A story of an undercover investigation by the BBC shows how dishonest employees at call centers — who collect plastic payment card details on clients — might be making a little extra pocket change by selling them.
The focus of the BBC story is centered on an Indian call center employee for Symantec Security Corporation stealing payment card information. It is also centered on UK customers, which is understandable given it is the BBC, but the reality is that information is stolen then sold from countries all over the world.
Payment card details are handled by telephone at call centers in a lot of places and the calls come from all over, too. A lot of companies have different tiers (levels of personnel) handling calls, depending on the difficulty or nature of the call. At a lot of major companies, these tiers are located in different centers, which are in different countries. Any call might start in one country and, given the nature of the call, it could be transferred to another center located in another country. Given this, payment card information can be sent and then illicitly recorded over a fairly wide geographical area.
Besides that, dishonest employees are caught on a regular basis in a lot of different places. They don't all necessarily reside in India and call centers there are not the only place payment card information can be compromised. In fact, payment card information can be compromised anywhere (not just call centers) where they are used at a point of sale.
Information crooks are recruited and some think even planted anywhere financial information can be stolen. Even if they are not, payment card details are being bartered in forums on the Internet. It probably wouldn't be very hard to find a place to sell credit/debit card information when all it takes to do it is a click of a mouse.
The BBC story, which aired on video, chronicles an investigative effort by their reporters on the streets of Delhi. In the segment, it shows reporters making contact with the underground broker, who offers them payment card details from "all over the world" for $10-$12, each. It then shows a buy being made and money changing hands.
When the information was checked, it revealed that only one in seven card numbers were actually usable. They were able to trace some of the good numbers to a call center handling Symantec (Norton) products. The story stated that there has only been one successful prosecution in India for this type of crime and that it netted a non-custodial sentence. It also stated that the laws regarding the protection of data are not as stringent as they are in some places. The story mentions that Symantec's official comment was that it was an isolated incident and that the employee was removed.
Since one to seven card details turned out to be real, I guess we can assume the underground broker wasn't being completely honest. I've also seen reports of credit card details being sold for a lot less and you don't have to travel to India to find them.
In November, Symantec — the point of compromise in the story — issued a report on the underground economy, which focused on this very subject. "Credit cards are also typically sold in bulk, with lot sizes from as few as 50 credit cards to as many as 2,000. Common bulk amounts and rates observed by Symantec during this reporting period were 50 credit cards for $40 ($0.80 each), 200 credit cards for $150 ($0.75 each), and 2,000 credit cards for $200 ($0.10 each)," according to the report.
If this report is anywhere near accurate and the BBC was buying card details at $10-$12 each — if only one to seven was good in the Delhi exchange — the BBC was getting ripped off!
According to the 68-page report by Symantec, these details can be bought anywhere that has an Internet connection. Counterfeit instruments (ready to use) are often sent through the mail, too. The information is sold via IRC (Internet relay chat) channels in forums designed to market stolen financial information. Although credit/debit card details seem to dominate the scene, a lot of other information is sold that can be used to commit financial crimes and identity theft in these forums, too.
If you don't want to believe the Symantec report, the FBI took down one of these forums not very long ago. This forum known as Dark Market was responsible for about $70 million in fraud, worldwide. My best guess is that the information in the report is pretty accurate.
Although dishonest insiders are the cause of a portion of it, we should remember that hackers breaking into business systems, phishing, malicious software and even the trash can be sources of stolen information. The places targeted for information can be merchants, restaurants, goverment organizations, charity organizations, universities, medical facilities or anywhere payment card information is used at a point of sale.
Keeping up with all the points of compromise is difficult, but one place that attempts to is the DataLossDB site. Please note that the unknown data breaches are the most lucrative for the criminals behind this activity. Once a breach is discovered, measures are enacted to disable the stolen data.
It can be extremely difficult, if not impossible, to identify the point of compromise in most individual cases. The reason for this is there are too many different places where information might have been stolen from.
Maybe that's the problem, or we are storing and transmitting too much information all over the place? Since everyone is making money by transmitting information, I doubt this practice is going to stop anytime soon. So far as outsourcing, I doubt this is going to stop in the near term, either. Companies save a lot of payroll by outsourcing jobs. Payroll is a big expense for corporations and cutting payroll seems to be in vogue these days.
