Welcome to the Monday Morning News Kick Off post from the ITAC blog. We hope everyone had a restful weekend and are ready to take on the work week. As always, the editors of the ITAC blog have been kind enough to compile all the actionable news you need to kick start the work week.
12 Chinese Hacker Teams Responsible for Most U.S. Cybertheft
As few as 12 different Chinese groups, largely backed or directed by the government there, do the bulk of the China-based cyberattacks stealing critical data from U.S. companies and government agencies, according to U.S. cybersecurity analysts and experts. The aggressive, but stealthy attacks, which steal billions of dollars in intellectual property and data, often carry distinct signatures allowing U.S. officials to link them to certain hacker teams. And, analysts say the U.S. often gives the attackers unique names or numbers, and at times can tell where the hackers are and even who they may be. Read the full AP story here.
Romanian Hackers Steal Millions from Subway
Romanian hackers have had an indictment served upon them in the US, after an investigation uncovered the hacking of 150 Subway stores, along with 50 other unnamed retailers. It is thought that the attacks compromised the credit card details of over 80,000 customers and millions of dollars worth of unauthorised purchases were carried out. The indictment names four Romanians as the perpetrators as well as two unnamed defendants who are at an “unknown location”, and it includes the hacker’s online monikers. Read the full TechWorld article here.
PhD Student Sentenced in Identity Theft, Fraud Case
A gifted college student who masterminded an identity theft and credit card fraud operations was sentenced on Friday to 70 months in prison. Carlton A. Lewis, 25, was just a few credits shy of a doctoral degree from the University of Georgia when his arrest on March 26 by Tennessee Highway Patrol State Trooper Van Morgan on a DUI offense led to the U.S. Secret Service investigation unraveling the scheme. Five other suspects were ultimately arrested and pleaded guilty to various offenses. Lewis is the first of them to be sentenced. Check out the full Knoxville Times article here.
Hackers Exploit Adobe Reader Flaw
Security researchers at Symantec today confirmed that exploits of an unpatched Adobe Reader vulnerability targeted defense contractors, among other businesses. “We’ve seen [this targeting] people at telecommunications, manufacturing, computer hardware and chemical companies, as well as those in the defense sector,” said Joshua Talbot, senior security manager in Symantec’s security response group, in an interview last week. Check out the full Computerworld article here.
The Evolution of Online Data Access: Keeping It Secure
In today’s reality of numerous high-profile data thefts, the last thing an IT manager or department head needs is their company becoming part of the news headlines and the next big data breach. Thankfully, there is no shortage of solutions and techniques to consider for maintaining data security. Check out more from TechNewsWorld here.
How Finance Execs Can Help Address Data Breaches
Patient data breaches have typically been the bailiwick of the CIO and other healthcare IT executives, but new data suggest it might be time for the finance people to step in. A study by the Michigan-based Ponemon Institute concluded that the average economic impact of a data breach on a healthcare organization during 2011 was $2.2 million, up 10 percent from 2010. Read the full FierceHealthFInance post here.
It is not often that we hear directly from identity theft criminals, especially when it comes to exposing the tricks of the trade. The CBS Early Show gained exclusive access to two criminals who are both serving time in prison. And, what they uncover is shocking, enlightening and reinforces that it is very simple for criminals to steal our identities. Be sure to check out the full CBS Early Show segment here.
One thing is for sure, if you are shopping for groceries and the check out line is too long, there is always space at the self-service check out kiosks. These kiosks were originally installed in grocery stores through out the U.S. to provide a layer of convenience and efficiency for customers. Though shoppers should be cautioned: identity thieves are installing skimming devices on these terminals and they are hitting pay dirt.
Twenty-three shoppers at the Lucky Supermarket chain were not so lucky when these types of skimming devices stole their identities. When the store did “routine maintenance” at 19 of their locations, suspicious devices were attached to the self-service scanners.
One thing is for sure. We will be exercising patience by waiting it out in the traditional check-out line. As they say, patience is a virtue.
All things considered, says David Goldblatt, he would not have bought a printer that could be hacked and set ablaze.
Goldblatt is the lead plaintiff in a class action lawsuit, filed Thursday against HP in California, claiming that the IT giant should have warned customers about the flaws ahead of time.
In a nutshell, the flaw is a pretty bad one. HP LaserJet printers built before 2009 will accept remote firmware updates without properly checking where they come from. This means that — at least in theory — a hacker could cook up a malicious firmware update and upload it to a printer to make it stop working, spy on print jobs, or maybe even set the printer on fire by overworking the printer’s fuser — the part of the printer that dries ink on the paper.
HP says that it’s never heard of its printers being hacked by criminals and that its printers have “thermal breakers” that would prevent this kind of hacker inferno. But the company has acknowledged the underlying problem in a security alert.
