true deal on a iPhone, probably IS NOT a real deal!

Thursday, June 28, 2007

eBay sends high-tech care package to Romanian cops

Romanian fraudsters are known as Vlads. Vlad Tepes, a Romanian prince, was the inspiration for the original Dracula story. Interestingly enough, some Romanians consider him a a folk-hero, who drove away invading armies. Photo courtesy of Flickr.

We hear a lot about Romanian organized crime being involved in fraud on auction sites. They are also well known in the world of payment (credit/debit) card skimming.

One of the more infamous Romanian fraudsters goes by the name of Vladuz. Vladuz openly mocked eBay for awhile, publically hacking the site and creating an uproar, but he seems to be laying low, recently.

Apparently, eBay is now providing Romanian law enforcement with technical resources. Ed Sutherland (AHN News) reports:

EBay is assisting Romanian law enforcement to detect and stop fraud targeting losing auction bidders. For months, the auction giant said a large portion of online fraud was coming from the Eastern European nation.

First noticed in 2005, criminals in Romania are taking advantage of a gap in the tech knowledge of local police to prey on eBay users that are outbid in auctions.

"The fraudster can see that a user that didn't win was prepared to spend $145 on a particular item," Matt Henley, part of eBay's Fraud Investigations Team, told The fraudsters knew most people used their email account name for their eBay username. The criminals would contact the losing bidder by email away from eBay, offering a second chance to obtain the item.

Since uncovering the fraud, eBay began hiding user names when bids exceed $80.

AHN story, here.

Here is a post, I did on a group that fights Romanian fraud on a volunteer level (although I hear they provide a lot of useful intelligence to law enforcement, also):

Auction Fraud and the Romanian Connection is also a good place to keep up on eBay fraud happenings, or other rants about eBay. Their site can be viewed, here.

For a lot of information on auction fraud, click here.

AOL has a collection of videos showing some of the hacking/fraud activity on auction sites, here.

Tuesday, June 26, 2007

RFID sniffing could be used by spies and criminals to commit all kinds of dastardly deeds!

Dark Reading wrote about a pretty scary flaw in RFID technology this week. Apparently, it's now possible for corporate spies and even organized retail criminal types to "sniff" RFID chips in a cargo container and use the information to commit a dastardly deed.

Apparently, truckers will be particularly vulnerable to being "sniffed" (compromised). Of course, if you use a little imagination, sniffing RFID might put more than "truckers" at risk, also.

From the story in Dark Reading:

That means your competitor could use this information for intelligence purposes. "He could get an idea of what you are shipping and how much, and how often," Perrymon says, adding that an attacker could also write to those tags, either disabling or changing them if you don't apply the proper authorization and passwords to your EPC system. That's PacketFocus's next step in its research.

And sniffing the truck's payload could also provide criminals with intelligence they wouldn’t otherwise be able to get very easily, thus helping them target their holdups or other heists, he says. "Unless they had a lot of inside information, they don't have enough information to rob that truck. Now they can scan it if it's not secure -- they don't want to rob that toilet paper truck, but if it's got plasma TVs with surround sound, [that's their] target."

RFID has been pushed by retailers, such as Walmart, and the military (not mentioned in the Dark Reading article). The Department of Defense now uses RFID to monitor it's supply management system.

Stealing shipments of plasma TVs is one thing, but on a personal level, I'm a little more worried about how some of this technology might be used by those with more sinister intentions than stealing high-tech merchandise.

So far as the passwords mentioned in the article -- easily compromised by the Packet Focus folks, they can be made more secure -- but passwords are hacked by software and more social methods, fairly frequently.

All it takes is one dishonest person with access to one, or even a honest person, who is tricked into giving up one to compromise an entire system.

Hacking for Dummies has an interesting write-up on how passwords are hacked, here.

Besides that, the bad guys are always coming up with new exploits to defeat security fixes.

Interestingly enough, according to Wikipedia, RFID's predecessor was invented by a Soviet inventor as a tool to commit espionage. It also was used the World War II era for a lot of military applications.

Perhaps, in this case, history (or the original intent) should give us a little perspective on RFID?

In the recent past, government experts have seen China show an interest in stealing (hacking) logistics (supply) information. Here is a post, I wrote about that:

How Dangerous is China

Dark Reading's interesting article, here.

I've written a few posts about RFID and it's potential abuses, which can be seen, here.

Dark Reading got it's information for the article from PacketFocus Security Solutions, which is a company that performs what is known as "ethical hacking" for the public at large. Ethical hacking is where good guys test vulnerabilities in technology to stay ahead of the bad guys.

There might very well be some useful applications for RFID, but we need to slow down, and consider the safety implications before continuing to have this technology take over our daily lives.

It's not worth the money a very few people are making off it!

Sunday, June 24, 2007

ID Theft Victim puts her Evil Twin back on probation in San Francisco

San Francisco's Hall of Justice

Identity theft victims often get pretty frustrated after being accused of being deadbeats by collection agencies, or even being charged with a crime they didn't commit.

Trying to seek justice seems to do little good, either. Law enforcement rarely has the resources to investigate individual cases, unless an identity thief is caught "red handed."

Mike Weiss (San Francisco Chronicle) did an interesting article about a victim (Karen Lodrick), who caught her evil twin, Maria Nelson.From the Chronicle story:

The only other time Lodrick, a 41-year-old creative consultant, had seen that particular coat was on a security camera photo that her bank, Wells Fargo, showed her of the woman who had stolen her identity. The photo was taken as the thief was looting Lodrick's checking account.

Now, here was the coat again. This woman -- a big woman, about 5 feet 10, maybe 150 pounds -- had to be the person who had put her through six months of hell and cost her $30,000 in lost business as she tried to untangle the never-ending mess with banks and credit agencies.

During the pursuit -- Karen confronted Nelson, who had noticed she was being followed -- asking her to wait until the Police arrived. Nelson informed her she couldn't wait for the Police because she was on probation.This might be one of the more honest statements Nelson has made in the recent past.

In fact, Nelson has eight previous convictions for fraud, and is on probation for one of them! She also had a warrant for her arrest in Yolo County, which is about 2 hours North of San Francisco.

Shortly after this confrontation, Nelson dumped a wallet in a trash can. Here is what it had inside:

In front of West Coast Growers, she dropped a wallet into an abandoned shopping cart. Lodrick, still after her, picked up the wallet -- also Prada -- and found an entire set of identification, including credit cards, a Social Security card and a debit card all in the name of Karen Lodrick.