Nothing is going to change until laws are passed that force everyone making money from this information start doing the right things. This includes laws that prohibit people from being irresponsible (my opinion) to laws that punch the criminals stealing the information where it hurts.
Until then, the rest of us will have to batten down the hatches and weather the storm. I highly recommend making sure your information is protected as well as it can be (there are no guarantees) by protecting your own electronic transmissions. Monitoring financial activity — from your financial statements to information on your credit report and the Internet — is a good idea, too. Of course, while doing this, you need to ensure your electronic transmissions are protected by a reliable vendor and that you aren't paying for protection that you could get for free. Sadly enough, everyone claiming they can protect you isn't necessarily being completely honest, either.
Showing posts with label outsourcing. Show all posts
Showing posts with label outsourcing. Show all posts
Sunday, March 22, 2009
Sunday, April 06, 2008
Sensitive infared cameras discovered bound for China at LAX
Dangerous and counterfeit products, hacking government systems and espionage all have one thing in common, they are likely to originate from China.
The latest example of this is being reported by the AP:
Again, whether it involves defective goods, hacking or stealing military secrets -- the Chinese seem to be having a field day victimizing the citizens of the United States and the World.
Is the cheap labor they provide for a lot companies worth all the risks we are taking by allowing them "free trade status?"
Additional examples of Chinese espionage, hacking and defective products written about on this blog can be seen, here.
Full AP story on this latest development in the ongoing saga, here.
The latest example of this is being reported by the AP:
Two men attempting to board a plane to China with nearly a dozen sensitive infrared cameras in their luggage were arrested on Saturday, a federal official said.In February of this year, the FBI highlighted two high profile cases involving Chinese espionage.
Federal agents stopped the pair on the jetway as they were preparing to board the flight to Beijing.
The men had been in the United States for about a week, said Rick Weir, assistant special agent in charge of the Los Angeles office of the Department of Commerce's Bureau of Industry and Security.
Yong Guo Zhi, a Chinese national, and Tah Wei Chao, a naturalized U.S. citizen, were arrested for investigation of trying to take thermal imaging cameras with potential military use to China without the proper export licenses, Weir said.
Again, whether it involves defective goods, hacking or stealing military secrets -- the Chinese seem to be having a field day victimizing the citizens of the United States and the World.
Is the cheap labor they provide for a lot companies worth all the risks we are taking by allowing them "free trade status?"
Additional examples of Chinese espionage, hacking and defective products written about on this blog can be seen, here.
Full AP story on this latest development in the ongoing saga, here.
Thursday, January 03, 2008
Lou Dobbs' audience responds to Hillary's allegation that he is full of hot air!
My wife, who is a die hard Lou Dobbs fan brought to my attention that Hillary Clinton had recently called him "full of hot air."
In the response to this statement, Lou and crew ran this poll on their show yesterday.
The question they asked was:
Strangely enough -- if I remember one of the debates correctly -- it seems difficult to get Hillary to commit herself on some of the above listed issues.
Would that make some believe that her responses to these issues are full of hot air?
With the primarys starting today in Iowa, it will be interesting to see what the voice of the American people will be!
You can see the results of Lou's poll on his site, here.
You can also see the article that reported Hillary calling Lou full of "hot air" at Iowa State University (courtesy of NewsDay.com), here.
If you would like to revisit Hillary's stunning reversal on the driver's licenses for illegal aliens issue (within 2 minutes) in the State she represents, the Captain's Quarters blog has commentary, here.
In the response to this statement, Lou and crew ran this poll on their show yesterday.
The question they asked was:
Do you believe presidential candidates who support open borders, illegal alien amnesty, and outsourcing of middle class American jobs to cheap overseas labor markets are full of "hot air"?I decided to check the results this morning and 95 percent of the people responding felt that the presidential candidates supporting open borders, illegal alien amnesty and outsourcing were "full of hot air."
Strangely enough -- if I remember one of the debates correctly -- it seems difficult to get Hillary to commit herself on some of the above listed issues.
Would that make some believe that her responses to these issues are full of hot air?
With the primarys starting today in Iowa, it will be interesting to see what the voice of the American people will be!
You can see the results of Lou's poll on his site, here.
You can also see the article that reported Hillary calling Lou full of "hot air" at Iowa State University (courtesy of NewsDay.com), here.