The lawsuit seeks unspecified damages to be paid out to HP LaserJet customers (InkJet printers can’t do the remote firmware upgrade).
But how could HP have known about the defects, which were discovered by researchers at Columbia University and publicized late last month in an MSNBC story? That’s where things get a little fuzzy. Goldblatt’s attorneys cite a 2010 report commissioned by HP and written by analyst firm Quocirca, that describes some high-level security risks to printers, without spelling out specific attacks.
Welcome to the Monday Morning News Kick Off post from the ITAC blog. As always, we have pulled together a vast array identity theft, date breach and cyber security news you need to start the work week. At the risk of sounding like a broken record, there is always no shortage of news to share. Why is this? Well, with 2011 being the “Year of the Data Breach,” cyber-related news has become virtually ubiquitous. Fortunately, we will serve as a filter for you, offering only the most compelling stories. We hope you enjoy and happy Monday!
Patient Data Breaches Surge as Hospitals Scrimp on Security
Data breaches at U.S. health-care providers are increasing as hospitals adopt electronic medical records and mobile technology without spending enough on security to ensure patient privacy, a research group said. The frequency of data breaches at health organizations jumped 32 percent in 2011 from a year earlier, costing the industry an estimated $6.5 billion, according to a study released today by the Ponemon Institute LLC, a Traverse City, Michigan-based information-security research group. Read the full Bloomberg/BusinessWeek story here.
Network Breaches Herald More Advanced Attacks in 2012
If 2011 was “the year of the hack,” as it was dubbed by Richard Clarke, former White House cyber-security czar, would 2012 be the year enterprises apply the lessons learned and stop the attacks? Apparently not, as security experts are predicting even more sophisticated attacks for 2012. Attacks in 2011 fell into four categories: cyber-crime, hacktivism, cyber-espionage and cyber-warfare, according to Clarke. Defense contractors, government agencies, and other public and private organizations reported network breaches where attackers stole intellectual property, financial data and other sensitive data. Hacktivist groups such as Anonymous and LulzSec demonstrated how much damage they can cause large organizations by employing fairly well-known techniques against the application layer. Read the full eWeek story here.
RIM Looks Into Hacking Claims
Research in Motion Ltd. said Wednesday it is investigating claims by online hackers that they have been able to access some of the proprietary systems, software and tools that run the company’s BlackBerry PlayBook tablet computer. Several hackers bragged in social-media posts early this week that they were successful in “jail breaking” the PlayBook. Jail breaking, also called rooting, is a common practice in which hackers gain access to the inner workings of phones, tablets and other devices. They then make this information widely available to others, who can use it to create unauthorized code or fashion homemade applications for the devices, much to the manufacturers’ chagrin. Read the full WSJ story here.
Florist Admits to Stealing Customers’ Identities
A Glendale florist and his wife pleaded no contest Thursday to multiple charges of identity theft after they were accused of stealing financial information from customers who shopped at their Glenoaks Boulevard shop, officials said. Vahik Ghookasian and his wife, Hilda, both 60, had originally pleaded not guilty to 14 felony counts of identity theft, but changed their plea in Burbank Superior Court. A no-contest plea is the equivalent of a guilty plea in criminal court, but cannot be used as evidence of liability in a civil trial. Read the full LA Times article here.
Identity Theft Victim Almost Sent to Jail Mistakenly
An Albuquerque man learned his identity was stolen when a lawyer called to notify him about a felony charge he didn’t commit. The Public Defenders Office called the man to talk about a criminal case against him and that he might want to accept a plea deal. However the guy was totally innocent. The Albuquerque Police Department arrested Alan Uffer, 52, for posing as the other man during an arrest in March. At the time, Uffer, under the other man’s name, was charged with commercial burglary, possession of burglary tools and aggravated assault. Read the full KOB-TV story here.
Massive Fines Planned in European Data Breach Crackdown
The European Commission could directly impose severe fines against companies that breach European data protection laws, sources confirm. The new European Data Protection Directive, set to be unveiled next month in January, will contain provisions for the Commission to impose fines of up to 5 percent of a company’s global turnover. In a similar case, under current European law, the Commission can fine companies that breach its antitrust laws up to 10 percent of its global turnover; regardless of where they are headquartered. Fines imposed by the Commission in line with the new directive could amass billions of dollars worth of revenue for large companies, such as Google, Microsoft, or Facebook, even in their native U.S. homeland. Read the full ZDNet post here.
Giacomo Casanova was an Italian adventurer from Venice who, during the 1700s, developed a multi-century legacy for being known as a womanizer. To this day, the term “Casanova” is often used in popular culture as a reference to someone who behaves much like the real Casanova did a few centuries ago.
Well it seems that a Philadelphia man who had similar prowess with the ladies used his talents to bilk 24 victims out of $2 million in a pretty aggressive identity theft ring.
