Saturday, August 02, 2008

Countrywide Insider Steal's 2 Million People's Information

On Friday, the FBI arrested a former Countrywide employee and his accomplice for stealing and selling personal information (including social security numbers) obtained from people applying for mortgages. According to news sources, the number of people compromised was about 2 million.

The Countrywide inside man was identified as Rene L. Rebollo Jr., who worked at Countrywide's sub prime lending division, Full Spectrum Lending. Also arrested was Wahid Siddiqi, who was the alleged information reseller in the caper. Both arrests took place in Southern California.

The criminal complaint alleges that Rebollo downloaded 20,000 names a week for about two years. The batches of 20,000 were sold for about $500 to Siddiqi. This amounts to about 25 cents a person compromised.

According to a spokeswoman at Countrywide, the investigation shows that 19,000 peoples information has been actually used.

Beth Givens, of the Privacy Rights Clearing House was quoted in a story about this in the LA Times and aptly pointed out Rebollo sold the information at well below known black market prices. Although the prices for stolen information -- which is sometimes sold in underground Internet forums has dropped in recent years -- a name that has a matching social security number is worth well more than 25 cents a pop.

The official spin is that this information was used for leads to sell real estate, but my speculation is that how would anyone know for sure? According to the news reports, the information was being sold to companies. The FBI posing as a company was able to buy records for Siddiqi.

If it was sold to companies, who knows who they might have sold it to, or if they have any dishonest employees selling it, elsewhere?

This made me wonder if any of the companies buying the information will be publicly disclosed? In a similar case at Certegy -- where another dishonest employee was caught and convicted for selling stolen information to "companies" -- the companies involved were never made public or charged with any crime (to my knowledge). Court records indicated a co-conspirator in this case, but again (to my knowledge) no one has ever revealed exactly who this mysterious co-conspirator was?

Givens also pointed out that names, which include a social security number and perhaps financial data, can be used to commit what is known as new account fraud. New account fraud is where an identity thief poses as their victim and opens new lines of credit. Once this is done the first time, the thief (sometimes thieves) continue to open lines of credit until the victim's credit report makes them look like a deadbeat.

My guess is that the affected people will be offered some sort of credit monitoring/identity theft protection. While this prevents some forms of identity theft, it doesn't necessarily protect from all the ways a stolen identity can be used. Some examples of when it might not show up on a credit report are cases of medical benefit fraud, employment fraud, government benefit fraud, some forms of check fraud and last, but not least, when it is used to commit crimes of other than a financial nature.

Recently, the Privacy Rights Clearinghouse, issued a well written fact sheet pointing out that existing credit monitoring/identity theft protection services do not protect a person from all forms of identity theft. I highly recommend that anyone -- who thinks their identity has been compromised -- read this fact sheet before buying or relying on the free protection offered in the aftermath of a known data compromise.

If and when -- employers are required to react to workers using social security numbers that do not match -- the millions of illegal immigrants already over here are going to have to use real social security numbers and a matching name to remain employed, or obtain employment. While the federal law on this has been tied up in federal court, some States have already enacted similar legislation. This type of identity theft normally doesn't appear on a credit report and is often discovered when a person files their tax return, or gets their social security earning statement and notices employment listed they never had.

A statistic that might support this is the IRS revealing that identity theft used to file tax returns has grown 644 percent in recent years. The two main reasons cited for this were people using them to obtain employment or to file a fraudulent tax return to obtain a phony refund, normally using what is known as the earned income credit.

Stories of large scale data breaches seem to surface, frequently. Despite this, there are a lot more that no one ever finds out about. Recent evidence revealed by Finjan, a computer security outfit, supports the contention that we really don't know how much stolen information there is out there, or how it is being used. Finjan has been discovering what they term as crime servers on the Internet, which contain all kinds of stolen information. This information included compromised patient data, bank customer data and even sensitive e-mail communications. At least some of this information wasn't even password protected on the crime server.