If you would like to revisit Hillary's stunning reversal on the driver's licenses for illegal aliens issue (within 2 minutes) in the State she represents, the Captain's Quarters blog has commentary, here.
Friday, November 16, 2007
U.S. China Commission Report reveals serious issues that need to be dealt with!
Reports of the Chinese hacking into government systems are nothing new. Along with the constant reports of substandard products being put on our shelves, there is little doubt that the Chinese pose a threat to our safety in a LOT of different ways.
The U.S. China Commission has just released a disturbing report, which indicates some alarming evidence that the Chinese might be a threat to our National security.
The first concern is what appears to be a growing capability to target satellites. I got the following directly from the report, which was provided to Congress:
In the same realm, it appears that China is actively developing capabilities to conduct "irregular warfare." It should be noted that in addition to this report there have been regular reports of hackers from China specifically targeting government systems.
This is what the current report concluded:
Also covered in the report are previously documented cyber-intrusions into U.S. Government systems:
Going into the reasons why China has been able to accomplish this, the report states:
Granting China a "Permanent Normal Trading Relationship" six years ago was sold to the American public as a means of making China a better place (more democratic) place for it's people.
Instead, we have seen a lot of questionable government activity, which includes a variety of criminal enterprises when we consider all the hacking, counterfeiting and piracy that can be directly traced back to that country.
The lack of safe manufacturing practices and counterfeiting also poses a threat to our safety. It should be noted that according to International Anticounterfeiting Coalition, counterfeiting is a $600 billion a year problem, worldwide.
There are no figures on how much of this comes from China, although most experts on this subject speculate a lot of it does. Additionally, there is a lot of evidence that a lot of counterfeit merchandise is present in our supply chain. This evidence would include products of a consumable nature such as drugs, also.
The FDA estimates that 10 percent of the drugs in our supply system are counterfeit.
A lot of this probably tied into another phenomenon traced to the Chinese known as corporate (industrial) espionage. Of course, there is probably less of a need for the Chinese to plant spies in our industrial complexes anymore. With the amount of outsourcing going on, they probably never have to set foot out of China to steal a lot of secrets from us.
According to the Washington Post, American companies are even outsourcing the manufacture of military parts:
To me, given all the recent implications of Chinese intentions, this makes the least sense!
All of these factors have led to a loss of jobs within our country as corporations take advantage of cheap labor, which is often the greatest expense in any business.
This translates into record profits for the Chinese and a select few people in the West.
Given the safety, National security and economic implications, continuing down this road doesn't seem to be in the best interests of the average person.
The full report from the U.S. China Commission can be viewed, here.
The U.S. China Commission has just released a disturbing report, which indicates some alarming evidence that the Chinese might be a threat to our National security.
The first concern is what appears to be a growing capability to target satellites. I got the following directly from the report, which was provided to Congress:
The hearing was timely, coming only three months after a successful direct-ascent anti satellite test by China that destroyed one of its own aging weather satellites in low-earth orbit. This test was only the third of its kind by any nation in history and served as a useful reference point during the hearing to illustrate not only China’s advances in military capabilities, but also the extent to which China’s decision making process is still very much opaque. This incident raises questions about Chinese intentions in space. The Commission will address these questions as it continues to monitor developments.
In the same realm, it appears that China is actively developing capabilities to conduct "irregular warfare." It should be noted that in addition to this report there have been regular reports of hackers from China specifically targeting government systems.
This is what the current report concluded:
Several experts testified that if China were to find itself in an armed conflict with the United States and its allies such as that resulting from a Taiwan dispute, China is likely to employ an array of irregular warfare strategies against its adversaries. According to Michael Vickers, Senior Vice President for Strategic Studies at the Center for Strategic and Budgetary Assessments, a Chinese attack on Taiwan could entail special operations and cyber attacks on U.S. regional bases in Japan and South Korea, and might even include cyber attacks on the U.S. homeland that target the U.S. financial, economic, energy, and communications infrastructure.
