CIMIP - Center for Identity Management and Information Protection

December 2009 News Archive

December 31, 2009

Waldec spreading through fake New Year's e-cards

Cybercriminals behind the Waledac botnet have begun using a New Year's-themed campaign to capture more victims, security experts warned Thursday. full article

Elderly Protected From Predation by Investors

(CN) - The Securities and Exchange Commission won an order blocking executives at Homestead Properties from swindling elderly investors by allegedly day trading with millions of dollars in investment funds. full article

Judge blocks part of new Neb. sex offender law

OMAHA, Neb. — A federal judge yesterday blocked portions of Nebraska's new sex-offender registry law, including provisions that sought to monitor convicted sex offenders' computer usage and prevent them from visiting certain Web sites. full article

Three, including father and son, charged in accusations of inflating appraisals to obtain business from lenders

In the following press release the Orange County (CA) District Attorney announced that a father and son have been arrested on charges of conspiring to commit fraud by inflating property appraisal values with their real estate appraisal executive in order to secure more business with lending institutions. James Merritt Eaton, 60, his son Brian Chandler Eaton, 28, both of Laguna Beach, and real estate appraisal firm executive Michael John Bell, 32, Corona del Mar, are each charged with one felony count of conspiracy to defraud another of property, 17 felony counts of grand theft by false pretense, two felony counts of identity theft, two felony counts of false personation, and sentencing enhancement allegations for aggravated white collar crime over $100,000 and property damage over $50,000. If convicted, each defendant faces a maximum sentence of 18 years in state prison. full article

One convicted, two others plead guilty in Queens/Brooklyn mortgage fraud

In the following press release Queens (NY) District Attorney Richard A. Brown today announced that a Queens Village woman who is a loan officer has been convicted of stealing the personal identity of a former client to help another client purchase a house in Brooklyn. full article

Security breach reported by Internet trading site

Users of the do-it-yourself trading site received an “urgent” e-mail at a few minutes past noon Wednesday notifying them that the company's computer database had been breached by a hacker and that all users should log in to change their passwords immediately. full article

RockYou Sued Over Alleged Security Hole

Lawsuit says Facebook, MySpace app failed to protect the data of millions of users.

An Indiana man has filed a class action lawsuit against RockYou, alleging it failed to protect the personal data of more than 32 million customers. full article

Twitter Blacklists 370 Shoddy Passwords

To protect its users from themselves, the social networking site is preventing new users from selecting some common or easily hacked passwords for their accounts. full article

December 30, 2009

Hacker Pleads Guilty in Major Cyberfraud Case

A sophisticated hacker pleaded guilty Tuesday to conspiring to hack into computer networks supporting major American retail and financial organizations, and to steal data relating to tens of millions of credit and debit cards in a case that the Justice Department said is one of the largest data breaches ever investigated and prosecuted in the United States. full article

Homeland Security Blinks Over REAL ID Act

WASHINGTON (CN) - The Department of Homeland Security has indefinitely lifted its January 1 deadline to allow federal agencies to accept state driver's licenses and ID cards before allowing people to board commercial airplanes or enter federal buildings and nuclear power plants. full article

Identity theft: Preparation is the best defense

Identity theft is an extremely serious crime; people are facing greater attacks on their personal and financial privacy than ever before. full article

Dodge deputies bust alleged multi-county theft ring

An accident in late September helped Dodge County sheriff's deputies break an alleged identity theft ring operating in four counties. full article

Police: Woman stole ID to get loan

A scheduler at Holmes Hospital in Corryville is accused of stealing a patient's identity and using it to get a small loan. full article

MS dismisses IIS zero-day bug reports

It ain't vulnerable, just 'inconsistent'

Microsoft has dismissed reports that there's an unpatched critical flaw in the latest version of its webserver software. full article

X-Box 360 theft suspect busted after online gaming sesh

From tagged to fragged

An alleged X-Box 360 thief was tracked down after he forgot to disable the game console's auto sign-in feature before hopping on the net. full article

Study - Victims of Online Scams Avoid Reporting Attacks

Researchers at the Institute of Criminal Justice Studies of the University of Portsmouth recently conducted a study under NFA (National Fraud Authority) to find that people who become victims of spam mails, fake lotteries, phishing and identity theft, feel so embarrassed that they restrain from telling police about them. full article

Adobe to be Prime Target for Malware in 2010

2009 is drawing to a close, and 2010 is almost upon us. The Chinese calendar says 2010 is the Year of the Tiger, but a report released from McAfee claims it could be the year of Adobe malware. full article

Penn State notifies 30,000 of computer security breach

Social Security numbers may be compromised

Three Penn State University computer breaches described by an official as apparently unrelated have prompted the school to begin notifying nearly 30,000 individuals that their Social Security numbers may have been compromised. full article

New Hampshire Enacts Strict Data Breach Notification Law Affecting Health Care Providers and Business Associates

New Hampshire’s new breach notification law builds on the breach notification requirements under the HITECH Act by requiring health care providers and business associates to notify individuals of disclosures of their protected health information that are prohibited by New Hampshire law, even if such disclosures are permitted under HIPAA or other federal law. full article

Target Co Was Victim Of Hacker Albert Gonzalez

BOSTON/NEW YORK (Reuters) - Target Co said it was among the victims of computer hacker Albert Gonzalez, mastermind of the biggest identity theft in U.S. history. full article

McMurray man indicted on identity theft charges

A federal grand jury yesterday indicted a McMurray man for allegedly obtaining another person's credit to get more than $330,000 in financing. full article

California man accused of ID theft to sell life insurance policies

A Covina, Calif., man, who already lost his insurance license for fraud violations in 2003, is now accused of stealing a former employee’s identity to enable him to collect commissions from life insurance policies. full article

December 29, 2009

Greatest security threats to education

With education-related cyber-security threats expected to rise in 2010, WatchGuard is predicting the top threats facing schools, colleges and universities. full article

Health Net data breach likely caused by theft, Connecticut official says

The state attorney general also questions whether the health information leaked was as indecipherable as the plan claimed.

Health Net is defending its account of a data breach earlier this year, following criticism by Connecticut Attorney General Richard Blumenthal, who said the data disk the company claimed had "gone missing" from its Shelton, Conn., office most likely was stolen. full article

Medical Co. Boss Says Worker Sold Her the Brooklyn Bridge

(CN) - The owner of a biomedical company claims an employee stole $500,000, told her an elaborate tale about a nonexistent FBI investigation, and said her life was in danger and she should flee the country and refrain from checking her bank accounts. When she did that, the woman moved into her home and emptied it of furniture, according to a RICO complaint in Oakland, Calif., Federal Court. full article

Hackers show it's easy to snoop on a GSM call

IDG News Service - Computer security researchers say that the GSM phones used by the majority of the world's mobile-phone users can be listened in on with just a few thousand dollars worth of hardware and some free open-source tools. full article

Chase Bank Says VP Embezzled & Ran

MANHATTAN (CN) - JPMorgan Chase Bank says a former vice president embezzled $2.8 million from a customer's account, then took it on the lam to Argentina. And the bank says that came after he embezzled $2.5 million from a client at his previous job, with UBS. full article

Einstein and Citizens’ Privacy

Einstein is an intrusion detection – and soon an intrusion prevention – system the government is deploying to safeguard government IT systems. Some cybersecurity experts contend Einstein has the potential to intrude on the privacy of individual Americans, a concern Philip Reitinger dismisses. full article

26C3: Network design weaknesses

At the 26th Chaos Communication Congress (26C3) in Berlin, security researcher Fabian Yamaguchi demonstrated a number of vulnerabilities that can apparently be found in many average communication networks and affect all levels from the access layer to the application layer. Attackers exploit many minor design flaws which allow "dangerous attacks" when combined, explained the Berlin-based security expert who last year investigated vulnerabilities in the basic TCP internet protocol. Overall, the "bugs" can reportedly be exploited to hijack a proxy server such as Squid and control all of the network traffic that flows through it. full article

After Hacks, Louisiana Restaurants Sue POS Companies

More than 100,000 credit cards exposed by keylogger attack, Secret Service says

Two lawsuits have been filed in Louisiana after point-of-sale (POS) systems in restaurants were allegedly hacked via keylogger, resulting in the exposure of some 100,000 credit cards. full article

Microsoft confirms IIS hole

Microsoft has confirmed the security hole in its IIS web server, but hasn't disclosed which versions of the product are affected. According to the finder of the "semi-colon bug", versions up to and including version 6 are vulnerable. The hole allows attackers, for instance, to camouflage executable ASP files as harmless JPEG files and upload malicious code to a server. full article

Good Guys Bring Down the Mega-D Botnet

Chalk up one for the defenders. Here’s how a trio of security researchers used a three-step attack to defeat a 250,000-pronged botnet.

