Monday, August 06, 2007

Bizzare site asks viewers for money to keep a bunny from being butchered!

I was reading the Sunbelt blog, written by Alex Eckelberry and came across a post he did on a bizzare and pretty sick website.

In Alex's own words:

save-me-please(dot)com is a site dedicated to saving a bunny.

We have no idea what this is odd thing is: A joke, a hoax. Or a scam.



The whole intent of the site is to get a person to pay to save the bunny.



You can view the Sunbelt blog's entire presentation, here.

Paying to save the bunny isn't recommended and as Alex aptly states, one of the videos depicting a rabbit being skinned is "enough to make you a vegetarian."

This blog, according to a study Jonathan Edwards at Yankee Group has "mojo."

I can see why it does, besides providing a lot of great information, it tends to keep the interest of the people, who read it!

The Sunbelt blog is also an excellent place to keep up on, or learn about computer (information) security issues.

Sunday, August 05, 2007

Will Social Security number verification slow down illegal immigration?

Employers will soon have to take action against employees, who have a Social Security number that doesn't exist, or doesn't match the name associated with it. In the past, they were able to ignore the fact that these types of discrepancies existed.

With statistics showing that employee fraud and abuse cost corporations billions of dollars, it's amazing that employers would ignore that the person they have working for them might not be, who they claim they are.

DHS (Department of Homeland Security) has already provided a SSN validator for employers to use, which shows, whether or not the number was ever issued. The problem is that it doesn't show who the number belongs to.

As I blogged in a earlier post, this has led to more and more cases of illegal immigrants stealing real people's numbers to maintain their employment. The posts also explains how employers could already be doing more to verify, who their employees really are.

Over the weekend, the issue hit the news again.

Suzanne Gamboa and Anabelle Garay of the AP report:

WASHINGTON (AP) -- Employers across the country may have to fire workers with questionable Social Security numbers to avoid getting snagged in a Bush administration crackdown on illegal immigrants.

The Department of Homeland Security is expected to make public soon new rules for employers notified when a worker's name or Social Security number is flagged by the Social Security Administration.

The rule as drafted requires employers to fire people who can't be verified as a legal worker and can't resolve within 60 days why the name or Social Security number on their W-2 doesn't match the government's database.

Employers who don't comply could face fines of $250 to $10,000 per illegal worker and incident.

AP story, here.

We've already seen an increase in stories -- where someone goes to file their taxes, or find another job only to discover their Social Security number has been being used -- sometimes by more than one person.

Recently, the story of a financial crimes detective, Adrian Flores, who had his identity stolen was covered in the LA Times. It appears that more than one person used Detective Flores' number. Before he cleared his name, he went through a lot of grief from various private and government agencies, including the IRS.

What scared me the most about Detective Flores' story was that he is obviously of Hispanic descent. Does that mean that citizens with Hispanic surnames are going to be victimized because their names will be more considered more desirable?

This is a whole new take on the sometimes sensitive issue of "profiling."

Bob Sullivan (MSNBC) blogged about this issue extensively at the Red Tape Chronicles, here.

During the aftermath of the controversy surrounding the immigration bill -- Lou Dobbs interviewed Suad Leija, the stepdaughter of one of the main players in a organized crime family producing counterfeit documents -- who is assisting federal authorities in identifying members of the cartel. Suad aptly pointed out to Lou that if the bill passed, the counterfeit cartel's business would have exploded because dates could be fixed to reflect whatever date qualified a person for amnesty.

Could the same groups be preparing to provide their own version of Real ID to the millions of people illegally living in this country?

According to Suad, the fake documents are as "good as anything you have in your pocket."

If you go to Suad's Paper Weapons


Suad's interview with Lou, here.

Exactly, how the rules will change remains to be seen. What worries me is the organized crime machine behind providing the documents and identities always seem to stay one step ahead of the authorities.

Getting stolen identities shouldn't present too much of a challenge to the groups counterfeiting documents. There already is an underground market selling this information, also.

This could translate into more people having their identities abused than ever before.

As long as the consequences for stealing identities are viewed as a not very serious crime, the problem will continue.

There are no easy answers to this problem -- but perhaps if there were harsher consequences for counterfeiting, the use of counterfeit documents and stealing identities -- the problem would be easier to deal with.

