Saturday, July 01, 2006

Bad Apples in the Barrel are the Biggest Danger to Security

In light of the story circulating about a mid-level manager at Homeland Security getting caught falsifying immigration documents, Michael Chertoff said:

"I wish we could be perfect. Human existence is not perfect, but I can tell you it is a very small proportion, and there is nothing more important than finding those few bad apples and throwing them out of the barrel."

I had considered writing a post about this mid-level manager, then it occurred to me that Mr. Chertoff was correct (from a global perspective) and that - from a security standpoint - there is nothing more important than throwing those "bad apples" out of the barrel.

"Bad apples" don't only exist in "Homeland Security," and although someone getting caught there makes good "press," we have bigger problems out there that need to be dealt with.

One of the biggest threats, we face today is rogue nations obtaining nuclear capabilities. AQ Khan, who developed nuclear weapons for Pakistan, admitted selling secrets to North Korea, Libya and Iran. Many believe that he obtained a lot of his knowledge from the Chinese, who were caught stealing nuclear secrets from us during the Clinton Administration, Online NewsHour: Spies Among Us -- June 9, 1999."

And there is evidence that the Chinese actively seek to plant insiders to steal information. Here is a previous post, I wrote about that.

If any of this is true, we are still being damaged as a result of "insider" problems from the 90's. Two of the biggest threats to world peace today are Iran and North Korea and their "nuclear ambitions."

Insider problems exist at all levels - and are a favorite means for rogue governments, foreign businesses, criminals and terrorist organizations to defeat any and all security measures.

Ira Winkler of the National Computer Security Association wrote:

The Federal Bureau of Investigation estimates that U.S. Corporations lose $100 Billion annually due to industrial espionage. While many people believe that the espionage is committed by well financed organizations that can only be stopped by national agencies, that is very incorrect. Industrial espionage usually exploits simple and very preventable vulnerabilities to produce tremendous results.

The theft of sensitive information from U.S. corporations is the goal for many foreign nations and companies. Adversaries do not care about what form the information takes. Whether information is in electronic format or is thrown away in the trash, it is irrelevant as long as the information is compromised.

Industrial spies know how to bypass any strong part of a security program to attack an organization at it's weakest point.

For Mr. Winkler's full analysis, link here.

Mr. Winkler's analysis brings up some very valid points and scary insights. The people who engage in insider theft will use any and all means to accomplish their goals. Look at all the major breaches that have been caused by a laptop being left unsecured?

Perhaps, I got off topic, but my vote is that we move on and forget this mid-level manager. Homeland Security has bigger fish to fry and the fact that he was caught indicates that they are willing to clean up their own backyard. After all, there are a lot of other backyards out there that probably need to be cleaned up and this is where our focus should lie.

Thursday, June 29, 2006

And Just When We Thought the IRS Phishing Scams Were Gone for the Year

All during tax season, we saw warnings about phishing attempts using the name of the IRS. April 15th has come and gone, but the "phishermen" are still using the IRS name to lure victims.

For those unfamiliar with phishing, it normally starts with a lure - such as a refund from the IRS - in the form of an e-mail directing you to "click" on a site. The site (which is also fake) then directs you to give up all sorts of personal information, which the "phishermen" use to commit "identity theft." In more sophisticated schemes - even going on the site - can lead to all sorts of cybernasties (crimeware) being injected into your system. The crimeware allows them to track your information on a more "permanent" basis.

Phishing is on the rise and according to the APWG (Anti Phishing Working Group), May set a all-time record for phishing attempts.

Here is an interesting story from KUTV in Salt Lake City:

Tax season is over but some people are still getting notifications that they have a refund coming from the IRS. There are all types of so-called phishing schemes out there. And we found a new one today. Here is what the email looks like: Click Here.

It claims to be from the internal revenue service. It says you have a refund coming, just go to a website and fill out the refund request. And look at this: Click Here.

For the full story from KUTV: Click Here.

If you spot one of these attempts, you can forward it to the good folks at PIRT (Phishing Incident Reporting and Termination Squad) - who will take action to shut the bad guys down.

And last, but not least; you can call the IRS directly at 800-829-1040 to verify any communications, or e-mail the "suspected" phish to The IRS also has some pretty good information on their website on how to avoid falling for scam involving your taxes.

You can also report the activity to the APWG, which is mentioned above.

Israeli Sites Under Attack by Islamic Hackers

There has been a lot of speculation that Islamic groups use the Internet to further their political objectives. With the recent tension in the Gaza Strip, here is evidence of their capabilities as reported by Gal Mor, Ehud Kinan of YNet news:

Hundreds of websites were damaged by hackers in recent hours, following IDF activity in the Gaza Strip. The hackers are members of the Moroccan “Team Evil” group, responsible for most of the website damage in Israel in the past year. This is the largest, most concentrated attack on Israeli websites in recent years.