Later, when she returned to the bank that had been her original destination that morning and took possession of the lost driver's license, it was a perfect forgery -- with a hologram and a California seal -- and it had Lodrick's name but Nelson's photo and physical characteristics.

Because of Karen's individual efforts, the San Francisco Police responded, and Nelson was apprehended.

Eventually, she was convicted, but this probably did little to give Karen satisfaction for everything she went through.

At her sentencing, Nelson showed little remorse, smirking and waving at Karen. And why not, despite her long criminal record, Nelson received 44 days (time already served) and yet (another) three-year probation.

Karen was able to make a statement at Nelson's sentencing, where she said:

I can't believe it. I went through six months of hell, and she's going to get probation? She was on probation when she victimized me. Obviously, probation's not helping.

Chronicle story with more detail, here.

It's pretty obvious why Nelson was smirking, committing identity theft is relatively easy, the consequences are pretty lacking, and it pay's well.

So far as the ease common criminals can obtain all sort of counterfeit identification documents, I have a lot of information how bad a problem this is, here.

The abuse and lack of controls on certain technologies have made counterfeiting pretty easy to accomplish. Likewise, the ease in with credit is issued, makes committing identity theft a pretty lucrative venture.

I did a post about how easy it is for criminals to use someone else's credit, here.

Where do you think the millions of illegal immigrants get the necessary documentation to obtain employment?

Of course, illegal immigrants aren't the only people using these documents.

Counterfeit documents are distributed by organized crime gangs, who sell them to ANYONE with the money to buy them.

As long as the consequences for identity theft remain minimal, we are going to see a lot of good people like Karen, go through hell.

When are laws going to start protecting the people, paying all the taxes to enforce them?

Collection agency and security company try to scam African government by stealing a corporate identity

Collection agencies don't make money by being nice people. Here is a story about how one of them wasn't very honest, either.

I found this interesting story from a press release, courtesy of the FBI website:

Late last month, we helped wrap up a case that took identity theft to a whole new level: one company trying to steal $23 million by pretending to be another company.

It was made possible by a remarkable coincidence: two private security companies with nearly identical names. One of the firms, based in Michigan, was named Executive Outcome Inc. The other, based in South Africa, was called Executive Outcomes Inc.

The criminal maneuvering began in late 2001, when a British debt collector called the Michigan-based Executive Outcome, run by Pasquale John DiPofi. The collection agency asked if DiPofi wanted help collecting $23 million owed by the government of Sierra Leone for military equipment, security, and training.

One slight problem. The millions of dollars weren't owed to DiPofi's company. It was owed to the other firm, Executive Outcomes, a half a world away.

At this point, the greed element took over, and they attempted to deceive the government of Sierra Leone into paying the wrong company.

FBI press release, here.

Saturday, June 23, 2007

Data compromise in Ohio reveals the need to be more proactive in protecting information

The practice of sending computer back-up tapes containing a lot of personal/financial information home with interns went on for 2-3 years at a government office in Ohio, according to an article in the Columbus Dispatch.

The Columbus Dispatch is reporting:

In fact, it appears that the former technical manager for the Ohio Administrative Knowledge System didn't use regular state employees -- only two or three interns besides himself -- to take the data home on a rotating basis for safekeeping, said Ron Sylvester, a spokesman for the Ohio Department of Administrative Services.

Apparently, this was part of a security policy, to safeguard the information from fire, or some sort of other disaster.

According to a state policy that officials said was last updated in April 2002, two backup copies were to be made each day of the data in the state's $158 million payroll and accounting system, known as OAKS. The current day's backup tape was to be maintained on site in the network administrator's office, and the previous day's backup tapes were to be taken to the network administrator's home in case of a fire or other disaster at the office.

My question is, can they account for all of these tapes, made daily?

If two tapes a day were made, this would equate to anywhere from 730 to 1095 tapes, at this one agency. If these tapes were routinely backed up and taken home, it wouldn't be hard to make extra copies and not return them.

Of course, someone with the proper knowledge and expertise probably wouldn't have a hard time copying them away from the office, either.

In response to this, the State of Ohio has hired a security firm to look into this matter.
The panel also earmarked up to $100,000 for Interhack Corp. of Columbus to assess the security of the new state accounting setup and to verify that state officials have identified all important data that have been stolen.

Curtin, the founder of Interhack, said it would take time, expertise and money for someone to read the tape. Because the state has notified those whose personal data may be affected, it would be difficult for a thief to use the information, he argued.

"So at this point now, if somebody tries to use the data, they're going to be found out pretty quickly," he said.

According to this report, the data wasn't encrypted, therefore (in theory) it might be not very hard to access it. If the data were encrypted, it would take expertise and money, but it still could be accomplished by someone with the necessary knowledge and ambition to do so.

Organized criminals, who deal in stolen information, have been reported to hire experts, who probably have this "knowledge and expertise."

Even scarier, Mr. Curtin also revealed that this probably wasn't the only agency sending information home:
Curtin said the practice of sending backup data home with employees is fairly common because of the cost involved in hiring a company to do it or using another facility.
Mr. Curtin is probably right that this particular information won't be used anytime in the near future. Criminals would rather use information, nobody knows has been breached. They make (steal) a lot more money that way.

I'd be more worried about information, which might have been easily compromised, that no one knows about yet.

We can all learn something from what happened in Ohio and the key is to start being proactive about how we secure valuable information.

Reacting costs a lot of money, and does little, to solve to overall problem.

Revealing article by the Columbus Dispatch, here.

My original post on the Ohio Data breach, here.

Here is a post about people with the necessary knowledge and expertise to access (hack) information being recruited by organized criminals making a lot of money with stolen information:

IT Students Aren't the Only Human Resources that Internet Criminals Desire

Wednesday, June 20, 2007

FTC name impersonated to phish (steal information) from corporate executives

Spammers love to impersonate official agencies to hook their victims (phish). Recently, the attacks have become more specific targeting people by name, and or title. Here is a warning from the Federal Trade Commission (FTC):

Consumers, including corporate and banking executives, appear to be targets of a bogus e-mail supposedly sent by the Federal Trade Commission but actually sent by third parties hoping to install spyware on computers. The bogus e-mail poses as an acknowledgment of a complaint filed by the recipient, and includes an attachment. Consumers who open the attachment to this e-mail unleash malicious spyware onto their computer. The agency warns consumers who get this e-mail that purports to be from the FTC:

Don’t open the attachment.
Delete the e-mail.
Empty the deleted items folder.