Also covered in the report are previously documented cyber-intrusions into U.S. Government systems:
As evidenced by the trajectory of its military modernization, Chinese defense planners are seeking to accomplish the goal of undermining the U.S. military’s technological edgethrough a variety of disruptive means. Among these is cyber warfare. USSTRATCOM Commander General Cartwright testified before the Commission that China is actively engaging in cyber reconnaissance by probing the computer networks of U.S. government agencies as well as private companies. The data collected from these computer reconnaissance campaigns can be used for myriad purposes, including identifying weak points in the networks, understanding how leaders in the United States think, discovering the communication patterns of American government agencies and private companies, and attaining valuable information stored throughout the networks. General Cartwright testified that this information is akin to that which in times past had to be gathered by human intelligence over a much longer period of time. He went on to say that in today’s information environment, the exfiltration that once took years can be accomplished in a matter of minutes in one download session.The report also concludes that the Chinese have been building up their more traditional military capabilities since 1992.
Going into the reasons why China has been able to accomplish this, the report states:
China’s policies of market liberalization have resulted in rapid export-led economic growth prompting increased foreign investment; development of China’s manufacturing capabilities; and integration into the global supply chain. China’s abundant and inexpensive labor supply has made that country an obvious place for multinational companies to expand their production. However, as Dr. Peter Navarro, Professor of Business at the University of California, Irvine, observed in his testimony, five of eight factors identified as major drivers of China’s comparative advantage—i.e., its ability to undercut the prices of global competitors—are considered unfair trading practices. These include its undervalued currency, counterfeiting and piracy, export industry subsidies, and lax health, safety, and environmental regulations. These practices violate China’s WTO commitments, especially regarding workers’ rights, market access, currency manipulation, subsidies, and the protection of intellectual property rights. These violations and unfair practices also contribute to a growing U.S. trade deficit with China, one that U.S. Census Bureau statistics confirm increased 177 percent in the past six years from $83.8 billion in 2000 to $232.5 billion in 2006.
Granting China a "Permanent Normal Trading Relationship" six years ago was sold to the American public as a means of making China a better place (more democratic) place for it's people.
Instead, we have seen a lot of questionable government activity, which includes a variety of criminal enterprises when we consider all the hacking, counterfeiting and piracy that can be directly traced back to that country.
The lack of safe manufacturing practices and counterfeiting also poses a threat to our safety. It should be noted that according to International Anticounterfeiting Coalition, counterfeiting is a $600 billion a year problem, worldwide.
There are no figures on how much of this comes from China, although most experts on this subject speculate a lot of it does. Additionally, there is a lot of evidence that a lot of counterfeit merchandise is present in our supply chain. This evidence would include products of a consumable nature such as drugs, also.
The FDA estimates that 10 percent of the drugs in our supply system are counterfeit.
A lot of this probably tied into another phenomenon traced to the Chinese known as corporate (industrial) espionage. Of course, there is probably less of a need for the Chinese to plant spies in our industrial complexes anymore. With the amount of outsourcing going on, they probably never have to set foot out of China to steal a lot of secrets from us.
According to the Washington Post, American companies are even outsourcing the manufacture of military parts:
The Pentagon is increasingly buying planes, weapons and military vehicles from private contractors that outsource the manufacturing to plants in China and elsewhere in Asia, the report said. But when questioned by the commission, defense officials admitted that they do not have the ability to track where the components of military equipment are made.
To me, given all the recent implications of Chinese intentions, this makes the least sense!
All of these factors have led to a loss of jobs within our country as corporations take advantage of cheap labor, which is often the greatest expense in any business.
This translates into record profits for the Chinese and a select few people in the West.
Given the safety, National security and economic implications, continuing down this road doesn't seem to be in the best interests of the average person.
The full report from the U.S. China Commission can be viewed, here.
Sunday, July 29, 2007
Orange County processing traffic citations in Mexico outrages citizens
If you get pulled over in Orange County in Southern California, the information for their traffic court system is likely to be processed in Mexico.
Gordon Dillow of the OC Register did an interesting editorial about this phenomenon and the subsequent fear and outrage this has caused among Orange Country residents:
Sadly enough, Gordon points out that although the concerns over this are valid, getting people's personal DMV information isn't very hard to accomplish North of the border, either.
Interesting perspective by Gordon, here.
Until we address the issues that enable the mass abuse of people's identities, the problem will probably continue to grow. The problem always seems to be someone's bottom line and how far they are willing to go (at the expense of people) to make it fatter.
Gordon Dillow of the OC Register did an interesting editorial about this phenomenon and the subsequent fear and outrage this has caused among Orange Country residents:
The furor over Orange County Superior Court's "outsourcing" of traffic ticket processing to Mexico is understandable. After all, it brings together two issues of great concern to many people in this county: The outflow of jobs beyond our borders, and a deep distrust of our largely poor and widely corrupt neighbor to the south.