For two years as a researcher with security company FireEye, Atif Mushtaq worked to keep Mega-D bot malware from infecting clients' networks. In the process, he learned how its controllers operated it. Last June, he began publishing his findings online. In November, he suddenly switched from de­­fense to offense. And Mega-D--a powerful, resilient botnet that had forced 250,000 PCs to do its bidding--went down. full article

Two indicted in Maryland straw buyer fraud scheme allegations

A federal grand jury has indicted Dema Daiga, age 28, of College Park, Maryland and Oluseun Oshosanya, age 29, of Laurel, Maryland, for wire fraud and aggravated identity theft arising from a scheme to defraud a mortgage lending company of approximately $664,493, announced United States Attorney for the District of Maryland Rod J. Rosenstein. The indictment was returned on December 2, 2009 and unsealed on December 23, 2009 upon the arrests of the defendants. Daiga is scheduled to have his detention hearing today at 11:30 a.m. and Oshosanya is scheduled to have his initial appearance today at 2:30 p.m. full article

Browser Attacks Continue to Evolve

While the security teams at Microsoft, Mozilla and the other browser vendors continue to work on new defenses and exploit mitigations, the state of the art in attacks is continuing to evolve. full article

December 28, 2009

Amazon Hit With DDoS Attack

The storage and computing cloud services, S3 and EC2, respectively, were briefly affected Wednesday. and Amazon Web Services (AWS) were apparently affected by a distributed denial of service attack Wednesday that struck their DNS provider. full article

Foreclosure counselor victim of identity theft

Mitchell urges people to check credit report once a year ... it's free

Robert Mitchell's job is to provide counseling to people facing foreclosure, and he often urges them to check their credit report as they try to get their finances in order. full article

Two sought in identity theft case

Crimestoppers and Champaign police are seeking the public's help in solving a case of deceptive practice, identity theft and forgery that took place last month. full article

CRS: Privacy: An Overview of Federal Statutes Governing Wiretapping and Electronic Eavesdropping

This report provides an overview of federal law governing wiretapping and electronic eavesdropping. It also appends citations to state law in the area and contains a bibliography of legal commentary as well as the text of the Electronic Communications Privacy Act (ECPA) and the Foreign Intelligence Surveillance Act (FISA). full article

Hospital keeps secret DNA file

Children’s University hospital in Temple Street is under investigation by the Data Protection Commissioner

A DUBLIN hospital has built a database containing the DNA of almost every person born in the country since 1984 without their knowledge in an apparent breach of data protection laws. full article

Oregon drivers file lawsuit against purchasers of state database

Some Oregon drivers have filed a class action lawsuit against Direct Response Media Group and others who they claim purchased their drivers’ records in violation of Driver Privacy Protection Act, 18 U.S.C. §2721. full article

Former Executive Accused Of Selling Data From Matchmaking Firm

Ex-employee allegedly ransomed customer information, then tried to deal it to competitors

A former executive of a matchmaking service firm in China is accused of stealing the personal data of about 16,000 registrants and attempting to sell it to other matchmaking firms. full article

December 25, 2009

Woman faces ID theft charges on Christmas Eve

In Court: Police say they found 25 stolen licenses, in her purse; she was trying to open bank account

A 25-year-old Olympia woman appeared in court on Christmas Eve after she was arrested Wednesday on suspicion of 25 counts of identity theft and one count each of forgery, marijuana possession and possession of methamphetamine. full article

December 24, 2009

Sex Offender Charged in Disappearance of Maryland Girl

Police in Maryland were searching Christmas Eve for a missing 11-year-old girl last seen wearing fuzzy Christmas pajamas, and they have charged a registered child sex offender in her disappearance. full article

Dentist's Account Missing Nearly $400K

Dentist Office Recently Came Under Attack Of Phone Sex Calls full article

Ex-Marana police officer facing felony charges

A former Marana Police Officer has been indicted on charges of computer tampering and identity theft. full article

Ca: Commissioner Cavoukian expects health sector to encrypt all health information on mobile devices: Nothing short of this is acceptable

Ontario Information and Privacy Commissioner, Dr. Ann Cavoukian, today directed the province’s health sector not remove from their premises any personal health information on mobile devices – unless this very sensitive information is encrypted, as required in a health order issued in 2007. full article

GAO: Release of Nuclear Document Caused No Damage

A five-month long investigation by the Government Accountability Office determined that the inadvertent publication of a 267 page document describing U.S. civilian nuclear research facilities caused no damage to national security and did not require any remedial security measures at the cited facilities. Yet surprisingly, even though its publication had no adverse consequences at all, GAO endorsed the claim that the document was “sensitive” and recommended that rigorous new procedures be adopted to prevent public disclosure of such information in the future. full article

Users bypass Kindle restrictions

In a post on his blog, a hacker has published a Python script for the "Kindle for PC" application that converts open e-books with DRM protection into unprotected Mobipocket books. The method for bypassing the Digital Rights Management (DRM) used on Kindle devices to prevent the sharing of e-books isn't new: A conversion script used by the hack has been in circulation on the internet for over a year. full article

California-Based Identity Theft and Bank Fraud Ringleader Sentenced

GRAND RAPIDS, MI—United States Attorney Donald A. Davis announced the sentencing on December 21 of Alonzo Lamar Holloway, 44, of Oakland, California, on a four-count Indictment that charged him with bank fraud, wire fraud, aggravated identity theft, and with conspiracy to commit bank and wire fraud and identity theft. Holloway, who is one of 16 defendants from Oakland charged in a long-running investigation conducted by the U.S. Secret Service and the U.S. Attorney’s Office, was sentenced by U.S. District Judge Robert J. Jonker to serve 11 years in Federal prison, to pay restitution of almost $700,000, and to serve five years of supervised release following his eventual discharge from prison. full article

December 23, 2009

Suspected computer hack compromises Anchorage credit, debit card holders

ANCHORAGE, Alaska -- Just a simple swipe can lead to a ripple of consequences. full article

Inmate gets 18 months for hacking prison computer

A former Massachusetts prison inmate has been given an 18-month prison sentence for hacking prison computers while he was incarcerated. full article

Identity theft feared as data lost

Durham Region's loss of flu clinic information on 83,524 people called `disturbing'

Tens of thousands of people who attended flu clinics in Durham Region may be at risk of identity theft following the disappearance of a USB key containing their personal information. full article

Credit card provider suffers breach, personal data lost

MBNA, the UK’s largest credit card provider, has confirmed that a laptop containing the personal details of its customers has been stolen from one of its third party contractors – NCO Europe Ltd – earlier this month. The information is said to include personal details, however, no PIN numbers were reported to be contained in the stolen data. full article

Origin says MBNA laptop fiasco could easily have been avoided

Reports that a laptop containing the personal records of thousands of customers of MBNA Bank has been stolen ( mean that large numbers of the bank's credit cardholders will now be spend a worrisome Christmas and New Year break, concerned about their identities getting stolen. full article

2010 data security trends: External attacks from the inside

Sentrigo announced its top data security trends to watch for in 2010.

Generally, companies have viewed attacks as either coming from outside the network perimeter or from internal users abusing privileges. However, the line between internal and external is blurring as a result of several new attack vectors. full article

Facebook clickjacking attack spreads

A new clickjacking attack has targeted Facebook users. It presents itself in the form of a comment on the users' account full article

Mother of two sent to jail for multiple identity-theft charges

A Hamilton mother of two girls who claims to have been a "runner" for a ring of identity thieves has been sentenced to 22 months in a provincial reformatory. full article

Waupun couple charged in series of burglaries, identity thefts

JUNEAU — A couple accused of breaking into several storage units and vehicles parked near the Horicon Marsh has been charged. full article

That’s not me: Resident fights identity theft, loss

He thought he was building a lasting relationship with someone he met on an online social networking site. What it turned out to be was a detailed, drawn out scam to steal his identity and rob him of more than $9,000. full article

Pharma link spammers invade Live Space

Fake blog posts spamvertise knock-off pills

Cybercrime affiliates of unlicensed pharmaceutical websites have begun moving on from attacks purely designed to poison Google search engine results, and are now targetting Microsoft's web properties. full article

Hackers break Amazon's Kindle DRM

The great ebook 'unswindle'

An Israeli hacker says he has broken copyright protections built in to Amazon's Kindle for PC, a feat that allows ebooks stored on the application to work with other devices. full article

China State-linked Microblog Service Hacked at Launch

A Twitter-style service offered by a government-linked news site in China was hacked and has since gone offline, according to screenshots posted on the Web. full article

Malware Writers Get Bold, Rent Datacenters

Not content with infecting individual PCs, the criminals who run botnets are now setting up shop in legitimate datacenters. How?