The hoax e-mail is personalized, and contains the name of the recipient and their business. The bogus message explains how the complaint will be used, who will have access to it and states, “Attached you will find a copy of your complaint. Please print a hard copy of the complaint for your records in the upcoming investigation.” Opening the attachment downloads the malicious spyware.

The press release doesn’t specify exactly what the malicious spyware is.

Recently, the IRS and Better Business Bureau names were being used in a similar manner. In this attack, corporate executives were being specifically targeted, also. This type of attack is known as spear phishing.

Here is a post on the attack spoofing (impersonating) the IRS and BBB:

Spear phishermen target executives to steal company information

FTC release on this attack, here.

Sunday, June 17, 2007

How does a telemarketer get your unlisted number?

Ever get the idea that the credit bureaus enable a lot of problems, we now face with data-breaches, identity theft and the ever increasing loss of our personal privacy?

One of the main ways they make money is by selling your personal and financial information.

Read a good one on Pogo was Right (WE HAVE MET THE ENEMY AND HE IS US):

Terry Wyatt called his mortgage broker one morning about refinancing - and within hours began getting calls from other brokers and lenders he's never heard of.

... So how did brokers and lenders as far away as New York and Florida know - and know so fast - that Wyatt wants to refinance? Thank the credit bureaus.

When a lender or broker checks someone's credit report, it signals that person is in the market for a mortgage or to refinance. The credit bureaus turn around and sell that contact information to others in the mortgage business looking for leads.

Source - L. A. Times

PogowasRight is a good read for anyone interested in keeping up with privacy issues.

One way to stop the number of times your information is sold is to "opt out."

Information on how to opt out from unsolicited credit offers from places you already do business with, here.

Information on how to opt-out from places you don't do business with, here.

If you do not opt-out with places you already do business with and respond to their privacy notices (interesting way to classify them), they can and will sell your information. Of note, some of these notices are hard to respond to, or even understand what they actually say.

Here is a post, I wrote, which explains this further:

Warning if you don't open (and respond) to snail mail from American Express, they will sell your personal information!

You can opt out from telemarketing calls (one of the end results of your information being sold), here.

Saturday, June 16, 2007

Will counterfeit Visa Traveler Cheques be the latest bogus financial instrument spread in Internet Scams?

(Photo courtesy of Flickr)

Counterfeit Visa Travelers Cheques -- so far seen in $500.00 denominations -- are starting to appear in different parts of the United States.

In the past few years, counterfeit U.S. Postal Money Orders, MoneyGram Money Orders, and American Express Gift Cheques have all been circulated by Internet fraud activity.

If history repeats itself, we will see counterfeit Visa Travelers Cheques show up outside the United States, also.

These instruments have been passed in a lot of work-at-home (job) scams. They are also passed in secret shopper, romance, lottery and auction scams.

These advance fee (419) type scams all have a common theme. A lure (scam) -- which plays on greed is offered to entice someone into cashing these items -- and wiring the money back to the fraudster behind the scheme.

The lure (scam) is always too good to be true and makes no sense.

Since it is against the law to pass a counterfeit financial instrument, people are sometimes arrested when they present these items. Even if they aren't arrested, they are held liable, when the fraud is discovered.

Unfortunately, banks often give credit to their customers on these items. Tellers have even told their customers the items are legitimate, which doesn't make any difference (for the customer) when they return. Of course, the bank isn't liable for any of this.

These items are also being presented to merchants. Retail criminals use them to purchase items, get the balance in cash, then refund the merchandise. Of course, if they are unable to refund the items, they will probably try to get gift cards or fence the merchandise. There is a lot of stolen merchandise being fenced (pretty easily) on Internet auction sites.

Intelligence indicates these many of these items are being printed overseas, then distributed in bulk, worldwide. Once received in bulk, they are broken down and distributed to the criminals, who then use them in the manners listed above.

Visa recommends that you do the following to verify if one of the Travelers Cheques are real:

Can you see a watermark in the cheque?

Can you see the holographic thread embedded in the cheque?

Is the customer present?

Have the cheques been countersigned in your presence?

Does the original signature match the countersignature?

Has valid identification been presented and the details recorded along with the customer name on the back of the cheques?

If you are suspicious, you can call them at 1-800-227-6811 to verify an item. This can also be done on-line, here.Visa also has a good interactive tool to identify the security features of the Visa Travelers Cheque, here.

Here are some of my previous posts on counterfeit instruments circulating via the Internet:

Counterfeit MoneyGram Money Orders being passed via Internet Scams

Counterfeit Cashier's Checks Fuel Internet Crime

American Express Gift Cheques Being Circulated in Internet Scams

Counterfeit Postal Money Orders Showing Up in IScams Again

Ohio data breach reveals how "not very secure" personal information is

I discovered a long time ago, it would be pretty hard to keep up with all the data-breaches. After all, they seem to happen with alarming frequency.

The most recent blunder, enabled by a State of Ohio security procedure, illustrates how not very secure a lot of personal information is.

Stephen Majors of the AP (courtesy of Forbes) is reporting:

A 22-year-old intern was given the responsibility of safeguarding the personal information of thousands of state employees, a security procedure that ended up backfiring.

The names and Social Security numbers of all 64,000 Ohio state employees were stolen last weekend from a state agency intern who left a backup data storage device in his car, Gov. Ted Strickland said Friday.

Interesting, a security procedure that backfired?

The AP story gives more details on this:

Under protocol in place since 2002, a first backup storage device is kept at a temporary work site for a state office along with the computer system that holds all the employee information, and a second backup device is given to employees on a rotating basis to take home for safekeeping, officials said
I guess this means that rotating employees have the ability to take this "storage device" home -- and if any of them happened to be dishonest -- it wouldn't be very hard to make a copy. Information is bought and sold by data-brokers, and criminals, alike. The reason for this is because it makes them a lot of money.

Of course, the official spin artists, aren't stating exactly what the device is. The Police report states that it's worth about $15, which isn't very expensive, and therefore probaby isn't very secure (my guess).

Governor Strickland was quoted in the article as saying:

"I don't mean to alarm people unnecessarily." "There's no reason to believe a breach of information has occurred."
Sadly enough, this might make sense -- when information is protected like this, it probably could have been copied long ago -- and no one would know any better. It wouldn't be necessary to go through all the trouble of breaking into a car to steal it.

With security like this, the information could have been compromised a long time ago.

