Saturday, May 27, 2006

Catching Child Predators by following the Money Trail

The Internet can be a dangerous place, especially for children. You never know what may lurk behind a "screen name" and the Internet is used by those involved in child pornograghy to distribute their immoral and illegal material.

Now a coalition between the financial services industry, ISP's, law enforcement and a child advocacy group will use a time-tested method of resolving Internet crime, which is if you want to find the culprit(s); follow the money.

USA Today is reporting:

"The financial institutions will report child porn sites they discover on the Web to a central tip line, slated to expand next month to receive the information. The companies will block transactions for online child porn or, if law enforcement opens an investigation, help track sellers and buyers."

"The Financial Coalition Against Child Pornography represents a new phase in the war against what has become a multibillion-dollar, international business. Internet service providers, including AOL, already report child porn sites they find."

For the article by USA Today, link here.

The intent of this effort will be to identify offenders, shut down sites and hopefully bring some of the people to justice.

This new tool was brought about with some hard work by the National Center for Missing and Exploited Children and Sen. Richard Shelby, R-Ala.

The National Center for Missing and Exploited Children has a cyber tipline, as well as, a link where anyone can report a sighting of a "missing child." This site also has a lot of valuable information for children and parents how to be Internet smart and is well worth a visit.

Hacking the Paparazzi

I've never been much of a fan of "paparazzi" types. Their whole goal in life is to invade "people's personal domains" for no other reason than to satisfy the public's need for gossip.

Now, it appears, they are using technology to spy on each other and the FBI is taking action.

As reported in the LA Times:

"Federal agents want to know whether one of the owners of Sunset Photo and News attempted to learn what stories the staff at US Weekly, a Hollywood gossip magazine, was working on, said the sources, who spoke on the condition of anonymity."

Please note that the FBI isn't commenting.

Link to LA Times story, here.

Another story, from was a little more specific and claims that Charlie Sheen was the target of the alleged "hacking" exploit. The "person of interest" at the Sunset Photo and News (Jill Ishkanian) is allegedly good friends with Heidi Fleiss, who has claimed that the "hacking allegations" are untrue.

Not sure how credible this is, but Heidi allegedly knows Charlie quite well.

All kidding aside, hacking and a legal "Spy Industry" threaten a lot of people's privacy and now that the "Stars" are being targeted -- perhaps we can get George Clooney, Sean Penn, Barbara Streisand, and maybe Charlie's father (Martin) to speak out on this issue.

The Federal Trade Commission is taking notice and recently went after a bunch of Private Investigators, who had people's personal telephone records for sale.

Now, I'm not sure, but I might guess that some of these people are "outraged" about the telephone companies giving information to the NSA. As I've said before, the NSA is only using the best information out there - which has been gathered for years - from the private sector.

The Information Industry is big business and has been buying and selling our personal information for years.

Personally, I'd rather have my telephone records with the NSA than sold to, "whomever."

As technology continues to grow and laws fail to keep pace with it, we are all at risk. Recently, "hacking kits" were being sold on the Internet via dubious sources and if you need advice on how to do it, there are plenty of Internet groups that thrive on this subject.

Not only are there shady "Internet" sources, but you can also buy a lot of "neat" technological devices to invade people's privacy and no one will ever ask you what it's intended use is.

Industrial and personal espionage is a real problem and needs to be addressed by going after the root causes, which seem to be perfectly legal. Until we do this, our personal privacy will be out there for whoever wants to buy it.

Friday, May 26, 2006

Why Should We Allow Eastern Europe to Export Cyber Crime

I just got finished reading an article from Business Week called "Meet the Hackers." It highlighted a trend that could very well be what's behind some of the massive "information breaches," we see on almost a weekly basis.

Here is an excerpt from the article:

The picture that emerges is of organized gangs of young, mostly Eastern European hackers who are growing ever more brazen about doing business on the Web. They meet in underground forums with names like and to trade tips and data and coordinate scams that span the globe. (Those and other Web sites and organizations named by investigators did not respond to e-mails, instant messages, or phone calls seeking comment.) "Financial payment fraud has evolved tremendously," says John Corbelletta, a former police officer who is director of fraud control for Visa U.S.A. Inc. "Most of the cases I investigated when I was a cop involved people who had their cards stolen out of their purse. We didn't even think of counterfeiting cards."

One of them, a young man from the Ukraine (Dimitry Ivanovich Golubov) was recently arrested, and then released with the help of some highly placed friends in the Ukranian government. This was someone, who our government was interested in prosecuting and allegedly a "godfather" type in the cyber crime circles.