Between Sept. 1, 2005, and October 2009, Miguel Bell used the victims’ names, dates of births, addresses, Social Security numbers, and bank account numbers, which Bell obtained from romantic relationships with bank and insurance company employees.
Well no matter how suave you are, law enforcement will catch up to you. Bell faces a two-year mandatory minimum prison sentence and has to pay restitution in the amount of $1.7 million.
Every morning, the editorial staff of the ITAC blog wakes up early and scours the headlines for the latest identity theft, data breach and cyber security news. And, as one would think, there is no shortage of news to cover. Though every so often, we come across a couple of stories that are worthy of highlighting as a “double-feature” if you will.
First up. It was reported that a group of hackers has posted more than 100 email addresses and login details, which it claimed to have extracted from the United Nations. Yes, it was a typical tactical move by “hactivist” group Team Poison who wanted to flex its muscles and show that no global organization is immune to being exposed. In a funny twist, Team Poison posted this on a Pastebin: “United Nations, why didn’t you expect us?” So, yes, nobody is immune.
For the second feature, we have a story about how hackers can give a printer instructions to overheat and catch on fire. Wow. Talk about a great headline that would certainly generate those highly coveted Internet eyeballs that make or break an online news organization.
The problem is that hackers could never actually do this. HP has stepped up and implemented a laudable (and may say credible) PR campaign to counter this story. Can they catch fire? No. Are their printers vulnerable to breaches by hackers? Yes. Though HP has reported that no customer has reported unauthorized access of its printers.
So, why double up a hactivist story with a sensational piece design to strike fear in the heart of the average soccer mom? We wanted to showcase how hacking and data breaches have penetrated pretty much every part of life – from the highest echelons of government down to the average U.S. homeowner.
BITS president Paul Smocer says banks can expect an uptick in cybersecurity-focused legislation in 2012. What impact will changes from Capitol Hill have on requirements for data breach notification, information sharing and critical infrastructure?
Smocer, who oversees BITS, the technology policy division of The Financial Services Roundtable, says that increased focus from Congressional leaders will have an impact on financial institutions, especially where breach notification is concerned.
“Legislatively, we can expect, probably, to see the emergence of a national law,” Smocer says. “We in the financial services industry already have that to some degree from Gramm-Leach-Bliley compliance, but we have the state level as well. It would be an advantage to have less diffusion and more standardization, so that consumers are being notified in the same way every time a breach occurs, regardless of the state they are in.”
And that is one area in which BITS expects to play an expanded role, by working to bring government and private interests together. Where breach notification is concerned, a federal law would benefit consumers and financial institutions. Complying with and understanding varying state requirements is something with which financial institutions struggle. Getting legislators to understand why notification variation also can be confusing to consumers is a priority for BITS, and an area BITS plans to pay particular attention to in the coming year.
Check out the full BankInfoSecurity.com article and podcast interview with Mr. Smocer here.
Welcome to the Monday Morning News Kick Off post from the ITAC blog. We all know that re-entry back into the working world is challenging after a long holiday weekend. And the only way to fully re-acclimatize yourselves is to jump right into the deep end of the pool. Though before you do that, we recommend you peruse out Monday Morning News Kick Off post to catch up on all the latest identity theft, cyber crime and data breach news. We hope you enjoy and happy Monday!
10 Tips to Avoid Cyber Monday Scams
It seems that the holiday shopping season comes earlier and earlier each year. Luckily, in the digital age, you can ditch the long lines of Black Friday and join the Cyber Monday crew by doing all your shopping online. However, even though shopping online is quick and convenient, there are risks involved. According to Forrester Research, online shopping this holiday season is expected to generate almost $59.5 billion. And 90% of consumers will shop online, according to PriceGrabber’s winter holiday shopping survey. This increased traffic turns the virtual marketplace into a winter wonderland for hackers, who are gearing up to swipe credit cards and personal information to commit fraud and identify theft. Check out more from Mashable here.
Senators Try to Block ID Theft of the Deceased
ID thieves would have a harder time trying to profit off the deaths of children and others under a House bill introduced last week to limit access to Social Security numbers available online. When Rep. Sam Johnson (R-Texas) unveiled the “Keeping IDs Safe Act of 2011,” he criticized Social Security’s publicly released Death Master File, which has been used for at least a decade by thieves to access Social Security numbers, file bogus tax returns to the Internal Revenue Service and collect refunds. Johnson’s “KIDS Act” would effectively end public access to the death file, which now can be searched for a small fee or even for free on genealogy and other online sites. The files contain the Social Security numbers and other personal information that can easily be used by identity thieves. Read more from the Chicago Sun Times here.