A Ynet investigation revealed that more than 750 Israeli websites, on a number of different domains, were hacked into and damaged in recent days. Prominent among them were the Soldier’s Treasury Bank, Bank Hapoalim (not the main page), Rambam Hospital, the Society for Culture and Housing, BMW Israel, Subaru Israel, Jump Fashion, non-profit organization “Yedid,” Kadima’s youth website, and the Globus Group ticket center. Many of these sites have not yet returned to normal.

Hackers left the message: You’re killing Palestinians, we’re killing servers.

For the full story on YNet, link here.

There is a lot of speculation of how terrorist groups might use the Internet to disrupt systems. Here are some previous posts, I've written on that matter:

Do Financial Crimes and Internet Fraud Fund Terrorism

Are Terrorists Probing Our Computer Systems?

Secret Shopper Scam Targets Walmart, Again

Back in November, I did a post on a Secret Shopper (advance fee) scam -- where people were solicited to act as Secret (Mystery) Shoppers -- and cash a large check at Walmart as part of their "paid" shopping assignment. They are then provided with a large dollar counterfeit cashiers check and instructed to cash it at Walmart. The second part of their assignment (if they get past the Walmart employee) is to wire the money to Canada via MoneyGram.

Of course, for their hard work they are instructed to keep a "generous" commission for themselves. And after the check returns, they are left with the responsibility of dealing with the consequences.

This scam seemed to die out for a few months, but is again raising it's "ugly head." I've received several reports -- by my readers and other sources -- that they are again being solicited to perform these so-called shopping assignments. The current scams seemed to be based out of Canada, which is where the original ones were based, also.

Walmart is known to take a tough stance on check fraud and makes use of local District Attorney programs as part of their "collection" efforts. This normally means -- if you fall for one of these scams and Walmart cashes the check -- failure to pay them back could mean criminal prosecution. Since the person cashing the check is responsible for the full amount cashed, the "generous commission" isn't a very good deal.

Of course, they might also call the authorities while someone is in their establishment passing a counterfeit check.

So far as the "Walmart connection," these scams all mutate and instructions to "shop" other establishments (although not seen yet) could be a future development. Only the result will remain the same, which is the person cashing the check will ultimately be held responsible. The best protection any of us have is to recognize the scam and ALWAYS remember that anything too good to be true, often IS NOT.

Here is the previous post, I wrote in November:

Secret Shoppers Scammed

If you want to report one of these scams, a good place to do so is:

Internet Crime Complaint Center (FBI)

And Canada (where most of this seems to come from) has a site of their own to report activity:


Wednesday, June 28, 2006

California Issues Alert on eBay Fraud Trend

The California Office of the Attorney General is issuing a consumer alert about fraudsters - who pose as sellers on eBay (after assuming a legitimate sellers identity) - and lure them into paying for something they will never receive.
Account takeovers and identity theft are nothing new on eBay. In most instances, they are accomplished by "phishing" legitimate members of the eBay community; who are tricked into giving up their information as a result of a seemingly legitimate e-mail.
Here is the consumer alert:

Scam Artists Posing As Sellers on eBay

Consumers should be on the alert for scam artists posing as sellers on eBay, the California-based Internet auction site, who victimize bidders through bogus second chance offers. To avoid falling victim to this scam, we offer some tips and precautions below.
In the emerging fraud scheme, scam artists try to lure bidders interested in a product away from the e-Bay web site by using “My Message,” which allows seller and buyers to communicate on the auction site. Through posted messages, legitimate sellers are able to build a positive reputation from customer ratings, product reviews and favorable reports on business transactions.
Manipulating the eBay messaging system, the scam artist posing as the seller contacts bidders to announce the winning bid fell through and offers a second chance to buy the product by wiring the purchase price to the non-eBay email address provided. The scam artist is counting on consumers being tricked into a direct sale and being lured by the positive feedback seen on eBay.
However, the message is actually from a con artist who assumed the identity of the legitimate seller who already sold the item to the winning bidder. The second chance bidder who falls for this scam is left empty handed, paying for a product that will never arrive.
For the full consumer alert, link here.
Here are two resources to seek help, if you become a victim:

Attorney Generals Office Complaint Form and Federal Trade Commission Complaint Form.

These resources are only applicable in California and the United States, here is a list where you can find victim assistance worldwide:
Here are some other tips on how to avoid fraud on eBay:
Here is a post about how accounts are taken over on eBay:

Monday, June 26, 2006

Check Cashing Jobs - A Quick Way to Drain Your Bank Account and Maybe Go to Jail

I got this e-mail today inviting me to make $5,000.00 a month (minimum) working a couple of hours a day. Of course, I need to use my own bank account - which will be drained of all it's funds - when the bank discovers the transactions are fraud. If it sounds too good to be true, it probably isn't.

Recently, I wrote about how banks often clear these checks - and even sometimes verify them as good - then take your money anyway. Of course, since in most of these instances, the money has been sent (normally wired somewhere); the person who negotiated the item is left holding the bag.