This particular data breach at Countrywide will probably fade into the mist fairly quickly. It does show that any and all security measures can and will be defeated when a person who has access is the point of compromise. The sad fact is that despite a lot of efforts -- until the issues that fuel (enable) this problem are addressed -- we will continue to see personal and financial information stolen.

We have made personal and financial information worth a lot of money and there are a lot of people buying and selling it. Some of them even have legitimate or semi-legitimate status. The more this occurs means the information is going to be electronically transmitted (sold) and then stored in a lot of different places. As long as this keeps happening, it's probably impossible to protect all of it.

Thursday, July 31, 2008

In China, Censorship is Called Security

Senator Sam Brownback (Kansas) is warning that China is planning to mount a massive espionage operation on guests staying at major hotels during the upcoming Olympic Games next month.

This shouldn't surprise anyone. Although they consistently deny it, China has a history of spying on both business and government visitors. They also consistently get accused by governments around the world of hacking into sensitive systems.

Recently, there was a lot of speculation that Commerce Secretary Carlos Gutierrez's laptop was hacked during a visit to China and the information was used to hack into government computers. Saavy business types have been quoted as saying that they do not carry laptops or smartphones with them while travelling in China. Of course -- if you needed some more substantial proof China is behind a lot of espionage -- you could read about all the people getting caught by the FBI stealing sensitive information for the People's Republic.

Senator Brownback made a statement on Tuesday that he was warned that the Chinese Public Security Bureau has made it mandatory for hotels chains to install spyware and special hardware by the end of July. Failure to install the required items (or disabling them afterwards) will lead to "punishment," according to a document in the Senator's possession.

Of course, all this is being done in the name of security, according to People's Republic officials. Oddly enough -- possibly to address privacy concerns -- they plan to employ pop up windows warning people the Internet is not private in China. I'm sure this is assuring to privacy advocates, worldwide (pun intended).

The Senator's staff handed out English language translations of two separate documents he said were received by hotels, outlining the government's instructions on how to implement Internet spying software and hardware by the end of July to members of the press on Tuesday.

In many people's opinion -- the intention of this security system is monitor people -- who might want to expose China's dismal human rights record during the games. In fact, Senator Brownback was initially warned about these so-called security measures by human rights advocates.

Further evidence of this is that on Tuesday access to sites like Amnesty International or any with a Tibet address were being blocked at the main Olympic press center in Bejing, according to the article in the Los Angeles Times on this story.

Senator Brownback announced during the conference that he and Senator Bunning of Kentucky were introducing a resolution calling on China to suspends it's plan to censor free speech and spy on people. It should be noted that years ago -- when bidding for the games -- China promised to not to do this.

While many speculate the intent of this so-called "security system" is to supress free speech (censor people), I'd highly recommend anyone with sensitive information be extremely careful if they are in China during the Olympic games. The real espionage and hacking will not be as apparent as this has been. A good place to learn about Chinese hacking and espionage is the Dark Visitor site, which should give anyone a good idea what information risks they might face during a visit to China.

Sunday, July 27, 2008

Fraud, Greed and Special Interests in the Mortgage Crisis Cost Everybody

(Actual photo of an an allegedly remodeled condo courtesy of the FBI)

If you think the factors that enabled the mortgage crisis have been fixed, think again.

An example of this might be the Tennessee minister (Reverend Steve Young)-- awaiting sentencing after pleading guilty to mail and wire fraud to commit mortgage fraud -- who was recently rearrested to protect the general public. While out on bond, Reverend Young was using the identities of members of his parish to obtain more fraudulent mortgages, according to an article I came across in

Apparently, members of his parish turned Reverend Young in after discovering the mortgages when reviewing their credit reports. Of course, it is considered wise to review your credit report on a regular basis after already being exposed to identity theft.

With the current mortgage crisis going on the story of Reverend Young is just one of many examples of fraud, greed and corporate bailouts in the mortgage crisis. In April, the FBI released the 2007 Mortgage Fraud Report. The report refers to this type of fraud as a low risk, high yield enterprise. Maybe we wouldn't see so much mortgage fraud if it weren't so low risk and extremely profitable?