And it kind of makes you wonder what the boys down at the courthouse were thinking.
Sadly enough, Gordon points out that although the concerns over this are valid, getting people's personal DMV information isn't very hard to accomplish North of the border, either.
Interesting perspective by Gordon, here.
Until we address the issues that enable the mass abuse of people's identities, the problem will probably continue to grow. The problem always seems to be someone's bottom line and how far they are willing to go (at the expense of people) to make it fatter.
Sunday, July 01, 2007
The problem of unsafe products from China are just a symptom of the bigger problem!
Interesting picture about consumer protection, courtesy of Flickr.
In the past couple of months, we've seen some alarming stories about dangerous products coming from China.
Dirk Lammers of the Associated Press wrote:
The Lammers family shopped far and wide, and came to the conclusion that merchants sell all kinds of products from China. Even more alarming, even if the label didn't say "made in China," it likely has a component (ingredient) that was.
The reason for this is simple, companies make billions off the cheap labor found in China and other less developed countries lacking the same level of consumer protection, we think (my opinion) we have.
The U.S. Bureau of Labor Statistics, which keeps tally of labor costs abroad, doesn't seem to have any data on China, or India for that matter. I mention India because, we seem to be in the market for a lot of their labor, recently.
The closest I could find was Sri Lanka, which in 2005 (most recent year available) has a labor compensation rate of 52 cents an hour.
I noticed a lot of countries left out. For instance, the region to the South of the United States, only has data for Mexico and Brazil. Mexico, which has a better economy than most of the area, has a labor cost of $1.57 an hour.
Maybe this is one of the major reasons our border to the South isn't very secure. Minimum wage, or even welfare benefits must seem like a king's ransom to some of these people.
Going back to China, I was able to find an estimate of labor costs in China by using Google. Judith Banner wrote in the Monthly Labor News Review:
A little higher than the government figure for Sri Lanka, but not much. Of course, I can think of a lot of countries, we outsource the cost of labor to, not included on the government list.
It makes sense -- that since a lot of these countries have a much lower standard of living, as well as, not very many consumer protection laws -- unsafe products have the capability to spread, worldwide.
In fact, with counterfeiting (another worldwide problem) thrown in, who knows what might show up in the supply chain? For example, it was recently disclosed that counterfeit drugs from China were likely being dispensed from pharmacies in the United States.
Chris Hansen, Dateline, did a pretty revealing story about this, here. The FDA did announce new rules, shortly after this, but I'm not sure this makes us very safe. All sorts of illegal drugs, make it past customs, daily.
I'm not sure if blaming China is the solution. After all, we aren't only outsourcing labor costs over there. Many of the other countries we outsource labor to, don't protect their people very well, and could care less about, consumer protection, also.
In fact, in many of these countries, people have a hard enough time keeping food on table!
Perhaps, we should take a closer look at ourselves? There are corporations here in the West, making a lot of money by stocking these products on our shelves. And at less than 60 cents an hour in labor costs, it must be extremely profitable for them.
The worker in China, or Sri Lanka isn't living very well off less than 60 cents an hour.
Perhaps, if certain companies had to start paying the true costs of padding their bottom lines with cheap labor, it wouldn't be as profitable.
I was amazed that despite all the special interests, obviously behind the recent immigration bill, that it was promptly defeated by the voice of the public. Many of us believe this bill, was at least in part, a ploy to drive down the cost of labor.
I'm not saying that all the politicians had ulterior motives, or that all corporations lack ethics, but it did reveal that the voter (individual person) has a choice, and more importantly, a voice!
It might be wise for politicians and corporations to get more on board with their voters, and customers.
If you are interested in learning more about this, I recommend Lou Dobbs, who has become extremely outspoken about a "war against the middle class." His site can be viewed, here.
Here are some references used for this post.
Article by Judith Bannister (Monthly Labor News Review), here.
Article by Dirk Lammers (AP), courtesy of the Washington Post, here.
Counterfeiting merchandise is enabled by outsourcing labor (my opinion). I've written a lot about this, here.
Previous posts about China and other dangerous activities coming from there, including espionage and hacking, can be viewed, here.