As long as employers are taking advantage of cheap labor, which is the reason most of these people are coming here, the solution isn't going to be an easy one.

We have to ask ourselves at what cost will this be allowed to continue?

Saturday, August 04, 2007

Celebrities, including Paris Hilton become identity theft victims


(Courtesy of Flickr) Only the photographer knows who is behind the mask.

No one's identity is safe these days. It's just been reported that a lot of celebrity types, including Paris Hilton have had their identities jacked (stolen).

Tampa Bay's 10.com reports:
Investigators busted a massive identity theft ring allegedly operating out of a row home in Northeast Philadelphia Friday.

Police said the list of targeted victims includes celebrity names like Donovan McNabb, his mother Wilma, Jennifer Lopez, Paris Hilton, Whitney Houston, Patti LaBelle, Michael Vick and Microsoft founder Paul Allen.
Allegedly, a couple of fraudsters used change of address forms and had mail diverted to a Philadelphia address. They then used the information from the stolen mail to order checks and credit cards.

The article also states that one of the fraudsters was a former IRS employee, and that some of the information might have been stolen from their computers.

Considering the names they were using, one might wonder why no one noticed at the banks, credit card companies, or the post office when this scheme was first hatched?

In case any of these famous people are wondering why it was so easy to use such recognizable names, it might be because issuing credit cards, checks and (I'm guessing) address changes are approved by computers.

To demonstrate this, they might want to read a previous post I wrote:

Ever Wonder How Well the Credit Card Companies Protect Your Personal Information?

I did another post, where a cat was issued a credit card, also:

Should cats be issued credit cards?

According to the article, this case is still being investigated and the list of people compromised is likely to grow.

It will be interesting to see, if it is ever disclosed, how long this went on and how much money was stolen as a result of this!

10.com article, here.

IRS audit reveals that the human factor is one the greatest threats to information (computer) security


(Courtesy of Flickr)

A new report issued by the Treasury Department's inspector general reveals that too many IRS employees compromised their user ID and password to an unknown person, who was actually a government auditor posing as a help desk employee.

Sixty percent of the IRS employees fell for the social engineering trick, sometimes referred to as vishing. This isn't the first time a test like this has been conducted. In 2004, 35 percent of the employees tested compromised information and in 2001, the failure rate was 70 percent.

In the recent past, the agency has also been criticized for it's aging computer systems and their name has been spoofed (impersonated) in phishing attacks.

I guess the IRS makes a good story, but they certainly aren't the only government agency, or private entity being compromised by activity like this.

Whether it's vishing or phishing -- where social engineering (fraud, deception etc.) techniques are used to trick people into giving up access to information that should be protected -- human beings are probably the biggest threat to information (computer) security.

True, the results of this report are shocking, but maybe we should listen to what it is telling us? If social engineering didn't work, my guess is that a lot of the current explosion in phishing and vishing activity would go away.

Even when malware, often referred to as crimeware, which steals information using technology is used, a human being has to be lured into clicking on a link, or visiting certain websites for the software to be implanted.

Maybe one of the problems is that people, who fall for these ploys are reluctant to admit they were tricked so easily? I've seen a lot of people fall for social engineering ploys, and not all of them are poorly educated, or what most of us would consider, stupid.

In fact, many us would probably be amazed at exactly who falls for social engineering ploys. Most people would rather remain anonymous because it's embarrassing to admit they were conned into whatever scheme they fell for.

Of course, the people I'm referring to have asked me to respect their privacy, and I'm an advocate of protecting that, along with being kind to victims, also.

Whether it is a government agency, big business, or non profit being targeted, the only thing that is consistent is we see more and more of this activity all the time. Trust me, if it didn't work, the criminals behind it wouldn't be wasting their time doing it.

If the activity is increasing, and social engineering it tied into most of it, the best thing we can do to defeat it, are more tests like these, combined with an effort to make people more aware of the problem.

While the results of this report aren't good, at least they are making the information public and not hiding it. My guess is that IRS employees aren't the only ones, who would fall for something like this.

Education and awareness are key in stopping this problem, which keeps growing by leaps and bounds!

Inspector General (Treasury Department) report, here.