Governor Strickland's site, which offers the "official spin" and free identity theft protection for the most recently "compromised," can be seen, here.

AP Story, here.

The Privacy Rights Clearinghouse and do have people, who have the time to keep up on all the data-breaches, in case anyone wants to take a detailed look at the problem.

This information is worth money, here is a post about how it is being sold right on the Internet:

Information Week exposes the Internet Underworld

Insider theft is nothing new, and should be a concern when protecting information. As long as information is worth a lot of money, insiders will probably be solicited for it. Here is a post, I wrote about this matter:

Why it's become TOO easy for restaurant workers to skim payment cards

Thursday, June 14, 2007

Counterfeit (knockoff) Colgate Toothpaste from South Africa is Toxic

When the FDA first reported toxic substances in off-brand toothpaste coming from China, it was bad enough. Now counterfeit Colgate toothpaste with the same toxic substance (DEG) is being imported from South Africa.

Some of this counterfeit Colgate toxic toothpaste has been found in "dollar type" stores in the United States.

Reuters is reporting:

Colgate-Palmolive Co. on Thursday said counterfeit "Colgate" toothpaste that maycontain a toxic chemical had been found in discount stores in four U.S. states.

"There are indications that this product does not contain fluoride and may containdiethylene glycol," the company said in a statement.

Colgate-Palmolive said it does not use, nor has ever used, diethylene glycol as an ingredient in its toothpaste anywhere in the world. The chemical, known as DEG and sometimes illegally used as an inexpensive sweetener and thickening agent, is commonly found in solvents and antifreeze.

The four states, where this has been found are:

New York, New Jersey, Pennsylvania and Maryland. It can be recognized because it is labeled as being manufactured in South Africa, and the company does not import toothpaste to the United States from South Africa.
Reuters story, here.

The FDA issued a press release about this issue, here.

Counterfeit merchandise is a $600 billion a year problem. Besides, financial impact, the trade can threaten our personal safety, also!

The INTERNATIONAL ANTICOUNTERFEITING COALITION website is a great resource to learn about the issue of counterfeiting. They sum up the problem on their site when they state:

It is estimated that counterfeiting is a $600 billion a year problem. In fact, it's a problem that has grown over 10,000 percent in the past two decades, in part fueled by CONSUMER DEMAND.

The real truth is people who purchase counterfeit merchandise risk funding nefarious activities, contributing to unemployment, creating budget deficits and compromising the future of this country in the global economy.

The real truth is counterfeiters are hardened criminals, exploiting consumers, businesses both large and small, inventors and artists and children laboring in sweatshops in Third World countries.

Here is the post, I did about the Chinese toothpaste that is toxic:

The new red menace, global commerce from China

FBI roasts a few Bot-Herders, which will free up to a million Zombies

Sick and tired of all the spam filling up your inbox, despite filtering technology that doesn't seem to work very well? If you are, Operation Bot Roast is a story that might catch your interest, or if you are like me, is chicken soup for the soul.

Botnets are a primary cause for the ever increasing levels of spam. Botnets are infected computers that their masters (bot-herders) turn into zombies, spewing out spam e-mails by the millions.

These bot-herders cause a lot of us, a whole lot of grief.

The FBI press release announced yesterday:

They’re called “bot-herders:” hackers who install malicious software on computers through the Internet without the owners’ knowledge. Once the software is loaded, they can control the computer remotely. And once they’ve compromised enough computers, they have a robot network or botnet.

Some botnets are huge: tens of thousands of infected computers. Or more. As a result of Operation Bot Roast, an ongoing and coordinated initiative to disrupt and dismantle these bot-herders, we’ve identified about 1 million computers across the country that have been compromised.
According to the press release, several people have been arrested, including three of the big-time "masters."

Full story from the FBI, here.

Also contained are a lot of useful links on protect yourself -- and of course your computer -- and what to do if you think your computer was turned into a zombie.

Bot-herders have been reported to rent out their illicit networks to organized criminals by the hour.

What your computer must feel like after being turned into a zombie (Courtesy of Wikipedia).

Wednesday, June 13, 2007

San Diego Regional Fraud Task Force releases photos of suspected ATM skimmers

Devices to skim payment card information have become a big problem, whether they are portable devices used by dishonest employees at restaurants, PIN pads replaced at merchants, or devices mounted on ATM machines.

Many of the devices used recently -- use wireless technology -- and the card details are transmitted to fraudsters, normally sitting in a vehicle with a laptop.

The San Diego Regional Fraud Task Force is hot on the trail of two suspects, photographed using some of the cloned cards. Cloned cards are counterfeit devices made with the information skimmed from legitimate (credit/debit) payment cards.

Unfortunately, most of the equipment to do this, can be purchased, legally. Some of this equipment is even being sold over the Internet. Loose controls on the sale of this technology -- enables a lot of criminal activity, makes it harder for law enforcement to investigate -- and a lot of people are being victimized by it. reports:

Police are warning ATM users that scammers are using high-tech devices to steal their bank account information, including debit and credit cards numbers and personal identification codes.

Police have released photos taken from surveillance video of two suspects. Anyone with information about either man is asked to call the task force at (619) 744-2534 or the U.S. Secret Service at (619) 557-5640.

The pictures of the current people of interest in this case are featured above (to the left).

I did a post with some interesting pictures of an ATM skimming device, which are pretty educational, can be seen, here.

For other articles about payment card skimming, click here. story, here.

A lot of the skimming in the United States seems to be tied into Armenian organized crime. Glendale, which is a couple of hours North of San Diego, seems to be where a lot of this activity originates.

Maybe someone should post these pictures in the Glendale area?

Skimming device discovered at a gas (petrol) station in the United Kingdom (Courtesy of Flickr). The expression on the employee's face is worth a thousand words.

Tuesday, June 12, 2007

Just what Dad doesn't need for Father's Day - a Hallmark card with a Trojan hidden inside

This isn't the first time that malicious software is being sent disguised as an e-card, but when something works, scammers often use it, time and time, again.

Mary Landesman of is warning all of us:

The latest greeting card scam is once again targeting Hallmark. The bogus email claims "you have recieved a Hallmark E-Card!" The first tip-off for the security conscious should be the misspelled 'recieved' - it's I before E except after C (or when sounded like A as in neighbor and weigh). One would assume the prose experts at Hallmark would know their receive from their recieve - which, of course, they would. In any event, the message doesn't even read like a real Hallmark notice, which always identifies the sender by name and gives you an alternate link URL that you can copy and paste in lieu of blindly clicking a link. Why is this important? Because a real Hallmark URL doesn't point to an IP address followed by 'postcard.exe' - which the malicious link does.