Dirk Lammers of the Associated Press wrote:
Poisoned pet food. Seafood laced with potentially dangerous antibiotics. Toothpaste tainted with an ingredient in antifreeze. Tires missing a key safety component. U.S. shoppers may be forgiven if they are becoming leery of Chinese-made goods and are trying to fill their shopping carts with products free of ingredients from that country. The trouble is, that may be almost impossible.
The Lammers family shopped far and wide, and came to the conclusion that merchants sell all kinds of products from China. Even more alarming, even if the label didn't say "made in China," it likely has a component (ingredient) that was.
The reason for this is simple, companies make billions off the cheap labor found in China and other less developed countries lacking the same level of consumer protection, we think (my opinion) we have.
The U.S. Bureau of Labor Statistics, which keeps tally of labor costs abroad, doesn't seem to have any data on China, or India for that matter. I mention India because, we seem to be in the market for a lot of their labor, recently.
The closest I could find was Sri Lanka, which in 2005 (most recent year available) has a labor compensation rate of 52 cents an hour.
I noticed a lot of countries left out. For instance, the region to the South of the United States, only has data for Mexico and Brazil. Mexico, which has a better economy than most of the area, has a labor cost of $1.57 an hour.
Maybe this is one of the major reasons our border to the South isn't very secure. Minimum wage, or even welfare benefits must seem like a king's ransom to some of these people.
Going back to China, I was able to find an estimate of labor costs in China by using Google. Judith Banner wrote in the Monthly Labor News Review:
Employees in China’s city manufacturing enterprises received a total compensation of $0.95 per hour, while their non-city counterparts, about whom such estimates had not previously been generally available, averaged less than half that: $0.41 per hour. Altogether, with a large majority of manufacturing employees working outside the cities, the average hourly manufacturing compensation estimated for China in 2002 was $0.57, about 3 percent of the average hourly compensation of manufacturing production workers in the United States and of many developed countries of the world.
A little higher than the government figure for Sri Lanka, but not much. Of course, I can think of a lot of countries, we outsource the cost of labor to, not included on the government list.
It makes sense -- that since a lot of these countries have a much lower standard of living, as well as, not very many consumer protection laws -- unsafe products have the capability to spread, worldwide.
In fact, with counterfeiting (another worldwide problem) thrown in, who knows what might show up in the supply chain? For example, it was recently disclosed that counterfeit drugs from China were likely being dispensed from pharmacies in the United States.
Chris Hansen, Dateline, did a pretty revealing story about this, here. The FDA did announce new rules, shortly after this, but I'm not sure this makes us very safe. All sorts of illegal drugs, make it past customs, daily.
I'm not sure if blaming China is the solution. After all, we aren't only outsourcing labor costs over there. Many of the other countries we outsource labor to, don't protect their people very well, and could care less about, consumer protection, also.
In fact, in many of these countries, people have a hard enough time keeping food on table!
Perhaps, we should take a closer look at ourselves? There are corporations here in the West, making a lot of money by stocking these products on our shelves. And at less than 60 cents an hour in labor costs, it must be extremely profitable for them.
The worker in China, or Sri Lanka isn't living very well off less than 60 cents an hour.
Perhaps, if certain companies had to start paying the true costs of padding their bottom lines with cheap labor, it wouldn't be as profitable.
I was amazed that despite all the special interests, obviously behind the recent immigration bill, that it was promptly defeated by the voice of the public. Many of us believe this bill, was at least in part, a ploy to drive down the cost of labor.
I'm not saying that all the politicians had ulterior motives, or that all corporations lack ethics, but it did reveal that the voter (individual person) has a choice, and more importantly, a voice!
It might be wise for politicians and corporations to get more on board with their voters, and customers.
If you are interested in learning more about this, I recommend Lou Dobbs, who has become extremely outspoken about a "war against the middle class." His site can be viewed, here.
Here are some references used for this post.
Article by Judith Bannister (Monthly Labor News Review), here.
Article by Dirk Lammers (AP), courtesy of the Washington Post, here.
Counterfeiting merchandise is enabled by outsourcing labor (my opinion). I've written a lot about this, here.
Previous posts about China and other dangerous activities coming from there, including espionage and hacking, can be viewed, here.
