Saturday, September 16, 2006

Canadian Government Loses Personal Information of Thousands

We read (too frequently) of personal information "going missing" in the United States. Here is a story by Chad Skelton of the CanWest News Service of a potential Canadian breach:

Computer tapes containing the private health and welfare records of "hundreds of thousands" of British Columbians were discovered missing from the government's main data centre in Victoria last year and have never been found, according to a confidential government investigation obtained by the Vancouver Sun.

Poor record-keeping at the facility, which is run by Telus, means it's impossible to confirm exactly what happened to the 31 tapes, although the report speculates they were most likely destroyed in error or borrowed by a government staffer who forgot to return them. However, the report warns that their disappearance is serious and "may have resulted in the inadvertent disclosure of the data contents."

CanWest story, here.

The story references a report, which says the tapes might have been borrowed by a government staffer. I hope they weren't borrowed in the same manner as VA computers were in the U.S. - or stolen.

Apparently the government knew about this last August, but didn't disclose it because the threat was considered minimal. Sound familiar?

New ATM Scam

There has been a lot in the news recently about debit card breaches and ATM skimming, but here is something new. In Virginia Beach - an unknown person - reprogrammed an ATM by punching in a series of numbers - which made the machine issue four times as much money as it should.

The Police are having a hard time investigating it because it took nine days before someone reported getting more money than they should.

I wonder if all the people - who didn't report it - will have to pay the money back?

Story from AP (Associated Press), here.

Here is a previous story, I did on ATM skimming:

ATM Machines That Clone Your Card

9-22-06 (Update): Tom Fragala (Truston) did a post on how easy this was to do - AND the how to "info can be downloaded on the Internet - here.

My comment is , "ouch!"

Friday, September 15, 2006

Contract Worker Arrested for Theft of Computer with Veteran's Personal Information

The computer stolen from Unysis containing the personal information of thousands of veterans has been recovered, and a suspect has been arrested.

Jonathan D. Silver, of the Pittsburgh Post-Gazette is reporting:

A Washington, D.C., man has been charged with stealing a computer containing personal data about thousands of Pittsburgh-area veterans from a private contractor for the U.S. Department of Veterans Affairs.

Khalil Abdullah-Raheem, 21, was charged Wednesday in federal court with theft of government property, the VA's Office of Inspector General announced yesterday.

Link to Pittsburgh Post-Gazette story, here.

This development highlights the fact that when a security compromise occurs - it frequently comes from within an organization. When this occurs - it often doesn't matter how tight security procedures are - because the person had access to whatever was compromised.

For a previous post, I wrote about how the Secret Service is studying this problem, link here.

Counterfeit American Express Gift Cheques

Counterfeit American Express Gift Cheques might be the latest form of fraudulent financial instrument circulating via the Internet. The items seen thus far are for $500.00 - note the largest denomination issued legitimately is $100.00.

If you receive one of these items - it is recommended you verify it before negotiating it. For the information to do so - link here.

Counterfeit financial instruments being used in Internet scams are nothing new. Here are some previous posts, I've done on this sort of activity:

Counterfeit Cashier's Checks Fuel Internet Crime

Counterfeit Postal Money Orders Showing Up in IScams Again

Postal Money Order Romance Scam

Counterfeit Travelers Express (MoneyGram) Money Orders Showing Up ...

In most Internet scams involving counterfeited financial instruments - a person is duped into negotiating the item and wiring the money back to the sender (scammer). If someone asks you to cash an item and wire them money - take a deep breath - and just say "no thanks."

Thursday, September 14, 2006

Ten Fake ID Rings Shut Down in Arizona

Here is a good example how identity theft, illegal immigration and (maybe) terrorism could be tied in together. KVOA Tucson is reporting:

Ten fraudulent document rings were shut down today after 16 people were booked on allegations that they made and sold fake I-Ds in metropolitan Phoenix. Officials said the rings produced hundreds of driver's licenses, Social Security cards and "green cards."

The operations were run out of more than a dozen locations, most in Phoenix but one in Glendale and another in Scottsdale.

Leesa Berens Morrison, leader of a task force of police focusing on fraudulent identification, says undercover officers bought fraudulent documents using the names of two known terrorists.

Link to KVOA story, here.

Recently, I did a post about Saud Leija - who is a family member of one of the fake ID cartels - working with the authorities. She quoted her grandfather as saying "Terrorism is an American problem, not a Mexican problem."

The fact that the authorities were able to get identification using the names of two known terrorists supports Saud Leija's statements.

Interestingly enough, MSN Money (and others) have named Arizona as the having the highest rate of identity theft.

MSN story, here.

Financial crimes aren't the only issue we need to consider when we look at the identity theft problem.

Wednesday, September 13, 2006

Angelides Campaign Manager Denies Arnold was Hacked

To update the post, I wrote yesterday - the Angelides campaign is now admitting they leaked information to the press - but claims they found it on the Schwarzenegger website.

Here is the story from the AP, courtesy of Yahoo:

The campaign of Gov. Arnold Schwarzenegger's Democratic rival acknowledged Tuesday that it downloaded — and leaked to the media — a recording of a private meeting in which the governor described a Hispanic legislator as having a "very hot" personality.

But Cathy Calfo, campaign manager for Democrat Phil Angelides, said the campaign had done nothing wrong because the file was available publicly on the governor's Web site.

Link, here.

Schwarzenegger's office is maintaining someone would have to snoop to have found the file.

Of note, I went to Governor Schwarzenegger's site and couldn't find his taped conversations?

Link, here.

According to Wikipedia, the definition of a "hacker" is:

Hacker in a security context refers to a type of computer hacker who is involved in computer security/insecurity and is able to exploit systems or gain unauthorized access through skills, tactics and detailed knowledge.

If a normal person couldn't have found this information - and it was found via an "exploit," the term "hacking" applies - at least to me?

Sadly enough, there are important issues to consider in the upcoming campaign and wasting resources on "trashing people" doesn't exactly serve the best interests of the people.

Monday, September 11, 2006

Was Arnold Hacked?

Did someone hack a State of California computer to obtain the comments Governor Schwarzenegger recently apologized for?

Reuters is reporting:

California police are probing if computer hackers illegally downloaded a private taped conversation of Gov. Arnold Schwarzenegger from state computers, a spokesman said Monday.

In the remarks, California's celebrity governor spoke of African Americans and Latinos, including a Hispanic state lawmaker, as having "hot" blood, or being passionate.

The comments were published last week by the Los Angeles Times.

Democrats rebuked Schwarzenegger, a Republican who is seeking re-election in November. State Treasurer Phil Angelides, the Democratic candidate for governor, called the comments offensive and embarrassing for the increasingly Hispanic state.

Computer hacking, not a leak within Schwarzenegger's office, is suspected. "We can confirm that we are looking into the security of the governor's office computer system," said Fran Clader, a spokeswoman with the California Highway Patrol, the agency in charge of the investigation.

Link, here.

With the recent news that HP executives were spied on via "pretexting," we are seeing a lot of information gathered using "questionable" means. Sadly enough - a lot of it seems to be coming from private investigative firms - who are supposed to operate within the law.

There is an ugly trend in the political world where "trashing" an opponent seems to be the preferred way of winning an election. With all the legitimate issues that face us today -- this is a sad commentary on the state of our political system.