Here is information on the particular trojan being delivered in these e-cards, but this could change tomorrow, or might have already. There is a lot of malicious software out there.

And just what does this latest greeting card scam deliver? Like most others, it dishes up a variant of the Zapchast Trojan. Zapchast installs an Internet Relay (IRC) chat client and causes the infected computer to connect to an IRC channel. Attackers then use that connection to remotely command the machine. And you thought forgetting your birthday was bad.

Sounds like another method of turning a computer into a zombie, which is normally used to help spread more spam. Spam is a vehicle for most Internet scams, or at the very least, questionable products.

Spam is reaching epidemic proportions, and seems to be getting past a lot of spam filters, recently. A good place to learn about, or fight spam is story, here.

Monday, June 11, 2007

Lifelock founder (Robert Maynard Jr.) resigns, while Fred Thompson takes heat for pitching the company

Kim Zetter from Wired News announced this today:

LifeLock co-founder Robert Maynard, Jr. has resigned from his position with the identity theft protection company following a story published in the Phoenix New Times about his past, which I wrote about last week. CEO Todd Davis left me a voicemail message this morning saying, "Even though we found no merit to any of the claims made by the New Times article . . . Robert Maynard has chosen to step down from the company so we don't allow any distractions or anyone have the ability to question the integrity of LifeLock and our service offering. . . . He is now no longer an executive or officer of the company as of this time."

Although, reading further, it appears Robert will still have something to do with the company:

Davis acknowledged that Maynard, Jr., still owns 10 percent equity in LifeLock and that he is launching a marketing company. When asked if Maynard will work as a contractor for LifeLock doing the same marketing work he was until now doing as a staff member, Davis said yes.

The article also revealed that Todd Davis, LifeLock's CEO -- who post's his own social security number all over the place, to market LifeLock's services -- recently became an identity theft statistic, himself.

Interesting read from Kim Zetter, here.

Meanwhile, Fred Thompson is taking heat for pitching Lifelock. Not sure if this is really fair. A lot of news organizations and other radio personalities from Rush Limbaugh to Howard Stern (strange combination) have pitched Lifelock in the past.

Why is everybody picking on Fred, and Fred, only?

MSNBC story, here.

To read the original post, I did on Lifelock, click here.

Sunday, June 10, 2007

We all could be at risk of losing our freedom and becoming the next Julie Amero

Julie Amero, a substitute teacher previously convicted of showing porn to students, is getting a new trial.

Given the evidence brought forward after the trial, I'm pretty shocked they didn't just drop the whole matter.

Stephanie Reitz of the AP is reporting (courtesy of the Washington Post):

The computer was sent to a state laboratory after the trial, and the judge said Wednesday that those findings may contradict evidence presented by the state computer expert.

"The jury may have relied, at least in part, on that faulty information," said Judge Hillary B. Strackbein, who granted the request for a new trial.

Amero has adamantly denied clicking on pornographic Web sites that appeared on her classroom's computer screen in October 2004 while she was teaching seventh-graders at Kelly Middle School in Norwich.

Not very long after her conviction, I did a post on this quoting a lot of computer security experts, such as Alex Eckelberry from Sunbelt Software. Alex and other experts in the field contend the computer in question was old, lacked firewall protection, and that spyware and adware caused the porn infestation.

Their contentions made sense to me, or should to anyone -- who has accidentially clicked on one of these sites and gone into "pop up" hell.

Illegal porn is a big problem on the Internet - very few people get caught - and it's rumored to be controlled by organized crime. The Gambino crime family has allegedly made millions of it.

Recently, I blogged about British citizens, who were wrongfully accused of viewing child pornography after their credit cards numbers were stolen. This was part of an International case, involving people, worldwide.

Those responsible for investigating crimes involving computers, and the Internet are going to have to exercise a little more "due diligence" in their investigations. Spyware, adware and identity theft (to cite a few things) are making the waters a little more murky than they used to be.

Spyware and adware are used by a lot of businesses to market products. As a matter of fact, it sometimes amazes me, just WHO is using it; considering some of the privacy concerns associated with it.

The sad thing is that if you really think about it, a lot of us could be in danger of being accused of something we didn't do. Recently, we've seen a lot of stories about identity theft victims, who like Julie, went through a lot of pain and suffering for a crime they didn't commit.

This is the very reason, we need to take a hard look at what enables this activity, or makes it too easy to accomplish.

The other thing I'll add, as a closing note -- is that we live in a society --where OJ Simpson beat a murder rap because of reasonable doubt. It's pretty sad that with all the reasonable doubt revealed in this case, Julie Amero has to face another trial to prove her innocence.

AP story (courtesy of the Washington Post), here.

Previous post from Fraud, Phishing and Financial Misdeeds, here.

The Phishermen keep using the IRS name to hook Phish (Identity Theft Victims)

Phishing has become a huge problem. Criminals (phishermen) spoof (impersonate) a brand or organization that people trust to trick people into giving up their personal, or financial information. The information is then used to steal money.

In the more sophisticated attempts, malware (crimeware) is dropped on a system that logs keystrokes, gathering even more personal information, without the computer owner's knowledge, or consent.

The phishermen have been spoofing the IRS so frequently, the IRS set up a dedicated e-mail address to report activity. The address is (follow the instructions).

The most recent version is a spam e-mail intended to scare a person into thinking they are being investigated. Here is what the IRS site is reporting:

The e-mail purporting to be from IRS Criminal Investigation falsely states that the person is under a criminal probe for submitting a false tax return to the California Franchise Tax Board. The e-mail seeks to entice people to click on a link or open an attachment to learn more information about the complaint against them. The IRS warned people that the e-mail link and attachment is a Trojan Horse that can take over the person’s computer hard drive and allow someone to have remote access to the computer.

Trojan horses are often a gateway to install malware -- sometimes referred to as crimeware -- which often includes keylogging software. The bottom line is that once installed on a computer, they have the ability to steal personal and financial details, from afar, without any additional assistance from you.

All the terms out there get confusing to non-technical people, there are some now saying, we should group some of the terms together and call it "grayware?" Another term to group some of this terminology together is "badware."

Similar technology is used for advertising and marketing purposes by legitimate businesses, also. This is often referred to as spyware and adware. The one thing they all have in common is that they are often a nuisance.