Security firm Kaspersky Lab has uncovered a disturbing trend among the criminal syndicates that write and distribute botnets (define). Instead of relying just on individual PCs, they are now taking advantage of loopholes and laxness to set up shop in datacenters. full article

The scoop on state SSN laws and required policies

Businesses possess a great deal of personal information about job applicants, employees, and former employees such as retirees. In addition, employees and independent contractors of businesses often have access to personal information. One of the most common types of personal information is a Social Security number. full article

Settlements Still Leave Many Post-Breach Legal Woes for Heartland

With two settlements announced in less than a week, merchant acquirer Heartland Payment Systems Inc. is putting some of the legal repercussions of its huge data breach behind it as 2009 draws to a close. But most of the legal troubles Heartland faces in the wake of the breach it announced last January still await resolution. full article

New year brings new requirements for Florida driver's license changes

A trip to the DMV has always required a certain level of mental preparation -- the patience to endure what could be a long wait, the self-esteem to shrug off a license picture you know doesn't really look like you. full article

December 22, 2009

Schmidt Tapped as White House Cybersecurity Coordinator

An administration official told Monday night that IT security veteran Howard Schmidt will be the new White House cybersecurity coordinator, a position President Obama created seven months ago. full article

Ten 2010 IT Security Predictions, Part 2: Schmidt and ICSA Labs

Howard Schmidt, former eBay CISO and vice chairman of the President's Critical Infrastructure Protection Board, and the folks from ICSA Labs, a vendor-neutral testing and certification lab, offer 10 predictions for security in 2009. (Second of 2 parts). full article

Report: Russian gang linked to big Citibank hack

IDG News Service - U.S. authorities are investigating the theft of an estimated tens of millions of dollars from Citibank by hackers partly using Russian software tailored for the attack, according to a news report. full article

Microsoft's 'whitelist' helps hackers, says Trend Micro

Rival researcher disagrees, says public posting of AV exclusion list no big deal

Computerworld - By recommending that users exclude some file extensions and folders from antivirus scans, Microsoft may put users at risk, a security company said today. full article

FTC Seeks Scam Marketer’s Assets in Bankruptcy Court to Repay Money Owed to Consumers

The Federal Trade Commission has filed a complaint in bankruptcy court seeking assets from the operator of a defunct money-making scam, so that those assets can be used to help pay more than $17 million that he owes consumers as a result of a court judgment against him. full article

An E-Book Buyer's Guide to Privacy

As we count down to end of 2009, the emerging star of this year's holiday shopping season is shaping up to be the electronic book reader (or e-reader). From Amazon's Kindle to Barnes and Noble's forthcoming Nook, e-readers are starting to transform how we buy and read books in the same way mp3s changed how we buy and listen to music. full article

Teachers' data are private, union says

The head of Ohio's largest teachers union told a judge yesterday that releasing the names, addresses and other personal information of licensed teachers, administrators and school staff puts their safety and privacy at risk. full article

Spammer fined, banned from cluttering inboxes

A Sunshine Coast man accused of being the mastermind of the world's largest online spam operation, which could send 10 billion emails a day, has been fined $210,000 by a Brisbane court. full article

Tom Cruise Accused of Spying

LOS ANGELES -- The former owner of a Beverly Hills-based magazine has filed a complaint seeking $5 million from actor Tom Cruise, celebrity lawyer Bertram Fields and private investigator Anthony Pellicano that claims he was illegally wiretapped after Cruise filed a defamation suit against him. full article

Identity of Chicago Blackhawks legend stolen

Chicago Blackhawks legend Stan Mikita says he's been the victim of identity theft. full article

Woman charged with identity theft

LINCOLNSHIRE -- A Libertyville woman has been charged with identify theft following an investigation. full article

Accused member of identity theft ring to enter guilty plea

JACKSON -- A member of an alleged identity theft ring that called itself the "Felony Lane Gang" and operated in south Mississippi is scheduled to plead guilty next month to conspiracy to commit mail fraud, according to federal court records. full article

How The Koobface Worm Gang Makes Money

Trend Micro report looks at the true motivation behind the widespread malware-laden botnet

Chances are you know someone who has been hit by Koobface, one of the first successful social networking worms. But there are many faces to Koobface, and many ways its authors make money from it. full article

12 things computer users should fear in 2010

About once a year, computer security news leaps out of the technology section and onto the front page and the top of network news broadcasts. full article

Enemies lurk on friendly Facebook

Social networking sites fall prey to cyberbullies who steal identities

Mike Brown was late to join Facebook's swelling ranks. When he finally did, he kept his security settings high, used perfect punctuation and was careful about what he posted. full article

Accused 'Wolverine' pirate calls charges 'ridiculous'

The FBI has accused the man who allegedly was first, or among the first, to upload a pirated copy of "X-Men Origins: Wolverine" that circulated online in April. What authorities have apparently yet to do is identify the original source of the leak. full article

Attorney General Sues Three Companies for Loan Modification Scam

TALLAHASSEE - Attorney General Bill McCollum today announced he has filed a lawsuit against three businesses operating in Miami-Dade County, their principles and affiliated attorneys on allegations of deceptive and unfair trade practices regarding their involvement in a foreclosure rescue scam affecting homeowners nationwide. full article

7-Eleven Hack From Russia Led to ATM Looting in New York

Flashback, early 2008: Citibank officials are witnessing a huge spike in fraudulent withdrawals from New York area ATMs — $180,000 is stolen from cash machines on the Upper East Side in just three days. After a stakeout, police arrest one man walking out of a bank with thousands of dollars in cash and 12 reprogrammed cards. full article

Citigroup Denies Report of Hacking Theft

(AP) The FBI is investigating a hacker attack on Citigroup Inc. that led to the theft of tens of millions of dollars, The Wall Street Journal reported Tuesday. full article

iPhone worms can create mobile botnets

Paranoid, and not just about Android

A detailed analysis of the most malign in a recent spate of iPhone worms points to future mobile botnet risks. full article

Microsoft AV advice may aid attackers, researcher warns

Better performance. But at what cost?

A security researcher is taking Microsoft to task for advising customers to exclude certain files and folders from anti-virus scanning, arguing the practice could be exploited by pushers of malware. full article

Paper-based data breaches on the rise

More than one quarter of data breaches so far this year involved consumer records that were jeopardized when organizations lost control over sensitive paper documents. full article

Hacker Breaches College Library System

Officials for a community college system in North Carolina this week acknowledged that someone managed to hack his or her way into a server housing the Social Security and driver's license numbers of more than 51,000 library patrons. full article

Madison woman jilted and duped in identity theft scam

An Eastside woman fell prey to an identity theft scam that cost her $20,000 and her heart. The identity thief used a stolen identity to swoon and swindle her. The woman met the scamster on an Internet dating service according to the Madison Police Report. full article

Music Producer Files Identity Theft Suit

A top music producer has been the victim of brazen identity theft by a convicted felon who allegedly impersonated his way into a Hollywood Records studio. full article

Chicago Sports Legend: Victim Of Identity Theft

Chicago (CBS) - More than $100,000 in two weeks -- gone. A Chicago sports legend, the victim of identity theft. CBS 2 Chief Correspondent Jay Levine reports that Blackhawks legend Stan Mikita has won virtually everything there is to win. But he thought he lost big, too, when cyber thieves created an online account and started paying themselves with his money. full article

Five Myths About Cybersecurity

The Internet is the global communications and information infrastructure that provides the medium for communication and computation that facilitates the provisioning of numerous applications and infrastructure services, including e-mail, on-line banking, data storage, and quantum computing power. full article