AT&T Hackers Have Terrorist Connections, Say Philippines Police
The U.S. Federal Bureau of Investigation and police in the Philippines have jointly busted a ring of four alleged hackers in Manila with connections to a terrorist group in Saudi Arabia, the Criminal Investigation and Detection Group of the Philippines police said last week. FBI agents, who have been investigating hacking of telecommunication companies in the U.S. and in the country since 1999, have uncovered a “paper trail” of various bank transactions allegedly linking the local hackers to the cell in Saudi Arabia, whose activities include financing terrorist activities, CIDG said in a statement. Check out the full PC World article here.
Scammers Steal IRS Refunds with Ease
Almost one year ago, in broad daylight, North Miami postal carrier Bruce Parton was killed for his key — a master key, authorities say, that unlocked personal financial information to residents of a North Miami-Dade condo building. The two men charged with the 60-year-old’s murder used his so-called Arrow Key to steal the information from dozens of residents’ mailboxes. Like magic, the pair converted the identities of others into an electronic stream of cash, by filing fabricated income tax returns in the victims’ names over the Internet, according to court documents.Their unwitting accomplice turned out to be the Internal Revenue Service. The IRS, without verifying their false income claims, loaded the refunds onto debit cards the men allegedly used in others’ names at Winn-Dixie supermarkets, 7-Eleven convenience stores and Chase Bank, records show. Read the full Miami Herald story here.
Whose Fault Is Identity Theft?
In many situations, we have little control over how our personal information is used, and who can gain access to that information. Our identifying information is stored in dozens of databases with government agencies, doctors’ offices, creditors, banks, lenders, schools and more. Providing personal information like a Social Security number is a precondition of obtaining any number of services. So, even though we feel like we shouldn’t be giving this information out, we often have no choice. As a result, we’re vulnerable to identity theft from numerous access points that we have no ability to protect. You can be extremely careful with your data in your everyday life, with a locked mailbox, shredder and secure home network, and still become a victim. Here are some of the people who may be at fault if your identity has been stolen, despite your best efforts. Read the full SFgate story here.
The High Price of Data Breaches
As consumers, we transmit valuable personal information to the companies with which we do business. In doing so, we trust that information will remain secure. Over the past year, however, we have learned of a number of instances in which vast quantities of personal data have been compromised. Last spring, for instance, breaches at Sony Corp. affected more than 100 million customers, putting their credit card numbers, email addresses and passwords at risk. Another recent breach exposed email addresses of customers of companies such as Best Buy, Citibank, Disney, JPMorgan Chase, the Home Shopping Network, Hilton, Marriott and the College Board. Read more of James Cole’s, the U.S. deputy attorney general, Op-Ed here.
‘Anonymous’ Hackers Target Pepper-Spraying UC Davis Police Officer
The Internet hacking group Anonymous has launched its latest attack on the UC Davis police officer accused of pepper-spraying student by posting a video online that lists his personal contact information. In a 10-minute video attributed to the group, a computer-altered voice publicizes the home address, home telephone and cellphone numbers and email address belonging to Lt. John Pike. A call to the listed cellphone number was answered by a voicemail announcement naming Pike as its owner, but said no space was available to leave a message. Check out the full LA Times story here.
Helping people recover from identity theft is a rewarding job, according the the people who work in the ITAC call center. They’ve heard it all – deployed soldiers victimized, sick parents victimized by their children, really awful stories. Watch this two-minute video of ITAC agents explaining what they do and why they love their jobs.
One thing is for sure, if you are shopping for groceries and the check out line is too long, there is always space at the self-service check out kiosks. These kiosks were originally installed in grocery stores through out the U.S. to provide a layer of convenience and efficiency for customers. Though shoppers should be cautioned: identity thieves are installing skimming devices on these terminals and they are hitting pay dirt.
All things considered, says David Goldblatt, he would not have bought a printer that could be 
Giacomo Casanova was an 
Every morning, the editorial staff of the ITAC blog wakes up early and scours the headlines for the latest identity theft, data breach and cyber security news. And, as one would think, there is no shortage of news to cover. Though every so often, we come across a couple of stories that are worthy of highlighting as a “double-feature” if you will.
BITS president Paul Smocer says banks can expect an uptick in cybersecurity-focused legislation in 2012. What impact will changes from Capitol Hill have on requirements for data breach notification, information sharing and critical infrastructure?
Welcome to the Monday Morning News Kick Off post from the ITAC blog. We all know that re-entry back into the working world is challenging after a long holiday weekend. And the only way to fully re-acclimatize yourselves is to jump right into the deep end of the pool. Though before you do that, we recommend you peruse out Monday Morning News Kick Off post to catch up on all the latest identity theft, cyber crime and data breach news. We hope you enjoy and happy Monday!
Helping people recover from identity theft is a rewarding job, according the the people who work in the ITAC call center. They’ve heard it all – deployed soldiers victimized, sick parents victimized by their children, really awful stories. Watch this two-minute video of ITAC agents explaining what they do and why they love their jobs.
.gif)
Facebook
LinkedIn
Twitter