The key is to NOT even open the spam e-mails enticing you to click on their links. The best practice is to delete them. These e-mails are generated by the millions, perhaps billions by now, using automated software and botnets (other people's computers that have been taken over).

Spam filters designed to stop them from getting in your inbox, seem like they are getting less effective, recently.

Botnet owners are known to rent out their networks to other criminals for this purpose.

Sadly enough, the IRS name has been being spoofed a lot lately. Here is the extent of it:

Since the establishment of the mail box last year, the IRS has received more than 17,700 e-mails from taxpayers reporting more than 240 separate phishing incidents. To date, investigations by TIGTA have identified host sites in at least 27 different countries, as well as in the United States.

The phishermen often impersonate financial institutions, eBay, PayPal, or government agencies; such as the FBI and Interpol.

The latest alert from the IRS can be seen, here.

Saturday, June 09, 2007

The Virginia Watchdog - one woman making a difference in the war against Identity Theft

*Cartoon courtesy of the Virginia Watchdog site.

BJ (Betty) Ostergren a.k.a. “the Virginia Watchdog” is ONE woman making a difference on a daily basis. The way she makes a difference is by stopping our personal information from being plastered all over the Internet by local governments.

Most of these records have been sitting in different county offices for a long time, however in the past ten years; many of them have gone online.

These records contain everything a criminal would need to commit identity-theft -- or even scarier -- everything a more twisted person would need to track someone down with a more sinister intent than stealing money.

Since children’s information is on these sites, this information could even be used by pedophiles.

The reason this information has been placed online is because special interests have been pressuring legislators to make it easier for them to data-mine information. Data brokers have a vested interest in having this information VERY easy to get at.

They are making billions of dollars selling people’s personal information.

Data brokers sell this information to just about anyone -- as evidenced in a recent New York Times story -- where one of these brokers, InfoUSA, sold lists of information used by Internet scam artists to target senior citizens.

Smart Money did a story on BJ, which shows how this information is being made available, worldwide. Smart Money correspondent Aleksandra Todorova quoted David Bloys, a title examiner as saying:

Once a county's records are digitized, it's very easy — and incredibly cheap — for data compilers like Axciom and DataTrade to purchase the files and sell them to information brokers like Choicepoint, says Bloys. That's because under most states' Open Records laws, counties cannot charge more than the cost of copying the documents — which means a computer disk containing 10,000 records can be hadfor as little as a few dollars. What's more, Bloys explains, the companies that actually scan the documents for the county — the so-called wholesalers — often ship the images to foreign countries, like India or China, where outsourcers index the records much more cheaply than could be done in the United States. "[Our public information] is being distributed instantly all over the world," says Bloys.

The Smart Money article also pointed out a site, which proves this point:

To see for yourself, take a look at the web site of String Information Services, an outsourcing data digitalization and processing company in India, which boasts of its ability to provide you or your business with "online access to [lien and judgment] records of more than 200 counties."

BJ was kind enough to spend a little time with me and demonstrate exactly what she is talking about. We got on the Internet together, and she was able to find a lot of personal information on people I know in the greater Washington D.C. area (Maryland Suburbs).

BJ has been able to access a lot of people’s personal information on these sites. Some of the people's information she has found include politicians, crime fighters and celebrities. Personal information on Wolf Blitzer, Donald Trump, Rudy Giuliani, Jeb Bush, Colin Powell, Leonardo DiCaprio and Robert De Niro - to name a few - have all been found online by BJ.

There is little doubt all of us are at risk when personal and private information is available to anyone, but some are at more risk, than others.

BJ was quoted in the Washington Post as saying something, which should scare all of us:

Don't you think if I can get Tom DeLay's Social Security number . . . that some guy in an Internet cafe in Pakistan can, too?" she asks, her voice rising with indignation. "It's just ridiculous what we're doing in this country."

This struck me as particularly chilling, in the post 9-11 world. Think about what a terrorist, or other fiend could do with some of this information, which can be accessed by anyone!

To me, BJ is a real American hero and deserves of all of our support. She is not compensated in any manner for what she is doing, and has spent a lot of her own money on this NOBLE effort. She also spends a lot of her PERSONAL TIME letting people know they are exposed.

Although, this story is being covered in a lot of places -- including this humble blog -- there are some, who think she should be featured on a big show like Oprah.

Bill O’Reilly lobbied long and hard to get on Oprah, and she finally put him on. This is an important story, perhaps Bill should consider doing a segment on the Virginia Watchdog, also.

Recently, Oprah did a show about Internet fraud, after her name was being used in some Internet scams. There is little doubt that the Internet has enabled a lot of fraud, making it too easy to do with the click of a mouse from just about anywhere.

You can write Oprah to ask her to put BJ on her show, here.

BJ's site, which has a ongoing chronology of her efforts, can be seen, here.

The Smart Money article, I quoted can be viewed, here.

Tuesday, June 05, 2007

Spear phishermen target executives to steal company information

Shamus McGillicuddy of CIO News highlights an interesting fact, which is you never know, who is going to fall for a phishing scam.

The phishermen normally send out a lot of bait (spam) in the hopes of hooking a few phish.

Shamus writes:

Over the last week and a half, spam messages purported to be from the Internal Revenue Service and the Better Business Bureau have been specifically targeting senior-level corporate executives with phishing scams.

Experts say these targeted phishing attacks, sometimes called "spear phishing," are nothing new, but they illustrate that spammers are getting more adept at targeting sophisticated email users who have access to the most sensitive data within their companies.
Spear phishing is simply a more focused form of phishing, which uses more personal touches, such as a person's real name, and or title.

With all the information plastered over the Internet, or available for sale; it isn't hard for phishermen to get what they need (personal information) to go spear phishing.

Many private companies and government organizations recognize the danger phishing poses in the workplace. To counter this, and raise awareness; they are phishing their own employees.

Recently, I did a post about this, which revealed more employees fall for this, than many would like to admit:

Technology alone isn't going to stop phishermen and other cyber ghouls on the Internet

There seems to be more and more phishing out there, which might be inspired by DIY (do it yourself) kits being sold over the Internet. DIY kits make it easy for not very sophisticated criminals to become expert phishermen.

The only good news about phishing is that with a little awareness, most people can spot this activity, because the phishing ploy doesn't make much sense, or is too good to be true.

CIO News story, here.

BBB Alert, here.

IRS Alert, here.

Merchants demand their rights from the payment (credit/debit) card industry!