Alleged fraud targeted money for veterans

Eight current or former Colorado Springs residents posing as former military service members have been indicted for allegedly stealing $214,000 in unemployment benefits due veterans. full article

Former Agent in S. California Arrested for Identity Theft

California Insurance Commissioner Steve Poizner today announced that James Alfred Morris, 66, of Covina, has been arrested and charged with eight felony counts of identity theft and six felony counts of grand theft after allegedly stealing a man's identity in order to sell life insurance policies and collect commissions. full article

Madison woman jilted and duped in identity theft scam

An Eastside woman fell prey to an identity theft scam that cost her $20,000 and her heart. The identity thief used a stolen identity to swoon and swindle her. The woman met the scamster on an Internet dating service according to the Madison Police Report. full article

December 21, 2009

26 Arrested in Three States in Medicare Fraud Schemes

FORT LAUDERDALE, Fla. (AP) — Federal agents arrested 26 suspects in three states on Tuesday, including a doctor and nurses, in a crackdown on Medicare fraud totaling $61 million. full article

New credit card scam reaches Kent County

GRAND RAPIDS, Mich. (WZZM)- A new credit card scam is circulating, just in time for the holidays. full article

iPhone Worm Was Simple, Yet Effective, Analysis Shows

The iKee worm that was infecting jailbroken iPhones last month was a simple, yet effective, piece of software that shows how easy it might be for an attacker to create a fairly large, functioning botnet comprising mobile devices, an analysis of the worm shows. full article

Google Found Guilty In French Copyright Case

A judge ordered Google to pay 300,000 euros to a French publisher, plus 10,000 euros per day until it removes extracts of the publisher's books from its database.

A Paris court on Friday ruled that Google violated French copyright law in digitizing books, but it;s unlikely the decision will be the last word on the search engine's controversial book-scanning project. full article

Spyware snags Akron Children’s Hospital patient and employee info

The Associated Press reports that Scott Graham of Ohio faces prison time after pleading guilty in federal court to felony charges of intercepting electronic communications by using spyware to spy on a woman’s computer activities. By spying on her, he also accidentally retrieved confidential information from the computer system at Akron Children’s Hospital, where she was employed. The software he employed was purchased over the Internet by a firm who says it is legal to use the software — if it’s installed on a computer owned by the purchaser. full article

PennDOT computer heist remains unsolved

Three years after a mysterious heist of computer equipment from a state driver's license center, police are still unsure why the crooks targeted the state Department of Transportation building. full article

Privilege Takes Center Stage as WaMu Bankruptcy Heats Up

Lawyers for Washington Mutual filed papers Friday in the bank's Chapter 11 case claiming Sullivan & Cromwell, on behalf of WaMu's new owners at JPMorgan Chase, has been sending out letters asking WaMu's old law firms to turn over their client files on WaMu -- files that include privileged material. full article

B.C. civil servant accused of sending personal data to U.S. border guard

Victoria has suspended the employee and is investigating the security breach

A B.C. government employee under investigation for an alleged privacy breach is accused of e-mailing personal data about government clients to an American border guard in Washington state. full article

DECAF: “Game Over”

Earlier this week, this site linked to a news report on DECAF, a counter-COFEE application. Now it appears that DECAF was a hoax (but see Comment 1, below, that it was not a hoax). full article

Cyber Challenge tests nation's top hackers

Washington (CNN) -- With the coolness of a card shark at the final table of the World Series of Poker, Matt Bergin pulls the hood of his brown sweatshirt over his head and concentrates on the task at hand. full article

New Twitter Attack Details Emerge

The attack that took down Twitter Dec. 17 used legitimate credentials to log in and redirect to a site purporting to be under the control of the Iranian Cyber Army. The incident underscores the importance for businesses of keeping an eye on DNS security. full article

Brittany Murphy's death used for peddling rogue security software

It didn't take long before cybercriminals seized the opportunity to use the death of actress Brittany Murphy to peddle malware. The most obvious choice was search engine optimization poisoning. full article

December 19, 2009

Attorney for doctors in WDH privacy breach disputes AG's finding

DOVER — An attorney for two doctors impacted by the privacy breach at Wentworth-Douglass Hospital says the Office of the Attorney General would have found WDH had to notify patients if the state knew a rogue employee accessed patients' social security numbers and sensitive insurance policy data. full article

£1.2bn e-Borders programme may be illegal under EU data law

The government's £1.2bne-Borders programmecould be illegal under EU law because of thedatait collects on passengers entering the UK, MPs have said. full article

December 18, 2009

Thief steals U.S. Army laptop from employee's home

A laptop containing the personal information of tens of thousands of U.S. Army soldiers, family members and U.S. Department of Defense employees was recently stolen. full article

Twitter Downed By 'Iranian' Hackers

Social networking site infiltrated by group claiming ties to Middle Eastern country.

Social networking site Twitter was knocked offline early Friday by hackers who claimed to have links to Iran. full article

Judge grants TJX hacker sentencing delay over health

The sentencing of TJX hacker Albert Gonzalez was halted after a psychiatrist determined that he has a developmental disorder and may not have known he was committing a crime, according to information filed by his attorneys this week in federal court in Boston. full article

Facebook Hit With FTC Complaint

Electronic Privacy Information Center files formal objection against social networking site's privacy changes.

A group that advocates Internet privacy has filed a formal complaint with the Federal Trade Commission over Facebook's decision to open more of its members' information to public view unless they actively take steps to limit their data's exposure. full article

Government Grapples With EMR Security, Privacy

Healthcare providers aren't stepping up to protect privacy of electronic medical records. Can the government provide adequate data security?

While electronic medical records promise massive opportunities for health benefits, the privacy and security risks are equally enormous. full article

Illinois Department of Insurance Warns of Possible Auto Insurance Scam

The Illinois Department of Insurance reports that some Illinois residents have received letters, printed on fake insurance department letterhead, advising recipients that their “automobile insurance policy is cancelled,” and that their “Driver’s License and/or License Plate’s will be suspended within 10 days from receipt of this letter.” full article

Arkansas Reports Insurance Scam Targeting Consumers in That State

Arkansas Insurance Commissioner Jay Bradford has cautioned that a scam operation that has sold fraudulent health insurance in Oklahoma and Connecticut is now targeting Arkansans. full article

Arizona Mulls Shutting Insurance Fraud Unit

With a $2 billion state budget deficit looming, Arizona may become the first state in the country to abolish the anti-fraud unit of its Department of Insurance. full article

Los Angeles-Area Agent Convicted of Identity Theft

California State Insurance Commissioner Steve Poizner today announced that Janet Gail Wroe, 49, of Canyon Country has been convicted of felony identity theft and sentenced to two years in prison after she stole the identity of a senior citizen and forged the victim's name on a Medicare Advantage plan enrollment form in order to receive a commission. full article

Heartland Pays Amex $3.6 Million Over 2008 Data Breach

Heartland Payment Systems will pay American Express US$3.6 million to settle charges relating to the 2008 hacking of its payment system network. full article

Cloud Security Alliance Issues New Guidelines

The Cloud Security Alliance published the second edition of its guidelines for secure cloud computing on Thursday, delivering a voluminous document that sets out an architectural framework and makes a host of recommendations around cloud security. full article

How to protect your privacy on Facebook

Social network recently overhauled its privacy policies; here's how users can continue to safeguard their privacy

Over the past week, Facebook has been nudging its users to review and update their privacy settings. The site has given users many granular controls over their privacy, more than what's available on other major social networks. Still, in updating their privacy settings, several users might have made more information about themselves public than what they had intended. full article

Hacker hit community college system

Patrons of the state's community colleges may have had their drivers license and Social Security numbers stolen by a hacker. full article

Boise man pleads guilty to aggravated identity theft

A Boise man pleaded guilty in federal court Thursday to aggravated identity theft, according to a release from the U.S. Attorney for Idaho. full article

Man in alleged identity theft ring to plead guilty

JACKSON, Miss. -- A member of an alleged identity theft ring that called itself the "Felony Lane Gang" and operated in south Mississippi is scheduled to plead guilty next month to conspiracy to commit mail fraud, federal court records said. full article

ID thief got credit file? Equifax makes amends

Dear Fixer: Equifax gave my credit report to an identity thief one day in early September. The thief appears to have visited full article