Welcome to the "Check Cashing Scam," that organized fraud gangs are using to recruit people to take all the risks - while they collect all the "real money" via Western Union, or MoneyGram.

In reality, the people who do this, are being conned into laundering fraudulent transactions - mostly from auction sites - such as eBay.

Recently, we saw Australian teenagers and a Better Business Worker get caught up in this scam. Please note that the some of the Australian teenagers are facing charges - which can be another "nasty" side-effect of getting involved in this activity.

Here is an example of one of the come-on letters (note the reference to identity theft at the bottom):

Dear Jobseeker,

This offer was sent to you in response to your resume on

The job we are offering requires only two hours per day during which you will check your e-mail and go to your bank. You will be given a position of representative within our company which means that you will be a collaborator and not an actual employee. There is no experience required; only the knowledge of using an e-mail account and a bank account. It does not matter if you already have a job or not if you have two hours to spare each working day.

What is required of you in order to be eligible for this job:

- Honesty, responsibility and dedication to this new line of work;- An existing active bank account that you will use to cash money orders and checks (no information is required about your bank account);

- Access to the internet and a small amount of free time every day in order to check your e-mail twice per day (once in the morning and again in the evening).
What we offer during this job:

- Flexible working time: you chose what hours you want to work;- Working at home: you only need to check your e-mail and make trips to your bank;- Professional support via e-mail;- No selling involved no kit to buy, we will not charge you anything, and you will not handle any merchandise;

- Minimum pay: $5,500 (from commissions and a $900 monthly salary);- Commission: 10% off of every money order/check that you cash, instantly money in hand that you will deduct from the cashed amount. If you receive a check of $1,000.00 your net income is $100.00, our company supports any fees. You can receive a maximum of 3 checks/money orders per day which will earn you between $300 and $900 cash in hand each day.

If you are interested our staff will send detailed information about the contract which you must sign in order to get started. We reserve the right to keep you on probation for the first month, meaning that we will decide at the end of the first month whether you will be a permanent employee or not.

It is very important for us to know how willing you are to work for our company. Also, we are keen to know about your skills in contacting other people and above all we are looking for candidates that are ready to work and seek to self improve all the time. Our company just started this program and we need personnel loyal to our company and our program. We believe that we represent an excellent opportunity for everybody, a chance to start a new career without much knowledge but with great perspectives. Even if you are not willing to grow with our company this still remains an excellent opportunity for those who need a temporary or a secondary job.

We are confident that you will make the right decision and hope to hear from you soon.


-You must be over 21 years old.-You need to live in U.S.A. (legal residents and immigrants can also apply) and have an active bank account.

If you meet these conditions please contact us by replying at this e-mail address to receive the contract and detailed information about this job.

We will never ask you for bank name, bank account number, routing number, credit card, passwords, ssn number etc. If anyone asks for those on our behalf please do not give out this info. This is to ensure that you will not be the victim of an identity theft case.

Thank you

Sunday, June 25, 2006

28,000 Sailors Compromised. Lieutenant Cole - All is Not Secure!

It's a crying shame that when those who serve their country are at war, their personal information - which can be used to ruin financial well-being - is being compromised.

As reported by the Associated Press:

The Navy has begun a criminal investigation after Social Security numbers and other personal data for 28,000 sailors and family members were found on a civilian website.

The Navy said Friday the information was in five documents and included people's names, birth dates and Social Security numbers. Navy spokesman Lt. Justin Cole would not identify the website or its owner, but said the information had been removed. He would not provide any details about how the information ended up on the site.

It was information you don't want on a public Web site," Cole said. "But there was no indication it was being used for illegal purposes."

Of course - as is standard - in these cases, the official "spin" is that they have no reason to believe any of the information is being used and the Navy is not identifying the site in question.

In the Naval service, someone reports their post, they state "all is secure" when everything is in order. In this official statement, Lieutenant Cole is basically reporting that "all is secure" in this latest data-breach. I beg to differ! With the number of breaches (mostly unresolved) out there, nothing seems very secure.

Of course, 28,000 is minimal when compared to 26.5 million, which is the number of veterans recently compromised in the VA breach. In this breach, the official "spin," suggested that the stolen data was accomplished by teenagers and there was little risk that the information would be used.

And if you were to add up the number of potential victims since the Choicepoint Incident (Feb 2005) --which is when someone started keeping track of all these data breaches -- at least 88,366,461 human beings have been compromised. Please note, these are only the "known incidents" and let's face it - the current culture dictates that those compromised do not like reporting it.

If there is little risk, all the efforts to warn veterans and legislation being considered in Congress is a waste of time. We are seeing data-breaches occur - almost routinely - and personal information is being sold in chatrooms at "bargain" prices. The sheer volume of this activity suggests, there is a lot of "risk" for those, who have been compromised.

Lieutenant Cole, let me let you in on a little secret, "all is not secure," and as long as we pretend it is, the bad guys will be mocking us - while they pursue their criminal goals.