Not very long ago, credit and debit (payment) card fraud was considered a cost of doing business. With carder forums and data breaches, the cost of payment card fraud has reached billions of dollars, and merchants, especially smaller ones, are being impacted in a negative manner.

There seems to be a looming battle on the horizon over, who is going to pay for all the fraud. Recently, in light of the TJX breach, legislation was introduced to charge more of the costs off to merchants.

Merchants have always been charged for a lot of fraud in the form of chargebacks. When I saw the proposed legislation, my first thought was how it would impact the smaller merchants, pretty harshly.

Additionally, merchants aren't only becoming more alarmed by fraud, but also by a perception that current fee structures are unfair, and deceptive. Interestingly enough, a lot of consumers feel the same way, also.

Today, I read an interesting press release about a movement to adopt a "Merchants Bill of Rights."

Recently, supporters of this bill did a survey of merchants, where they discovered:

  • Only 26 percent of participants believe they are being treated fairly by the debit/ credit/prepaid card processing industry.

  • Only 32 percent understand unfair card processing practices and how they impact their business.

  • Only 21 percent understand the rates, fees and surcharges they pay.

  • Only 15 percent believe they are charged the same as larger businesses.

The survey was sponsored by Heartland Payment Systems, who processes payment card transactions and payroll.

Heartland's CEO and Chairman, Bob Carr stated:

It’s clear that many owners of small and mid-sized businesses don’t understand the complexities of card acceptance. Yet, card acceptance is often one of the three largest expenses they incur. Business owners need to educate themselves so they can manage these costs. What they don’t know may be hurting their bottom line.

According to the press release, the bill of rights promotes fairness and transparency in card processing by identifying 10 fundamental rights:

The right to know the fee for every card transaction – and who’s charging it.

The right to know the markup of Visa and MasterCard fee increases.

The right to know all Visa and MasterCard fee reductions.

The right to know all transaction middlemen.

The right to know all surcharges and bill-backs.

The right to a dedicated local service representative.

The right to encrypted card numbers and secure transactions.

The right to real-time fraud and transaction monitoring.

The right to reasonable equipment costs.

The right to live customer support 24/7/365.

The effort has a home page, which can be viewed, here.

The page has a video for merchants to see if their rights are being violated, here.

The Association of Certified Fraud Examiners recognizes that small businesses suffer greater losses than larger ones do. I did a post on this subject, with the some tips on how to avoid becoming a victim, here.

In January, I did a post about how both consumers and merchants are calling for some reforms:

Congress needs to take a hard look at credit practices

In this post, I mentioned the Merchant's Payment Coalition, which is calling for greater oversight on some of this. Their page on unfair credit card fees can be viewed, here.

Even if you aren't a merchant, the truth is that these costs have to be passed off somewhere; otherwise merchants would go out of business. Who do you think ultimately pays for all this?

Monday, June 04, 2007

Is LifeLock an identity theft protection service people can trust?

Ray Stern, of the New Phoenix Times, published a scary story about an identity theft protection service, called “LifeLock.”

The article suggested that LifeLock was founded on stories that are questionable, and run by a Robert Maynard Jr., who seems to have a few skeletons hiding in his closet.

Not all identity theft services are 100 percent effective, or worth the money they charge (my opinion). Many require their customers to surrender all the same personal information a criminal might use, which will be stored in a database.

Databases are targeted by common thieves, hackers, and even dishonest insiders for their personal and financial information. Even if the information is protected, all it takes is one person with access, or who is tricked into giving up their access to compromise it.

Besides being stolen, information from data bases is bought and sold, frequently. It's a billion dollar business, itself.

Another problem is that even the best computer security can be compromised and has to be updated, frequently. Even encryption can be compromised by someone, who has the time and necessary knowledge to do so.

Many of these services require that their customers provide them with a power of attorney. Couple a person’s complete personal and financial information with a power of attorney – and a lot of subsequent damage can occur.

A lot of people are trying to make money off the current identity theft phenomenon. When choosing any service the term, "caveat emptor," or "buyer beware," certainly applies.

Robert Maynard Jr. is a person making a lot of money from the identity theft phenomenon, but should people trust his service? Before coming up with LifeLock, he was banned from ever working in the credit industry. Here is what the New Phoenix Times article said about this:

His credit-repair company was shut down by authorities in the early 1990s for false advertising and deceptive practices. Forced closure means that a federal court order has banned Maynard from working in the credit-repair industry — forever.

The FTC judgement against Maynard and his business partners can be read, here.

Maynard is fond of telling a story, where he was the victim of identity theft. He claims this experience gave him the inspiration to start LifeLock. BUT the story of how someone else used his identity to take out a $16,000.00 marker at a casino isn’t very credible.

The New Times interviewed Bernie Zadrowski of the Clark County District Attorney’s Office about this story.

Here is what they quoted Mr. Zadrowski as saying, which is a lot different from the story Robert Maynard Jr. uses to sell his identity theft service:

Not once did anybody ever suggest, in this particular case, that this was a case of stolen identity," he says.

Maynard never filed a police report for identity theft, or it would be part of the D.A.'s office file, Zadrowski says.

"The only call we received while he was in jail was from his girlfriend. She wanted to know how to get him out of jail," he says.

Zadrowski pulled the Arizona driver's license submitted to the casino by the person who took out the loan and e-mailed a copy to New Times.

Although the resolution quality is poor, the man in the picture looks like Maynard.

Zadrowski says the man pictured is Maynard.

There is also the matter of an American Express Card, taken out in Robert Maynard’s father’s name (Robert Maynard Sr.), but sent to a previous business address of Robert Jr., himself.

Here is what the New Times article has to say about this matter:

Records show that someone with Maynard Sr.'s personal information ordered the card. But that someone didn't have the bills sent to Maynard Sr.'s home. Instead, the bills went to a company called Netshield, at a Phoenix address used by one of Maynard Jr.'s former firms.

Though Maynard Sr. says he never asked for the card, he settled with the company. Coincidentally, Maynard Jr. has $170,000 in debt to American Express listed on his 2005 bankruptcy paperwork — and his father is named as a co-debtor.

If Maynard Jr. ordered the card using his dad's data, without his dad's knowledge, that would make him — you got it — an identity thief.

Apparently, Maynard has been able to sell his victim story numerous times to the mainstream media and pays bloggers to write about him.