American Express phishing scam

Emails purportedly coming from American Express are making the rounds of inboxes this month. Panda Labs reports they contain a request for Amex customers to update their accounts. full article

Officers Warned of Flaw in U.S. Drones in 2004

Senior U.S. military officers working for the Joint Chiefs of Staff discussed the danger of Russia and China intercepting and doctoring video from drone aircraft in 2004, but the Pentagon didn't begin securing the signals until this year, according to people familiar with the matter. full article

B.C. civil servant accused of e-mail privacy breach

VICTORIA — The B.C. government is investigating an employee who is accused of e-mailing sensitive government information across the border to someone in the United States. full article

TSA Cannot Order Sites to Take Down Sensitive Manual

After a Transportation Security Administration (TSA) manual containing “sensitive security information” was inadvertently disclosed on a government website, it was reposted on several non-governmental websites where it remains freely available. Asked what TSA intends to do about that, Acting TSA Administrator Gale D. Rossides told Congress that her agency does not have the legal authority to compel members of the public to remove sensitive TSA documents from their websites, though she wished that they would do so. full article

ID Analytics Research Finds Conventional Wisdom About Change of Address and Fraud Risk is Incorrect

Traditional Metrics No Longer Provide Comprehensive Risk Coverage: Study Finds Identity Scoring Offers a More Effective Approach

SAN DIEGO, Dec. 18 /PRNewswire/ -- ID Analytics, Inc., the leader in on-demand identity intelligence, today announced the publication of its latest research study, "Address Discrepancy Data Study: Change of Address and Address Mismatch." ID Analytics' study examines the relationship between changes in address and fraud risk to determine whether certain variables related to an address change indicate a greater risk of fraud. The study finds that traditional variables no longer provide comprehensive risk coverage and the variables need to be modernized. full article

December 17, 2009

U.S. House to toughen internal cybersecurity policy

Congressional leaders on Tuesday accepted five new cybersecurity policy recommendations aimed at protecting sensitive information belonging to the U.S. House and securing its IT systems from attack. full article

Intelligence Improperly Collected on U.S. Citizens

WASHINGTON — In February, a Department of Homeland Security intelligence official wrote a “threat assessment” for the police in Wisconsin about a demonstration involving local pro- and anti-abortion rights groups. full article

Meaning of identity theft key to appeal in Palin case

Defense says hacking e-mail doesn't count

The case of a Democratic state senator's son accused of perusing the contents of a conservative Republican vice presidential candidate's e-mail account is making for strange political bedfellows. full article

Delaware crime: Police say woman stole $22,600 from account

Wachovia Bank teller's suspicions lead to charges of identity theft, forgery

A 27-year-old Philadelphia woman was charged with identity theft after a bank teller notified state police that she was trying to withdraw money from another customer's account. full article

Credit Suisse to pay $536M to settle Iran wire transfer case

Credit Suisse Group has agreed to pay $536 million to settle a Justice Department probe and admit to violating U.S. economic sanctions by hiding the booming illegal business it was doing for Iranian banks. full article

Autopsy reports altered in data breach at WDH: Frisbie says it will notify families of deceased

ROCHESTER — Frisbie Memorial Hospital says it will notify the families of two patients whose autopsy reports were altered when a Wentworth-Douglass Hospital employee made unauthorized changes to patients records' at WDH's pathology lab. full article

PCSO fined for data access breach

A police community support officer has been fined £2,000 for unlawfully accessing information on Metropolitan Police databases. full article

Former Lone Star National Bank VP convicted of bank fraud

(McALLEN, Texas) - A former vice president and senior loan officer of Lone Star National Bank has been convicted of bank fraud, U.S. Attorney Tim Johnson announced today. full article

China cages game Trojan hackers

Chinese authorities have sentenced 11 members of a malware gang to long stretches behind bars, after the group was convicted of creating and distributing Trojans designed to steal the login credentials of online gamers. full article

Secure USB drive relies on recognising faces

Works as a bottle opener too

Portable data security has stepped up a notch following one manufacturer’s decision to pair a USB Flash drive with facial recognition technology. full article

Conficker jams up developing interwebs

The infamous Conficker worm has disproportionally affected computer systems in the developing world, according to new research. full article

Adobe: critical Acrobat flaw fix 4 weeks away

Users of Adobe's Acrobat and Reader programs have a full four weeks to fret over a critical flaw that's being exploited in the wild to install malware on vulnerable machines. full article

The 2009 data breach hall of shame

A review of the companies that made headlines for all the wrong reasons

Computerworld - If there was anything even vaguely comforting about the data breaches that were announced this year, it was that many of them stemmed from familiar and downright mundane security failures. full article

Chinese ISP Hosts 1 in 7 Conficker Infections

Security experts have known for months that some countries have had a harder time battling the Conficker worm than others. But thanks to data released Wednesday by Shadowserver, a volunteer-run organization, they now have a better idea of which Internet Service Providers have the biggest problem. full article

Eighth defendant in North Carolina staged accident ring sentenced

The eighth and final defendant in an auto insurance fraud ring that netted more than $100,000 in phony claims payments from staged accidents was sentenced in North Carolina. full article

Insurgents Hack U.S. Drones

$26 Software Is Used to Breach Key Weapons in Iraq; Iranian Backing Suspected

WASHINGTON -- Militants in Iraq have used $26 off-the-shelf software to intercept live video feeds from U.S. Predator drones, potentially providing them with information they need to evade or monitor U.S. military operations. full article

Bank manager charged with embezzling

A branch manager of Piedmont Bank in Statesville was accused Wednesday of stealing more than $270,000 from the bank and its customers - including more than $100,000 from her parents - to support her gambling addiction. full article

Sands Casino scam attempt doesn't pay off

New York woman faces prison after pleading guilty to thefts. She stole $10,000 in 13 hours. full article

Police: Identity thief looted $22,000 from bank account

A Philadelphia woman has been arrested and charged with stealing a bank customer's identity and looting the victim's account of more than $22,000. full article

Consumers Overestimate The Dangers Of Online Identity Theft, Study Says

More than one-third of users think ID theft is most likely to happen online, but only 10 percent of the losses happen on the Web, researchers say full article

Google, Dell, Microsoft, Yahoo invoked in work from home scam

Online scammers are abusing top web brand names such as Google, Dell, Microsoft and Yahoo to sell fake "work from home" packages and defraud unsuspecting users, an online security firm has warned. full article

8 Japanese computer servers suspected in July cyber attack

Japan's National Police Agency said Thursday it suspects eight computer servers in Japan were involved in a wave of cyber attacks in July against government and private sector websites in South Korea and the United States, Japan's National Police Agency said Thursday. full article

Five Things to Know About Social Engineering

SOCIAL ENGINEERING IS GROWING UP. Social engineering, the act of tricking people into giving up sensitive information, is nothing new. But today's criminals are having a heyday using e-mail and social networks. full article

Cybersafety Booklet for Parents and Kids Now Available

FTC, Department of Education, Federal Communications Commission Officials Present Free Booklet at D.C. Middle School

A new booklet released today by the Federal Trade Commission and other government agencies helps parents and teachers steer kids safely through the online and mobile phone worlds. full article

Parkersburg Man Facing Federal Charges

A Parkersburg man is facing federal charges after he's indicted for fraud and identity theft. full article

Identity theft case has a bizarre twist

A five-page criminal complaint detailing a bizarre story of a man who claims to be a professor involved in human cloning research allegedly stealing the identify of a man in prison for murder in California who could be his brother. full article

Upper Darby man arrested, faces identity theft charges

UPPER DARBY — An alleged swindler involved in a sophisticated identity-theft ring involving personal information copied from hospital records is facing multiple identity theft and theft charges, police said. full article

Tennessee: Former Knox County deputy faces theft charges

A former Knox County sheriff's deputy was arraigned in federal court in an identity theft case. full article

Sanctions Imposed for Wiping BlackBerrys

Numerous courts have imposed sanctions for failing to preserve e-mails and other electronic documents. But few decisions have addressed the consequences of destroying electronic information stored on portable electronic devices -- such as BlackBerrys and smart phones. This may be starting to change. full article

Trial Date Set for Champaign Couple Charged with Credit Card Fraud

A Champaign, Illinois couple, Karen D. Dooley, 29, and her husband, Michael J. Jefferies, 32, were arraigned in federal court in Urbana on various federal criminal offenses related to credit card fraud in a seven-count indictment. full article

Check your Facebook privacy settings. Now!

