Friday, August 18, 2006

Rogue Governments, Terrorists and Organized Criminals Raise the Stakes for Control of the Cyberworld

Hackers pose a very real threat to systems worldwide - here is evidence that this is no game being played by children.

I read this story from Government Computer News by Paitence Wait:

The Pentagon's primary Internet backbone, the Global Information Grid, comes under siege some 3 million times a day by outsiders looking for a way to penetrate military networks. And the outsiders come from all over the world, whether American script kiddies trying to prove their skills or Eastern European hackers looking for information they can sell.

Then there are the military cyberthreats from potential enemies.

Maj. Gen. William Lord, director of information, services and integration in the Secretary of the Air Force Office of Warfighting Integration and Chief Information Officer, today told an audience of civilian Air Force personnel attending the Air Force IT Conference that "China has downloaded 10 to 20 terabytes of data from the NIPRNet. They're looking for your identity, so they can get into the network as you."

Lord said that this is in accordance with the Chinese doctrine about the use of cyberspace in conflict.

Full story, here.

I recently wrote a post, Great Britain Creates National Fraud Squad to Fight Organized Crime and Terrorists. Add some rogue countries to the problem - and it's easy to see why a lot of the experts are becoming concerned.

Technology has also made communicating one's thoughts and beliefs rather easy.

The Internet (Cyberworld) -- with it's worldwide reach -- is also used by a lot of "entities" to spread propaganda. To illustrate this, we have a new blogger (Iran's President Mahmoud Ahmadinejad) who has created a "blog" to get his version of the word out. To see it, link here.

Of course, a lot of subversive organizations have been doing this for years. Al Qaeda (in particular) has used the Internet to further their despicable deeds. Timothy Thomas did an interesting essay on this, here.

With President Ahmadinejad and his proxy Hezbollah in the news recently, we need to reflect on history for a moment before reading his "jihad of the pen."

These are the people responsible for taking American hostages in Iran and later Lebanon. They were also responsible for the Marine barracks being bombed at the Beruit airport in 1983 - and more recently have been a conduit for terrorist activity in Iraq.

And he (Mahmoud Ahmadinejad) says he wants nuclear technology for peaceful purposes? If anyone believes that I can refer them to someone who needs help getting millions of dollars out of Africa.

How to Spot a Counterfeit on eBay

Steve Swoda (founder of buySAFE) offers the following tips on how to avoid buying counterfeit merchandise (knockoffs) on eBay.

These tips were published in the Miami Herald a couple of weeks ago:

  • Don't buy based on price alone. We all know that if the price is too good to be true, it probably is. Not all knockoffs are cheap, however. High prices can add a sense of legitimacy, and many knockoff sellers know this. Just because the price is high doesn't mean it's authentic.
  • Pictures aren't always worth a thousand words. If a seller has only a few pictures and won't share more, you know you're dealing with someone illegitimate. Anyone selling high-value goods -- used or new -- understands the importance of authenticity. If the merchant is selling something genuine, he'll have nothing to hide.
  • Read the fine print. Some ''e-tailers'' or auction sellers will lure you in with words that you're likely to use, such as ''Chanel'' or ''Gucci.'' Many sites also resort to overkill with words such as 'authentic,'' or 'genuine'' to describe items. It's only by reading carefully through the descriptions that you will see comments such as ''inspired by . . .'' to let you know that the merchandise isn't an exact copy. This sort of wording affords the seller immunity from trademark infringement.
  • Return or get burned. Make sure the seller offers a return policy, or ensure that he uses a buyer-protection program.
  • The extras. Designers love to provide value-added extras, such as boxes, identity cards and storage bags. The counterfeiters are always one step ahead, so don't let down your guard. Recent reports indicate that counterfeiters are even buying fake receipts to prove authenticity.
  • At the end of the day, it's caveat emptor. If you suspect that the merchandise isn't genuine, don't buy it.
Link, here.

Of course, fake receipts are nothing new - shoplifters have used them for years to refund stolen merchandise. A Google search will show you that this "activity" is alive and well on the Internet, here.

Someone should go after the companies selling the means to do this!