According to the report, the victims of mortgage fraud are many. They include the people living in the neighborhoods where the fraud occurred, borrowers, and the mortgage industry, itself. For instance, when properties are sold at artificially inflated prices, property taxes increase. After the bubble bursts and the fraud becomes apparent, sellers have a difficult time selling their homes because they owe more than what the house is worth. This leads to foreclosures and can cause neighborhoods to deteriorate, which tends to lower all the property values in the area.

With the release of the 2007 report, the FBI announced Operation Malicious Mortgage, which to date has netted an impressive amount of arrests. The latest in this ongoing operation are rumors that the FBI is investigating a major lender, IndyMac for mortgage fraud. Despite the arrests, a lot of people are still suffering after getting caught in up one of the schemes that contributed to where we are at today.

One of the better publications covering mortgage fraud is the Mortgage Fraud Blog. It has up-to-date information on Operation Malicious Mortgage and on the subject in general.

One might think now that we are well on our way into the mortgage crisis, fraud related to mortgages would be going down. Sadly, this isn't the case and the story of a minister released on bond after being convicted for mortgage fraud -- then rearrested for the same thing bears out this contention.

Another, even sadder twist are the desperate homeowners being taken in by scammers promising to rescue them from their current situation. Besides greed, fear is a often used method to snare victims in fraudulent schemes. In May, the Comptroller of the Currency Administrator of National Banks (Treasury Department) issued a warning on this subject. Some of the scams include what are known as lease-back or repurchase scams, refinance fraud and bankruptcy schemes. Quite often, these schemes are nothing more than a means to steal whatever equity the person being foreclosed on has in the property, leaving them with nothing.

Bringing the mortgage crisis down to a more human level is the HousingPANIC blog. The blog is a wealth of information from the consumer point of view and keeps track of high-profile types recently arrested for mortgage fraud.

Thus far, in what has been termed the mortgage crisis, we've seen the banking industry get bailed out (at taxpayer's expense), a lot of people getting arrested, but so far very little help for the people getting foreclosed.

I've seen this being rationalized as it's their own fault because they knew they were getting in over their heads. While this is true -- especially in the case of the big players in the mess -- many of the smaller players were being wooed, coerced and simply taken advantage of. To me at least, this bears consideration.

Finally, it appears that some help for the little people losing their shirts is on the way and the Senate finally got it together and passed a bill. The bill is expected to be signed by President Bush with "reservations." In reality this bill (H.R. 3221) extends a lifeline to Freddie Mac and Fannie Mae by allowing people being foreclosed on to convert to government loans. Freddie Mac and Fannie Mae have about $5 trillion in mortgages, which accounts for about half the outstanding loans in the United States.

Interestingly enough, it is being reported by the AP, that Senator Jim DeMint, R-South Carolina was banned by the Democratic leadership from calling for a vote to stop the companies benefiting from this from making political donations or lobbying for this bill. Apparently, although facing bankruptcy, these companies have enough money to spend on lobbyists and political contributions? In fact, Freddie Mac and Fannie Mae spent about $3.5 million in the first quarter of this year on lobbyists.

While I'm glad about half of the little people are finally getting some help, I have to question at what cost? The sad truth is that we (taxpayers) will pay for this and as usual, special interests and not the interests of the public seem to have too much influence in the decision process.

Another question yet to be answered is what happened to all the money these large corporations made during the housing boom? It appears the profits I'm referring to are made private, while the costs incurred from deceptive business dealings become public? To me, this is another example of how special interests can spin political outcomes in their own favor.

Of course, the even sadder truth is that the economy can't suffer too many more large employers posting large losses or going under. When this happens a lot of the little people working for them become unemployment statistics. This is probably the sad reality of the situation. There is little doubt, we need to fix the problem, but are we going about it in the most just manner?

I've often wondered how much better off we would all be if special interests (lobbyists) were banned, altogether? Given all the polls -- clearly showing a lack of confidence in our leaders -- watching special interests consistently receive preferential treatment is probably one of the reasons why. Perhaps, we would have more confidence in them, if we felt they were representing us in consideration for all the taxes we are being asked to pay.