More than ever, your personal information is flapping in the breeze

If Facebook founder Mark Zuckerberg can't figure out his social networking site's privacy settings after they were ripped open earlier this month, what hope is there for the rest of us? full article

Ohio court: Cell phone searches require warrant

ACLU described ruling by Ohio Supreme Court as landmark case

COLUMBUS, Ohio - The Ohio Supreme Court said Tuesday police officers must obtain a search warrant before scouring the contents of a suspect's cell phone, unless their safety is in danger. full article

December 16, 2009

Microsoft Tackles the Child Pornography Problem

The Internet is a hyper-efficient distribution channel for media of all kinds. So it is hardly surprising, even if disturbing, that the march of the Net has also brought “an explosion in the spread of child pornography,” as Ernie Allen, president of the National Center for Missing and Exploited Children, put it. full article

CA Predicts More Malvertising, Mac Attacks in 2010

Security researchers at business software developer CA this week warned enterprise customers to expect even more complex security threats in 2010 -- including an expected surge in so-called "malvertising" scams and more attacks targeting the Apple platform. full article

Detroit Police probe stolen medical records

2 separate incidents put many at risk of identity theft

Detroit -- City health department officials announced Tuesday that police are investigating two incidents in which patients' medical records, including Social Security numbers, were stolen. full article

Police Bust Possible Identity Theft Ring

Officers discover 61 pieces of stolen personal information

Dallas police said they believe they have broken up a major identity-theft ring. Officers discovered all kinds of stolen personal information inside a motel room on Finnell Street. Police arrested Mark Anthony, but investigators said they believe he may be part of a larger operative of identity thieves. full article

Adobe Offers Advice on Avoiding New Reader Attack

One day after warning of a new attack on its Reader and Acrobat software, Adobe issued a security advisory Tuesday offering users some advice on how to mitigate the problem. full article

Facebook sues men for allegedly phishing, spamming

Facebook has sued three men, alleging they used phishing techniques to get access to Facebook user accounts and then sent spam from the compromised accounts. full article

Scammers exploit Google Doodle to spread malware

Online scammers are taking advantage of the public's interest in the Google Doodle to spread malware, a security firm warned on Tuesday. full article

SEC Invokes Immunity in Negligence Suit by Madoff Victims

Bernie Madoff became America's poster child for financial scandal one year ago this week, though decades may pass before the mess he made is finally cleaned up. Just in time to mark this Ponzi anniversary, the Securities and Exchange Commission moved Monday to dismiss a suit by two Madoff victims who want to hold the agency accountable for failing to uncover Madoff's scheme more quickly. full article

9/11 Museum Director Says Website Hacked

GREENBELT, Md. (CN) - A Maryland man hacked into the Ground Zero Museum Web site, deleted it and left a link that redirects Web surfers to a page that criticizes the museum, its founder Gary Suson claims in Maryland Federal Court. The museum on West 14th Street in Manhattan showcases artifacts from Ground Zero of the Sept. 11 terrorist attacks. full article

Honeynet research lifts the lid on spam trends

Stats from the one billion spam messages blocked by Project Honey Pot over the last five years provide an insight into junk mail trends and spamming practices. full article

UCSF belatedly announces September data breach

UC San Francisco said late Tuesday it has alerted 600 patients and others that an external hacker may have obtained “temporary access to emails containing their personal information” as a result of a late September phishing scam. full article

Drug data mining ban unlikely in Senate health bill

No vote seen for "prescription mining" proposal

WASHINGTON, Dec 14 (Reuters) - A Democratic proposal to ban the collection of doctors' prescription records for marketing purposes is unlikely to be included as part of the Senate's overall health reform bill, a Senate staff member said on Monday. full article

Colorado Supreme Court rules that immigrants' tax records are private, were illegally searched

DENVER — The Colorado Supreme Court ruled Monday that authorities violated the constitutional and privacy rights of suspected illegal immigrants when they used tax returns to try and build hundreds of identity theft cases against them. full article

Mass. Supreme Court throws out lawsuit against BJs over '04 data breach

Ruling shows difficulty of winning tort actions in data breach cases

Computerworld - The Massachusetts Supreme Judicial Court affirmed a lower court ruling dismissing a lawsuit brought against BJ's Wholesale Clubby dozens of credit unions over a 2004 data breach. full article

December 15, 2009

Feds Arrest Suspects in 3-State Medicare Fraud Crackdown

MIAMI — Federal agents have arrested several suspects in Miami as part of a Medicare fraud crackdown in three states. full article

ID theft gang steals $200,000 in casino cash advances

Seven members of an alleged identity theft gang were arraigned in federal court today. full article

Personal information compromised after Dollar Tree's computer is hacked

NORTH AUGUSTA -- Welcome to the Dollar Tree, where everything's a dollar. But for some customers, the cost of shopping there could have been a lot more. full article

Personal Data At Risk After SQL Flaw Discovered

A SQL injection flaw on a social networking app developer site has compromised the security of users and could lead to identity theft full article

SSL Certificates: Safety, Nuisance or Both?

Online shoppers have become familiar with little logos that indicate a site can be trusted. Obviously, phishers and other scammers can easily place such logos on their own sites without proper authorization. What level of certainty can a consumer have that a site that bears a trusted logo really earned it from a reputable authenticator? What good are these reassurances, really? full article

Woman Wanted In Durham On Identity Theft Charges

DURHAM, N.C. -A Virginia woman is wanted by Durham Police for fraud and theft charges. full article

ID Theft Threats to Watch in 2010

Interview with Jay Foley of the Identity Theft Resource

Financial scams and incidents of medical identity theft are on the rise - and they're among the main threats to business and consumers in 2010. full article

How to Protect Against Medical Identity Theft

Medical identity theft is on the rise. It's a crime that most often originates from within the health care system and the theft can take months or even years to be discovered. full article

RockYou hacked, 32 million account passwords potentially exposed

RockYou has suffered a serious hacker attack that has exposed 32 million of its customer usernames and passwords, leading to possible identity theft. full article

Court Backs Lawyers In ID Theft Rule Fight

A Washington, D.C., judge has issued an opinion giving a further boost to a recent partial victory for attorneys fighting to be exempted from a rule that would force them to root out and stop identity theft. full article

FBI: Computer Pop-Up Security Warnings Pose Threats

The FBI is warning consumers about an ongoing threat involving pop-up security messages that appear while they are on the Internet. full article

Brandon man gets 5 years for ID theft

A Brandon man sentenced on today to five years in prison for a identity theft conviction. full article

Cuban man pleads guilty to mail fraud, ID theft

LOS ANGELES -- A Cuban man has pleaded guilty to posing as an attorney so he could represent detainees in immigration court in San Pedro. full article

Hacker used Twitter to control infected PCs

SAN JOSE, Calif. -- Twitter's been having a rough couple of weeks. A researcher looking into the attacks that knocked Twitter offline last week discovered another, unrelated security problem. full article

Investigators Shut Down Mortgage Fraud Ring

Juan Sopprani, 31, Rancho Cucamonga, California, Karen Sopprani, 28, Rancho Cucamonga, California, Luis Molina, 41, Pomona, California and Earl Gutierrez, 36, Rancho Cucamonga, California, were arrested in connection with a mortgage fraud scheme. full article

Hackers declare war on international forensics tool

Hackers have released software they say sabotages a suite of forensics utilities Microsoft provides for free to hundreds of law enforcement agencies across the globe. full article

Unpatched PDF flaw harnessed to launch targeted attacks

Adobe is investigating reports of unpatched flaws in its Reader and Acrobat software packages. full article

Robbers steal $3.7m from bank in Pakistan

Robbers have stolen at least $3.7m from a bank in Karachi, in what is being called Pakistan's biggest bank heist. full article

December 14, 2009

Balancing Act: Security Vs. Functionality

As the government adds more functionality to its information system and application, the opportunity for attackers to hack federal IT also increases. full article

Warnings issued after possible security breach

St. Paul, Minn. — The state of Minnesota has directed all of its agencies to stop using a Texas company state officials hired to verify the identities of new employees. full article

MoD inquiry after laptop stolen from headquarters

An investigation is under way after a laptop containing secret data was stolen from the Ministry of Defence. full article

US and Russia begin cyberwar limitation talks

It's like SALT for hackers

The US and Russia have begun talks on limiting the the military use of cyberspace. full article