Why is it so easy for these sites to exist? Obviously the writer was able to send them messages "seeking comment?" The sad truth is it is far too easy to set up rogue sites, and all we need do is look at the volume of "phishing" activity that is out there. Whether they set up with foreign IPS providers, or hack into an existing site, they seem to have no problem getting a Internet address.

They have stolen so much information, it has become pretty cheap on these "carding" sites. In fact, they are becoming so brazen; they are now selling "how to kits" with everything a "budding" fraudster needs to get started.

With 82 million identities floating around (the amount compromised recently), it shouldn't surprise us that our "identities and personal information" are so cheap. Quite simply, there is a surplus of information out there for sale.

For an interesting article from the Washington Post on how cheap our information is being sold for, link here.

Eastern European organized crime is a worldwide issue and they aren't only involved in cyber crime. They are also involved in guns, prostitution, extortion, car theft, black market, drugs and the "human flesh" trade.

Here are some interesting statistics from the United Nations:

"The number of known criminal groups in Russia increased between 1990 and 1997 from 785 to an astronomical 9,000, with a combined membership of more than 100,000, according to the country's Interior Ministry. In Moscow, some 189 criminal organizations were active in 1996, of which 23 had branches abroad."

"The Ministry estimates that about 40,000 Russian businesses are controlled by organized crime. Among these are law firms, banks and other businesses that can launder money. Many have global links."

In another UN report about Russian Organized Crime in the United States, it said:

"Russians have recently become the principal purveyors of credit card fraud in the U.S., supplanting the West Africans."

It appears that cyber crime isn't the only thing they are involved in that is a threat to human decency. Sadly enough, some of the greatest victims are their own citizens - many of whom - are sold into slavery in some of this criminal activity.

There is also increasing evidence of collusion amongst the various organized crime factions of the world, and some say terrorist factions. Al Qaida teaches it's minions to survive via credit card fraud. Recently, the RCMP (Royal Canadian Mounted Police) made a pretty good argument for this.

With the sheer amount of data breaches and evidence of the information being sold (pretty cheaply) over the Internet, a financial disaster could be in the making. It also seems that whenever it is traced, it goes back (largely) to Eastern Europe.

I decided to check out the recent (highly publicized) arrest, where 565 cyber criminals were caught and discovered that none of the arrests, or law enforcement support seem to come from these Eastern European countries.

Since I'm certain that this is not because of a lack of effort on the part of law enforcement, perhaps we would make greater headway if our politicians took some action. If Eastern European governments are failing to cooperate, maybe our governments should put some "economic" sanctions in place designed to make them see the "light."

Ironically enough, 26.5 million veterans, many of whom trained to protect us from a perceived threat from this part of the world during the "Cold War," might be having their identities sold (cheaply) over some of these "carding" sites somewhere in the near future.

My message to Eastern Europe is that they need to stop exporting their problems to the rest of us and should they fail to do so, we should exercise our combined political voice to stop their personal attack on millions of innocent people.

Thursday, May 25, 2006

Lay and Skilling Guilty, Aunt Millie Finally Sees Some Justice

Kenneth Lay and his Kenneth Skilling have been found guilty of conspiracy to commit securities and wire fraud. Sentencing is scheduled for September 11 and Lay and Skilling - considering their ages - are potentially facing life sentences.

A lot of us can now reflect that maybe "Aunt Millie" has finally seen a little justice.

Here is a "tidbit" from a previous post, I wrote:

"Enron was illegally manipulating energy costs by faking plant failures etc. California suffered the brunt of it with outrageous bills and blackouts. In taped conversations between the traders at Enron, poor old Aunt Millie (a grandmother from San Diego on a fixed income) was brought up and it was (jokingly) suggested that she use candles."

Link, here.

Please note that Aunt Millie was facing electrical bills of close to $1,000.00 a month on a fixed income, while Lay and Skilling reaped enormous personal benefits. These "fine fellows" ripped off their investors, employees, the State of California and many others for billions of dollars.

Even now - that justice has been served - the victims in all of this will probably never be made whole. Proposed settlements in the civil portion represent pennies on the dollar and are unlikely to reach anyone individually.

Additionally, it appears they still have a lot of financial resources and a "full scale" effort towards appealing these verdicts is yet to come. While "Aunt Millie" and all the other victims in this case might have seen a little justice, Lay and Skilling still have the "means" to mount a formidable defense.

Hopefully - when this is all said and done - their "means" will have been returned to those they have victimized.