Saturday, March 18, 2006
Information Breaches, the Human Factor
According to the Privacy Rights Clearinghouse, millions of identities have been compromised recently. In fact, it's impossible to quote an exact figure anymore because new reports of breaches are surfacing weekly. In their chronology, they list several occurrences as being caused by a dishonest insider, but in reality how much more of this could be happening?
One of the recent stories was about Ernst and Young getting some laptops stolen. Several other breaches are listed as a result of stolen computers. The question is how did the people, who stole them determine which ones to steal and what information would be on them?
Many other breaches are listed as a result of "hacking." Hacking is a big word and brings visions of teenagers breaking into systems from afar. BUT is it possible, that some of the hacking occurring today might be the result of insider information obtained by the hackers?
A recent study by Taleo research found that background screening at many companies is inadequate. The results of this study are pretty interesting:
27 percent of organizations experienced a major problem, workplace fraud (10%), employee theft (10%) or workplace violence, with an employee who was screened in, but ended up having a criminal record that was not found.
57 percent of survey respondents believe that their organization should be doing a better job of screening employees prior to being hired.
Only 19 percent consider their current background check process very effective at weeding out candidates that do not meet the criteria for employment at their company.
Two-thirds of organizations do not conduct ongoing background checks on employees.
Only 29 percent have ever run an audit of their current screening provider to determine the quality of their screenings.
Of course, in the real world of data breaches, it seems that those, who have been breached, are extremely reluctant to reveal very many details.
AND there is another problem, which is the number of illegal immigrants out there in the work force. Depending on who you quote, they number in the millions and the trafficking is done by organized criminal gangs. Many of these immigrants owe lots of money to these gang members and already use fake, or stolen identities to work. How many of them might be repaying their debts by stealing information?
Here is a document from CERT, which shows the implications of organized cyber crime:
Organized Crime and Cyber-Crime: Implications for Business
There is no doubt this is trend is growing and will continue to be a problem. Whether these organizations approach insiders for information, or plant them from within with fake identities; they can steal a lot of what is a very profitable commodity in the world marketplace, or information.
Another potential problem is outsourcing financial and computer services to other countries, where the security standards are not up to par. In fact, this might even make some of these firms more attractive targets for the criminal element. I wrote about this in a previous post:
What are the Security Implications of Outsourcing
Until some of the organizations, who have been breached are held more accountable, we will probably never know the true scope of "insider involvement."
One of the recent stories was about Ernst and Young getting some laptops stolen. Several other breaches are listed as a result of stolen computers. The question is how did the people, who stole them determine which ones to steal and what information would be on them?
Many other breaches are listed as a result of "hacking." Hacking is a big word and brings visions of teenagers breaking into systems from afar. BUT is it possible, that some of the hacking occurring today might be the result of insider information obtained by the hackers?
A recent study by Taleo research found that background screening at many companies is inadequate. The results of this study are pretty interesting:
27 percent of organizations experienced a major problem, workplace fraud (10%), employee theft (10%) or workplace violence, with an employee who was screened in, but ended up having a criminal record that was not found.
57 percent of survey respondents believe that their organization should be doing a better job of screening employees prior to being hired.
Only 19 percent consider their current background check process very effective at weeding out candidates that do not meet the criteria for employment at their company.
Two-thirds of organizations do not conduct ongoing background checks on employees.
Only 29 percent have ever run an audit of their current screening provider to determine the quality of their screenings.
Of course, in the real world of data breaches, it seems that those, who have been breached, are extremely reluctant to reveal very many details.
AND there is another problem, which is the number of illegal immigrants out there in the work force. Depending on who you quote, they number in the millions and the trafficking is done by organized criminal gangs. Many of these immigrants owe lots of money to these gang members and already use fake, or stolen identities to work. How many of them might be repaying their debts by stealing information?
Here is a document from CERT, which shows the implications of organized cyber crime:
Organized Crime and Cyber-Crime: Implications for Business
There is no doubt this is trend is growing and will continue to be a problem. Whether these organizations approach insiders for information, or plant them from within with fake identities; they can steal a lot of what is a very profitable commodity in the world marketplace, or information.
Another potential problem is outsourcing financial and computer services to other countries, where the security standards are not up to par. In fact, this might even make some of these firms more attractive targets for the criminal element. I wrote about this in a previous post:
What are the Security Implications of Outsourcing
Until some of the organizations, who have been breached are held more accountable, we will probably never know the true scope of "insider involvement."
Subscribe to:
Posts (Atom)