DVLA data powers likely to be abused by foreign officials

Bulgarian traffic wardens know where you live

Personal data belonging to nearly 40 million UK motorists is likely to be abused by foreign officials under new automatic access powers, according to a restricted official report. full article

Pop-Up Security Warnings Pose Threats

The FBI warned consumers today about an ongoing threat involving pop-up security messages that appear while they are on the Internet. full article

Microsoft Warns of Increased Malware in Pirated Software

According to Microsoft, reports about fake computer software that are largely corrupted by malicious programs like viruses have increased twofold during 2007-08, counting some 150,000. full article

Cyber crime poses threat to e-commerce

The past 12 months have been a banner year for cyber crime. And that could be bad news for the future of e-commerce. full article

Man allegedly tries to collect on life insurance, claiming he is dead

A Wrigleyville, Ill., man is under arrest, charged with felony insurance fraud after trying to convince his insurer he was deceased. full article

Attacks on strong authentication factors need new defenses

Fraudsters have started to raid user accounts by beating strong two-factor authentication methods. Gartner analysts said that Trojan-based, man-in-the-browser attacks are circumventing strong two-factor authentication, enabled through one-time password (OTP) tokens. Other strong authentication factors, such as those using chip cards and biometric technology that rely on browser communications, can be similarly defeated. full article

A prescription for snooping

Drug companies defend the practice of mining data from pharmacies and insurers, but others are alarmed.

Reporting from Washington - When your doctor writes you a prescription, that's just between you, your doctor and maybe your health insurance company -- right? full article

Facebook boss caught out by privacy change

SOCIAL NOTWORKING SITE Facebook has revamped its privacy rules, as we reported last week, but it is starting to look like its boss might be regretting the change. Candid snaps of founder Mark Zuckerberg have found their way onto the web. full article

Computer theft being targeted by SFU, police

Simon Fraser University is crediting a new "bait laptop" program for cutting computer thefts on campus by more than 30 per cent. full article

New Swedish law draft for centralized internet and telephony interception

This file presents a draft law for internet and telephony spying from the Swedish department of justice. The document was mentioned, but not released, by Svenska Dagbladet on Dec 12, 2009 full article

Private Colleges Question Kindergarten-to-Career Data Collection

The organization representing private colleges and universities in Tennessee is asking the state to think twice before collecting more data on students. full article

Identity Theft Identity theft can spoil the holidays

Identity theft claimed 10 million victims in 2008, a 22 percent increase over 2007, according to a report from Javelin Strategy and Research. The Better Business Bureau warns that the holiday season provides many new opportunities for identity thieves. full article

Auto Warranty Telescams Continue

(CN) - Telemarketers are still making illegal robocalls to push bogus credit-card interest rate reductions and auto warranty scams, and refuse to pay refunds when customers call them on it, the FTC says in Federal Court. The FTC prohibited such robocalls as of Sept. 1 after a congressman got a pitch for one. full article

Hackers block Microsoft Cofee law enforcement software

Hackers have released software designed to attack a Microsoft tool used by law enforcement agencies.

According to a report on The Register the hack known as Decaf automatically launches countermeasures to Computer Online Forensic Evidence Extractor (Cofee), which provides tools used in the collection of digital evidence. full article

Facebook privacy and security guide

This is a video created by Tom Eston from SocialMediaSecurity walking you through the new Facebook privacy settings. It also covers notifications, Facebook Ads and hiding your Friends list from public searches. full article

World of Warcraft phishing scam

World of Warcraft (WoW) players should be on the lookout for phishing sites trying to get their user info. One still operating at time of writing is full article

Beware of Bogus Tests, Inspections, and Fixes for Damaged Drywall

The Federal Trade Commission warns consumers to be skeptical of anyone trying to sell test kits, inspections, or quick fixes for problems caused by imported drywall that has turned out to be contaminated. full article

Connecticut Clamps Down On Snooping State Employees

HARTFORD, Conn. - Connecticut officials say new measures are in place to deter state employees from browsing people's confidential tax records. full article

Guidelines Aimed at Thwarting ID Theft, Security Breaches Unveiled

Responding to concerns about identity theft and security breaches linked to portable devices, the AICPA and the Canadian Institute of Chartered Accountants have expanded Generally Accepted Privacy Principles to include protocols for securing personal information. full article

Ex-Prosecutor Loses Bid to View Probe Documents

(CN) - A federal prosecutor's emails to his attorney on government computers are privileged, a federal judge in Washington, D.C. ruled, rejecting a motion to compel discovery filed by a former federal prosecutor accused of prosecutorial misconduct in a high-profile terrorism trial in Detroit. full article

The 12 Cons of Christmas

These holiday cons can lead to identity theft or infection of your computer and make the most wonderful time of the year quite woeful

While the risk of being hacked, conned or having sensitive information stolen is possible all through the year, most security experts agree that the holiday season brings a spike in fraudulent activity, both online and off. full article

Lawyer in identity theft case charged with tax fraud

Syracuse, NY - A local lawyer already facing charges she stole her law partner’s husband’s identity to open a fraudulent credit card account was charged today with felony tax fraud as well. full article

Immigrants Sentenced for Thefts of Tax Refunds

WICHITA, Kan. (AP) - The U.S. attorney's office says three illegal immigrants will go to prison for their roles in a scheme to steal tax refund checks from Texas workers and use phony IDs to cash them in Kansas. full article

Court: Immigrants' tax records illegally searched

DENVER (AP) The Colorado Supreme Court says Weld County authorities violated privacy rights of immigrants when sheriff's deputies seized thousands of tax returns to investigate them for identity theft. full article

December 13, 2009

Google Faces a Different World in Italy

PARIS — One morning in January 2008, Peter Fleischer, the chief privacy counsel at Google, was walking to the University of Milan to deliver a speech at a conference when someone shouted his name from behind. Shortly afterward, he was surrounded by five Italian police officers. full article

Cyber crime poses threat to e-commerce

(CNN) -- The past 12 months have been a banner year for cyber crime. And that could be bad news for the future of e-commerce. full article

December 12, 2009

Supreme Court may decide whether workers' text messages are private

WASHINGTON - Workplace rights advocates are closely following a California case now before the Supreme Court in which employees for the first time won a constitutional right to privacy in their text messages, even when the messages were sexually explicit comments to co-workers. full article

District Court Finds Personal E-Mail From Work Still Privileged

A federal prosecutor has won his fight to conceal e-mails he sent to his attorney over the government’s computers, contradicting a popular belief that employees have no expectation of privacy on work computers. full article

December 11, 2009

Patients at risk of identity theft may wait 60 days to find out

Kathy Silver, CEO of University Medical Center, learned three weeks ago that names, birth dates and Social Security numbers for at least 21 patients were leaked from the hospital — a crime being investigated by the FBI. full article

HSBC confirms data theft by former employee

IDG News Service - HSBC confirmed Friday that a former employee stole client data but said the number of records taken was less than 10. full article

Droid Smartphone Hacked

Exploit lets phone users gain administrative root access to Google Android-based phones

First the iPhone, now the Droid: A hacker has unleashed an exploit that lets a user wrest administrative root control of his or her Motorola Droid smartphone. full article

2009 in threats: Fake security software, search engines and social networks

The latest State of the Internet 2009 report by CA states that the most notable 2009 online threats were rogue/fake security software, major search engines, social networks and Web 2.0 threats. The report compiles trends from the first half of 2009. full article

ID theft ring caught in Holton

HOLTON — More than a dozen people accused in an identity theft ring have been charged with fraud and forgery, Attorney General Steve Six said Thursday. full article

Symantec CEO: We don’t employ hackers

Ethical hacking is just another name for quality assurance, the security company’s CEO says

Ethical hacking has a definite role to play in keeping businesses secure, according to the Symantec’s CEO Enrique Salem, but the company will not hire known hackers to carry out the service. full article

Alberta health board cleared in records breach

The Alberta privacy commissioner's office has found that the province's health board had reasonable security measures in place when a virus targeted a computer network in July, potentially affecting the personal health information of thousands of people. full article

Potent malware link infects almost 300,000 webpages

A security researcher has identified a new attack that has infected almost 300,000 webpages with links that direct visitors to a potent cocktail of malicious exploits. full article