For another post, I did adressing Ken Lay's defense effort, link here.

For the Houston Chronicle's blog on the trial, link here.

Wednesday, May 24, 2006

The VA Data Breach is a Symptom of a Bigger Problem

26.5 million identities of our veterans have been compromised, and the official spin is that the risk of identity theft is minimal.

The waters are still "murky" and I'm not sure what other valuables were at this mid-level computer analyst's home, but the media is reporting that the equipment - consisting of a laptop, external hard drive and some disks - were the only items taken.
Being that I'm one of the 26.5 million compromised - on a personal level - I'm worried. To me, it doesn't make sense that the only things taken were the very items that had "information potential."
It is also now being reported that it took two weeks for the Veterans Administration to report the incident to the FBI. If this is true, is it incompetence; or a deliberate attempt to cover-up the facts?
But, should we be blaming the VA for not reporting this for two weeks? After all - in the recent debit-card breach - Visa and Mastercard knew of the problem a couple of months before it was disclosed. Even now, the information that was reported (by those breached) seems to be the bare minumum.
According to the Privacy Rights Organization, which has monitoring these breaches, almost 82 million Americans have had their identities compromised. You can view their chronology, here.
Note that in some of the breaches, the number was unknown, therefore the actual number of people compromised might be higher.
Meanwhile, the House Commerce Committee is rushing to vote on the Financial Data Protection Act of 2006 and the House Judiciary Committee is scheduling a vote on the Cyber Security Enhancement and Consumer Data Protection Act.
There are a few flaws (my opinion) in the current legislation. The new laws will allow companies, institutions and organizations to decide - via an internal investigation - whether disclosure is warranted, and gives them 45 days to report it if there is a "reasonable risk" of identity theft.
If we look at this from a historical perspective (organizations reporting themselves), we are in a lot of trouble.
Critics claim this federal legislation has been "watered down" by special interest groups. Rushing this legislation through might not serve the best interests of the people. In fact, some might speculate that those (who watered it down) are using the "VA breach" to push it through before the public sees the flaws.
82 million people might send a powerful message to our "elected officials" in the upcoming election. The message is there are a lot of us tired of seeing millions of people victimized and nothing (effective) being done about it.
To my fellow veterans, who have been compromised, here is a link from the Privacy Rights Organization about this compromise and where to get help.

Tuesday, May 23, 2006

26.5 Million Veterans Compromised in Data Breach

Data breaches seem to be a weekly occurrence. Now we can add 26.5 million veteran's personal information to the list.

With as many times as this has happened, it never ceases to amaze me that much of this information isn't compromised by criminals with advanced "technical knowledge." In this case - as in many others - it appears the information was on a laptop and was stolen by a home burglar. In other words, 26.5 million people, who served their country have been compromised by a petty criminal.

The Privacy Rights Clearinghouse keeps track of these ongoing data breaches, which can be viewed, here. When you add them all up, it's pretty scary.

Here is the statement from the Department of Veterans Affairs:

The Department of Veterans Affairs (VA) has recently learned that an employee, a data analyst, took home electronic data from the VA, which he was not authorized to do. This behavior was in violation of our policies.

This data contained identifying information including names, social security numbers, and dates of birth for up to 26.5 million veterans and some spouses, as well as some disability ratings. Importantly, the affected data did not include any of VA's electronic health records nor any financial information. The employee's home was burglarized and this data was stolen. The employee has been placed on administrative leave pending the outcome of an investigation.

Appropriate law enforcement agencies, including the FBI and the VA Inspector General's office, have launched full-scale investigations into this matter. Authorities believe it is unlikely the perpetrators targeted the items because of any knowledge of the data contents. It is possible that they remain unaware of the information which they posses or of how to make use of it. However, out of an abundance of caution, the VA is taking all possible steps to protect and inform our veterans.

The VA is working with members of Congress, the news media, veterans service organizations, and other government agencies to help ensure that those veterans and their families are aware of the situation and of the steps they may take to protect themselves from misuse of their personal information. The VA will send out individual notification letters to veterans to every extent possible. Veterans can also go to as well as to get more information on this matter. The firstgov web site is being set to handle increased web traffic. Additionally, working with other government agencies, the VA has set up a manned call center that veterans may call to get information about this situation and learn more about consumer identity protections. That toll-free number is 1-800-FED INFO (333-4636). The call center will be open beginning today, and will operate from 8 am to 9 pm (EDT), Monday-Saturday as long as it is needed. The call center will be able to handle up to 20,000 calls per hour (260,000 calls per day).

