Monday Morning News Kick Off: Mafia Planting Hackers in Big Companies, Hotels Prime Targets for Hackers and More

Welcome to the Monday Morning News Kick Off post from the ITAC blog.  We hope everyone had an enjoyable weekend and are ready to get back into the swing of things. As always, we have pulled together some of the most viable stories about identity theft, data breaches and cyber security that will help you to effectively kick off your work week in style.

Cybercrime: Are Mobsters Planting Hackers in Big Companies?
After elite hacker Albert Gonzalez was arrested in 2009 and later convicted of stealing data of some 170 million credit cards, an interesting thing happened: The number of cyberattacks on retail stores fell noticeably. “The prosecution of Albert Gonzalez was a major event in 2009,” said a Verizon report released July 28. “He and his accomplices were responsible for some of the largest data breaches ever reported. Taking them off the streets, so to speak, may have caused a temporary (but we can hope for permanent) dip in breaches.” The degree to which one individual can impact cybercrime was only one conclusion of the report. Read the full Christen Science Monitor story here.

Hotel Guests Still Most at Risk for Identity Theft
Computer hackers continue to steal hotel guests’ credit-card data more than any other industry – and there’s little consumers can do to protect themselves, Nicholas Percoco, an Internet expert who investigates corporate data breaches, tells Hotel Check-In. Percoco runs SpiderLabs at Trustwave, the security team that performs cyber forensic investigations for companies that suspect their systems have been breached. He says that hotels continue to be the No. 1 target of increasingly sophisticated hackers. There’s little consumers can do to protect themselves other than to monitor credit card statements and avoid using debit cards, which a hacker might be able to drain. Read the full USA Today story here.

Verizon: Data Breaches Often Caused by Configuration Errors
Hackers appear to be increasingly counting on configuration problems and programming errors rather than software vulnerabilities in order to steal information from computer systems, according to a new study from Verizon. Verizon issues an annual report on data breaches, but this year had access to statistics related to investigations done by the U.S. Secret Service, which the company said broadened the scope of its analysis. For 2009, that covered 141 cases involving 143 million records. Verizon said it found that a surprising and “even shocking” trend is continuing: There are fewer attacks that focus on a software vulnerabilities than attacks that focus on configuration weaknesses or sloppy coding of an application. Read the full Computerworld story here.

HHS Pulls From Review Proposed Final Rule on Health Data Breaches
HHS has withdrawn a proposed version of its final rule for health data breach notification from administrative review by the Office of Management and Budget, a notice posted on HHS’ website states, Modern Healthcare reports. HHS submitted the rule for OMB review on May 14 and said it intended to publish a final rule in the Federal Register in the coming months. The rule relates to reporting requirements for hospitals, physicians, health plans and other specified handlers of patient information who experience data breaches. Read the full iHealthBeat post here.

FBI Details Worst Social Networking Cyber Crime Problems
The FBI has in the past two years seen a major uptick in the use social networking accounts such as Facebook and MySpace for cyber crime and today it detailed that problem to the House Judiciary Subcommittee on Crime, Terrorism, and Homeland Security. “Regardless of the social networking site, users continue to be fooled online by persons claiming to be somebody else,” Gordon Snow, Assistant Director of the FBI’s Cyber Division told the subcommittee. “The surge in the use of social networking sites over the past two years, has given cyber thieves and child predators new, highly effective avenues to take advantage of unsuspecting users.” Read the full Network World post here.