Steve also does a blog, "Steve Woda's Blog: buySAFE, eCommerce, Trust & Safety" and was recently appointed to the "Commonwealth of Virginia's Joint Commission on Technology & Science Cybercrimes Advisory Committee."

Here is a previous post, I did on how to safely navigate auction sites:

25 Ways to Avoid Auction Fraud From a Seller's Perspective

I did a post on counterfeit goods (knockoffs), it mentions a book by Tim Phillips on the subject (Knockoff), which is a great reference on this subject:

Counterfeit Goods, A Borderless Problem

Thursday, August 17, 2006

Another Laptop Lost by Accounting Firm - Chevron Employees at Risk of Identity Theft

Saw this on PogoWasRight.org - which is an excellent read on privacy issues:

"Chevron may have pocketed record profits of $4.35 billion in the most recent quarter, but that wasn't enough to protect the names and Social Security numbers of potentially tens of thousands of employees. The San Ramon oil giant sent an e-mail to U.S. workers Monday warning that a laptop computer "was stolen from an employee of an independent public accounting firm who was auditing our employee savings, health and disability plans."

Link to PogoWasRight post, here.

PogoWasRight was quoting a story in SFGate by David Lazarus. In his story, he quotes Larry Ponemon of the Ponemon Institute:

"It's a big problem," said Larry Ponemon, founder of the Ponemon Institute, a Michigan think tank that focuses on privacy issues.

"It's always the human factor," he said. "There are always going to be people who download something incredibly confidential onto their laptop and then it ends up stolen or on the Internet. It's not because of evil intent. It's usually because of incompetence or complacency."

When are we going to wake up that storing "sensitive data" on laptops is a bad idea? And there is evil intent - at least on the part of whomever is stealing this information.

According to the SF Gate article, the Ponemon Institute released a pretty telling survey:

"On Tuesday, the Ponemon Institute issued a study revealing that 81 percent of companies surveyed have experienced the loss of one or more laptops containing sensitive data over the past 12 months."

"The study also says 64 percent of almost 500 data-security pros surveyed admit that their companies have never performed an inventory to determine the location of customer or employee info."

Link to SFGate article, here.

There is another thing to consider - and it's the internal factor. Most of this information is worth money and it makes me wonder in how many of the breaches (of which there have been many) a dishonest employee was somehow involved?

For an article about that by Will Sturgeon from Silicon.com, link here.

Of course, in this case - as most of the others - Chevron is revealing few details.

Credit Bureau Fined for Marketing Credit Monitoring by FTC

Tom Fragala - who writes Truston's Identity Theft blog - wrote an interesting post on one of the big three credit bureaus (Experian) getting fined by the FTC for selling "credit monitoring," when people requested free copies of their credit report.

Tom wrote:

"In 2005, Experian (doing business as consumerinfo.com) was fined $1 million by the Federal Trade Commission for deceptive and fraudulent marketing of credit reports (see the FTC report here). Basically they marketed “FREE” credit reports and then charged people for the services. In clear violation of Federal law."

Tom also made an astute observation about the required disclosure of this on their site, here.

If you would like to learn more about the Federal law in question, CalPirg has an excellent guide on their site:

The New Fair Credit Reporting Act: What Consumers Need to Know

You can also "opt out" from letting your information be sold, here.

There are many out there that believe the current "identity theft crisis" has it's roots - at least in part - due to personal information being maintained and sold in databases, which aren't protected very well.

Guess who has been maintaining and selling most of the information in question?

Wednesday, August 16, 2006

buySAFE Protecting 3,000,000 eBay Listings

I recently did a post on buySAFE and how they bond sellers on eBay. Today (on the buySAFE blog), they announced 3,000,000 listings are being protected by their service.

If the seller has the buySAFE seal - the transaction is guaranteed.

For the announcement on buySAFE's blog, link here.

Recently - with proposed fee increases - there are a lot of eBay users speaking out. For an interesting article about this by AOL (Sheldon Liber), link here.

One of the frustrations mentioned in the article is the amount of fraud on auction sites.

I read another article (one of many in the past few years) that says auction fraud is on the increase in Japan:

Web auction fraud leads surge in Japan cyber crime

This same trend has been noted (pretty much), worldwide.