Recently, I did a post, where another laptop (government) was compromised:

Laptop Loss Exposes U.S. Marines

It amazes me that in the "Age of Compliance," our information isn't better protected. Another thing that amazes me is that "experts" are assuring the public that there is a very small chance this information will be used for identity theft. I supposed that this is based on the premise that the "crook" merely wanted to steal the laptop.

My thoughts are that either the crook stole the laptop for the information, or has now likely discovered (via all the attention this has raised) exactly what they have.

Virtual Task Force Nets 565 Cyber Criminals

An international (virtual) task force dubbed "Operation Global Con" has netted 565 cyber criminals that have victimized approximately 3 million people.

Attorney General Alberto Gonzalez, who was joined by FTC Chairman Deborah Majoras, Chief Postal Inspector Lee Heath and Costa Rica's Attorney General Francisco Dall’ Anese Ruiz issued a prepared statement:

Over the past 15 months, United States and foreign law enforcement agencies have targeted international fraudulent mass-marketing schemes in the largest enforcement operation of its kind. The results of Operation Global Con have been dramatic – with 565 arrests, both here and abroad.

We all know the annoyance of phone calls, junk mail, and spam and pop-up ads that bombard us with seemingly incredible financial offers. For millions of Americans, these intrusions have been more than a nuisance.

Operation Global Con targeted international mass-marketing schemes. These criminals used telemarketing, the Internet, and mass mailings, to cheat unsuspecting people through bogus investments, fake lotteries and sweepstakes schemes, phony credit cards, and tax frauds.

In Miami, Florida, for instance, two defendants allegedly duped investors in the United States and Europe for more than $3 million dollars. Investors in Discovery Capital believed it to be legitimate because the defendants would occasionally use funds received from new investors to send out purported interest and dividends. Allegedly, the rest of the money went to fancy cars and million-dollar homes for the defendants.

Link to prepared statement, here.

The effort was done with the partnership and support of several countries, including Canada, Costa Rica, Spain, the Netherlands, the United Kingdom, New Zealand and Nigeria.

Also released on the DOJ site was a fact sheet, which gives more detail on this operation.

This is positive news, but my best guess (based on extensive study of the subject) is that there are plenty more cyber-criminals still in business out there. The positive part of it is the fact that we are now seeing signs of "international cooperation" into what has been dubbed a "borderless" problem.

If you think you have spotted one of these scams - or are a victim - the best thing to do is report it.

Here are some good places to do so:

Federal Trade Commission

Internet Crime Complaint Center

If you are Canadian, Phonebusters is the place to go to report activity, or seek help.

Monday, May 22, 2006

Salvation Army Sued by Illegal Immigrants

Here is an interesting item, illegal immigrants are suing the Salvation Army. As reported from the AP via Yahoo:

A half-dozen illegal immigrants are suing the Salvation Army and two of its former local officials for consumer fraud, claiming the leaders took their money under false promises of helping them gain legal status.

The lawsuit, filed Friday in state Superior Court, claims the Rev. Enoc Tito Sotelo told his mostly Latino congregation at Plainfield's Salvation Army church that he would help them become Americans if they each paid $4,000 and donated $500 to the church.

The Salvation Army isn't commenting, but said they recently "terminated" the staff members involved.

Link, here.

This case will raise some interesting questions, such as how can anyone justify people who are "illegal" using tax money to hear a fraud case in civil court?

On the other hand, if fraud was committed, why is the case being heard in a civil court?

Perhaps, this case should be moved to a criminal court. Both "fraud" and "illegal immigration" are criminal offenses and (if found guilty) the former Salvation Army employees should go where they belong, or jail. The Judge could then order "civil restitution" and forward it to the "illegal immigrants" in the country, where they have been deported to.

Of course, before doing this, perhaps deductions should be made from the "civil restitution" amount for social services used (including those of the Salvation Army) before forwarding a single penny.

Daily, we read of government and charitable programs having financial difficulties. It's not fair to the rest of us - who haven't broken any laws - when we have to "financially support" (in the form of tax dollars) people who have broken the law seeking to profit from their illegal activity.

Illegal immigrants are routinely victimized by criminals, but you don't see them, or their attorneys suing the gangs that bring them across the border. Since this is the case, then why is OK to sue the Salvation Army, which is supported by charity?

Criminal activity needs to be addressed in criminal courts and people committing a crime (no matter how noble they think it is) shouldn't be financially rewarded.