During one attempt by the New Times to interview him, Maynard backed out at the last minute, claiming he had to meet with shock jock Howard Stern to discuss advertising. Maynard does take out advertising on Stern's show, among others, but Ray Stern (New Times) noted that his office appeared to have been vacated minutes earlier.

To date, there have been no complaints of wrongdoing at LifeLock, but if you read the New Times article, it would make someone like me think "long and hard" before handing over my money and information to them.

There are a lot of identity theft services out there. Most of them including LifeLock offer services that most of us could do by ourselves, if we had the knowledge.

Simply stated, the reason identity theft gets worse all the time -- is because of too much information is being bought and sold -- then maintained in too many (some not very secure) different places. The more places your information is stored, the more likely you are to become a victim.

New Times article, here.

Saturday, June 02, 2007

The new red menace, global commerce from China

You would think that we would have learned by now that products from China can be DANGEROUS for a variety of reasons.

Most recently -- our pets were poisoned and millions of dollars of products were pulled off shelves -- after it was discovered that pet food imported from China contained poisonous substances.

Washington Post article on this, here.

The FDA is NOW warning that they are putting antifreeze in oral hygiene products.

I guess poisioning our pets wasn't enough?

From the FDA alert:

FDA has identified the following brands of toothpaste from China that contain DEG and are included in the import alert: Cooldent Fluoride; Cooldent Spearmint; Cooldent ICE; Dr. Cool, Everfresh Toothpaste; Superdent Toothpaste; Clean Rite Toothpaste; Oralmax Extreme; Oral Bright Fresh Spearmint Flavor; Bright Max Peppermint Flavor; ShiR Fresh Mint Fluoride Paste; DentaPro; DentaKleen; and DentaKleen Junior. Manufacturers of these products are: Goldcredit International Enterprises Limited; Goldcredit International Trading Company Limited; and Suzhou City Jinmao Daily Chemicals Company Limited. The products typically are sold at low-cost, “bargain” retail outlets.

In case, you have used any of these products, the FDA recommends that you advise them in this manner:

Consumers can report adverse reactions or quality problems experienced with the use of these products to FDA's MedWatch Adverse Event Reporting

(800) 332-1088

FDA news release concerning this, here.

My question is, given all this, maybe we should ban all commerce from China! The cheap prices aren't worth it. Perhaps, a little consumer mistrust, along with goverment sanctions might rectify this situation?

Other problems caused by free trade with China are counterfeit goods (including medicine), rogue websites (Internet fraud) and their army of hackers stealing everything from money to industrial and military secrets.

If you would like to read about other issues, I've written about, which are caused by "free commerce" with China, link here.

Do the record profits in the oil industry make sense?

Gas prices have gone over $3.00 a gallon for most of us, and seem to rise whenever there is an anticipated emergency, whether it actually happens or not. I've long been an advocate of the "does it make sense theory” and prices being raised for emergencies that never actually happened, DOES NOT, at least to me.

Meanwhile, billions of our dollars and human resources (young men and women) are being used to protect the area, where a lot of our oil comes from.

I've never figured out why our tax dollars are being used (seemingly without charge) to protect a few people, who have a lot of money to throw around. All we seem to get in return is higher prices, and dangerous people, we need to protect ourselves from.

Most of the terrorists in the 9-11 attacks were not from Afghanistan, which has little oil. In fact, most of them, including the mastermind still at large; come from one of these countries, using our resources to protect it.

It costs us a lot of money, and our brave young men and women to provide them protection. To me, it would make sense that those, who are enjoying our protection, showed their appreciation a little more.

But all our oil doesn’t necessarily come from these foreign lands we are paying to protect. Is there a common denominator to all this? The oil companies are sharing in the RECORD profit taking, also. These companies are largely owned by Americans, and other Westerners.

If the oil industry is so prone to dangers, it doesn't make sense that they are making more money than anytime in history? Based on their record profits, it doesn't seem to be hitting their bottom lines.

It does seem to be hitting the bottom lines of everyday American households, as well as, other industries, which will have to pass the costs off to everyone in the form of higher prices.

Recently, Walmart announced their sales are going down because people don't have as much disposable income to spend. A lot of everyday Americans shop at Walmart. I'm using Walmart as an example, but they aren't the only large business beginning to see this trend.

Wikipedia mentions this in their analysis of oil price increases in the past few years, here.

Personally, I'm an advocate of getting rid of the industry by exploring alternative energy sources, but until we get there, perhaps the little guy should get a fair deal?

The People's E-Mail network is sponsoring a drive to let our legislators and newspapers know that it's time to conduct an unbiased investigation to determine if their is any foul play connected with the current pricing structure, which is making a few people very rich.

John Edwards, a presidential candidate, has also called for an investigation of the industry. AP story, courtesy of Yahoo News, here.

It would be nice to see him get some support on this, preferably of the bipartisan type. Maybe it's time to make sense of a situation of a phenomenon that DOES NOT to a lot of us?

The way to do that is to investigate the problem, or discover the truth. If there is no fraud, then the oil industry should have nothing to fear.

You can let your elected representatives and local press know how you feel about this, here.

Criminals scam military families using the Red Cross name

Identity thieves have no honor. They don't care if they steal from our grandparents, or the families of those, who protect all of us by putting themselves in harm's way.

Here is a particularly ghoulish scheme reported on the Red Cross site:

The American Red Cross has learned about a new identity theft scam targeting military families:

The caller (young-sounding, American accent) calls a military spouse and identifies herself as a representative from the Red Cross. The caller states that the spouse's husband (not identified by name) was hurt while on duty in Iraq and was medevacuated to a hospital in Germany. The caller stated they couldn't start treatment until paperwork was accomplished, and that in order to start the paperwork they needed the spouse to verify her husband's social security number and date of birth. In this case, the spouse was quick to catch on and she did not provide any information to the caller.

Just to set the record straight - the Red Cross doesn't notify family members when this happens!

Not sure, where the identity theft ghouls are getting their lists to target military spouses? The Red Cross stated in their press release that the family member isn't identified by name, but this might have changed by now. Recently, I read a story from the New York Times, where a well known data-broker (InfoUSA) was selling marketing lists of senior citizens, known to gamble on the Internet, to lottery scammers.

I’m guessing that data brokers sell telephone lists to market goods and services to the military, also.

Not only are these blood suckers stealing information to enrich themselves, they are also putting military family members through a lot of personal grief, unnecessarily! Imagine what a call like this does to the family member, who receives it!

Red Cross press release, here.

Red Cross main page, here.

These are people that do a lot of good for other people, when they need it!