It seems that there is a need for services, such as buySAFE, to bolster consumer confidence and protect the "little guy."

Here is the original post, I did on buySAFE:

buySAFE Protects it's Customers from Fraud on eBay

Fraudsters Stealing Personal Details from Discarded Computers

There are several reports about personal details being harvested from discarded computers, or from hard drives that aren't properly disposed of by the repair facility.

The problem is caused because most people only delete their files before getting rid of a system. If the wrong person gets their hands on the hardware - the files are easily extracted and identity theft can occur.

One story from the Daily Telegraph about this can be read here.

The article from the Daily Telegraph references this activity occurring in Lagos (Nigeria), but according to other sources - Nigeria isn't the only point of compromise.

Bob Sullivan of MSNBC did a story in June about this same type of activity. His story references it happening in the United States, link here. In the MSNBC story - the hard drive in question was discarded (replaced) at Best Buy.

Computer security experts say the only way you can make sure your information has been erased is to destroy the hard drive, or use special software to erase everything.

Also - if you have your hard drive replaced - insist on getting the part back and destroy it yourself!

Tuesday, August 15, 2006

Phishermen are Impersonating the FDIC

Cybercriminals often pose as reputable government agencies. Recently, they set up a totally "fake Interpol site" and we've seen them use the names of the IRS and the FBI to lure victims into their web of deceit.

Now they are using the good name of the FDIC.

Here is the FDIC alert:

The FDIC is aware of a phishing e-mail that has the appearance of being sent from the FDIC. The name "Federal Deposit Insurance Corporation" appears on the "From" line and the subject is, "IMPORTANT: Notification of Federal Deposit Insurance Corporation."

This e-mail claims that the FDIC has received an application from the receipt's bank to insure their checking or savings account against fraud, phishing and identity theft. The e-mail further instructs the recipient to enroll in "the FDIC protection system" by clicking on a link to a spoofed FDIC Web page. The spoofed Web page requests the following information:

First Name, Last Name, Phone Number, Social Security Number, Mother's Maiden Name, Driver License/Issued State, Date of Birth, E-mail Address, Street Address, City, State, Zip/Postal Code, Name on Credit Card, Credit/Debit/ATM Card Number, Card Expiration Date, Card Verification Number, Personal Identification Number, FDIC-Insured Institution (Bank Name), Bank Routing Number, and Bank Account Number.

This e-mail was not sent by the FDIC and is a fraudulent attempt to obtain personal information from consumers. Financial institutions and consumers should NOT access the link provided within the body of the e-mail and should NOT under any circumstances provide any personal information through this media.

The FDIC is attempting to identify the source of the e-mails and the location of the Web site in order to disrupt the transmission. Until this is achieved, consumers are asked to report any similar attempts to obtain this information to the FDIC by sending information to alert@fdic.gov.

For a link to the alert, link here.

When I stumbled upon this news - I had just finished doing a post about a great presentation on cybercrime the FDIC just released to educate the public:

FDIC Releases Multimedia Presentation to Educate Public on Cybercrime

Maybe the presentation is so good - the criminals don't like it?

If you spot one of the "phishy e-mails, report it to the FDIC as described in the alert.

It's easy to do and it might protect someone you know!

FDIC Releases Multimedia Presentation to Educate Public on Cybercrime

The Federal Deposit Insurance Corporation (FDIC) just released an excellent video - geared towards the average user - on how to avoid cybercrime.

Here is what the FDIC has to say about it:

"Identity theft continues to be one of the fastest growing crimes in the United States, and has ranked as one of the top consumer concerns for the past several years. The Federal Deposit Insurance Corporation (FDIC) has produced a multimedia presentation to help consumers protect themselves from identity theft. The presentation provides information on steps consumers should take to secure their computer and protect themselves from identity theft, as well as actions consumers should take if they become a victim of identity theft. Financial institutions are encouraged to make the link available to their customers from their websites. This presentation is hosted by Vodium."

To view the presentation, or order up to 25 of the CD-ROMs, link here.

I watched it from start to finish and was extremely impressed with it. Even my Mom will get the point (she says she doesn't understand what I write about) after watching it.

This is a great tool to share with "anyone and everyone" - who navigates the "sometimes" murky waters of the Internet!