Facebook's New Privacy Settings: 5 Things You Should Know

Facebook has begun rolling out its new privacy settings to all of its 350 million users. If you haven't seen it already, you will soon have to go through a wizard that will guide you through the process of confirming your privacy settings. full article

Class Alleges Giant Spyware Scheme

(CN) - Internet service provider WideOpen West installed spyware on its broadband networks that "funneled all users' Internet communications - inbound and outbound, in their entirety - to a third-party Internet advertisement-serving company, NebuAd," a class action claims in Chicago Federal Court. "NebuAd and WOW used the intercepted communications to monitor and profile individual users, inject advertisements into the Web pages users visited, transmit code that caused undeletable tracking cookies to be installed on users' computers, and forge the 'return addresses' of user communications so their tampering would escape the detection of users' privacy and security controls," the class claims. full article

FTC Busts Interest Rate Reduction Scams

CHICAGO (CN) - The FTC says six abusive telemarketing firms conned U.S. and Canadian victims out of thousands of dollars by claiming they could reduce interest rates on credit cards and help them pay off debts faster. The agency says the scammers charged as much as $1,995 up front but failed to deliver and refused to pay refunds. full article

House passes bill to require data breach notifications

The House has passed a bill that would set nationwide rules for notifying potential victims of identify theft when their personal information that’s stored electronically is improperly exposed. full article

AU: Consumers may be told of ID theft

AUSTRALIAN businesses may soon be forced to tell their customers if their personal details have been stolen, under proposed new laws to combat identity theft. full article

Woman Charged With Identity Theft

A woman is in jail after deputies say she stole someone's debit card and then went on a shopping spree. And deputies say it's not the first time she was arrested for it. full article

Warranty Registration Cards May Lead to Identity Theft

Purchasing a new product with a warranty is a smart move. Whether it is a small home appliance or a large gaming system, most pieces of new technology today carry some form of manufacturer's warranty. When making your next technology purchase, before filling out the warranty card for the manufacturer, take a moment to consider how this may place you at-risk for identity theft. full article

Ninth Circuit rejects Patriot Act challenge for lack of standing

[JURIST] The US Court of Appeals for the Ninth Circuit [official website] ruled [opinion, PDF] Thursday that a lawsuit seeking to declare parts of the Patriot Act [JURIST news archive] unconstitutional must be dismissed for lack of standing. Brandon Mayfield [JURIST news archive], an attorney arrested [JURIST report] in 2004 based on FBI error in connection with the 2004 Madrid train bombings [BBC backgrounder; JURIST news archive], had argued that parts of the Patriot Act amending the Foreign Intelligence Surveillance Act (FISA) violated the Fourth Amendment [text]. Specifically, Mayfield alleged that FISA provisions allowing the government use electronic surveillance [50 USC § 1804] and physically search [50 USC § 1823] his home without probable cause violated his Fourth Amendment rights. In reversing a lower court decision [opinion, PDF; JURIST report], the court refused to rule on the merits of the case, finding that Mayfield could not pursue his claim because a settlement [text, PDF; JURIST report] between Mayfield and the Government expressly limited Mayfield's possible relief to a declaratory judgment that the provisions violated the Fourth Amendment. full article

Preston Man Arrested on ID Theft, Fraud Charges

PRESTON, Md.- A Preston man is facing charges in three counties in connection with a check and check card fraud case. full article

FTC Report Finds Sexually and Violently Explicit Content in Online Virtual Worlds Accessed by Minors

Recommends Best Practices to Shield Children and Teens

The Federal Trade Commission today issued a report that examines the incidence of sexually and violently explicit content in online virtual worlds. The congressionally mandated report, “Virtual Worlds and Kids: Mapping the Risks,” urges operators of virtual worlds to take a number of steps to keep explicit content away from children and teens, and recommends that parents familiarize themselves with the virtual worlds their kids visit. full article

Government plans to launch cloud next year

The Government is creating a blueprint for its private cloud infrastructure and expects to launch across the public sector next year. full article

December 10, 2009

Sexting - education, research, and multidisciplinary prevention and response

Earlier this week, I participated in a Summit organized by the National District Attorneys Association and the National Center for the Prevention of Child Abuse with a variety of professionals in the child protection arena. While other attendees focused in on the problem of child sex trafficking, my small group concentrated on the phenomenon of sexting and self-exploitation. full article

Facebook Christmas Worm Spreads Holiday Infection

Koobface, the worm that has plagued Facebook, Twitter and other social sites, is back.

The latest version of the infamous Koobface worm carries a Christmas greeting that can render victims' computers inoperable. full article

Novel Claim Against Insurer in Madoff Fiasco

(CN) - In a novel claim involving Bernard Madoff's Ponzi scheme, a woman claims that Fireman's Fund Insurance owes her more than $75,000. Sharon Lissauer claims that because Madoff did not buy securities with her money, Fireman's cannot limit her claim to $5,000 for "theft of securities." full article

Hackers find a home in Amazon's EC2 cloud

IDG News Service - Security researchers have spotted the Zeus botnet running an unauthorized command and control center on Amazon's EC2 cloud computing infrastructure. full article

TSA Officials Put on Administrative Leave After Security Lapse

The Department of Homeland Security has placed several employees on administrative leave for their role in the exposure of a document containing detailed information on passenger screening procedures used at U.S. airports. full article

Can the CFAA Protect Your Business Data?

The economic issues facing many companies have resulted in large numbers of employee terminations and resignations. This job reshuffling has brought a variety of employment issues to the forefront for management. One such issue is how best to safeguard business data once employees are asked to leave or elect to resign. full article

Windows Users Targeted in Anti-Malware Scam

A rogue anti-malware product called DefenceLab redirects infected PCs to Microsoft's Support portal, but modifies the HTML content as it returns so as to appear as if Microsoft is endorsing the worthless software. full article

Top 10 botnets and their impact

Every day, approximately 89.5 billion unsolicited messages (i.e. spam) are sent by computers that have been compromised and are part of a botnet. full article

SQL injection attack claims 132,000+

A large scale SQL injection attack has injected a malicious iframe on tens of thousands of susceptible websites. ScanSafe reports that the injected iframe loads malicious content from, which eventually leads to the installation of a rootkit-enabled variant of the Buzus backdoor trojan. A Google search on the iframe resulted in over 132,000 hits as of December 10, 2009. full article

The security nightmare formula

According to the Cisco 2009 Annual Security Report, small errors on the part of computer users or their IT departments may not wreak havoc on their own, but in combination, they dramatically increase security challenges. full article

School clerk accused of stealing more than $10,000

BATON ROUGE, La. (AP) - Authorities say an East Baton Rouge Parish school system payroll specialist has been arrested in the theft of more than $10,000 from the school district. full article

Report names top threats to campus networks

Data show that only 17 percent of college campuses employ effective measures for keeping networks safe

Eight out of 10 colleges included in a recent study were deemed vulnerable to cyber attacks that could cost IT departments thousands of dollars, highlighting the security downfalls of decentralized campus networks with little interconnectedness. full article

Student information compromised: Intact records found

Bushland views gaffe as a way to 'get better'

A Potter County school district has improved security protecting its student records after paperwork containing Social Security numbers, family incomes and student addresses was discovered at a recycling site in Canyon. full article

Former B of A employee pleads guilty to providing false VOD's

A former Bank of America employee was convicted of wire fraud today in federal court for creating false documents to secure approval of mortgage loan applications. full article

Kazakh President Signs 'Privacy' Law

ASTANA -- Kazakh President Nursultan Nazarbaev has signed a controversial law on privacy protection, RFE/RL's Kazakh Service reports. full article

Court Upholds BofA's ID Policy for Foreigners

(CN) - A Bank of America policy requiring U.S. citizens to provide a Social Security number to open a credit card while letting foreign nationals use other forms of identification does not discriminate against U.S. citizens, a California appeals court ruled. full article

Goverments must unite to head off cyber-terrorism threat, says Kaspersky

Governments have begun working to combat cyber threats, but many are working on national initiatives to tackle a global problem, says Russian security firm Kaspersky Lab. full article

Hacker McKinnon appeals to courts again

UFO hacker Gary McKinnon has asked the High Court to review the extradition order made against him. full article

HomeOwnership Center: Loan scams hitting home

UTICA, N.Y. (WKTV) - Dozens of people throughout the Mohawk Valley have been scammed or nearly scammed by Loan Modification scammers. full article

December 9, 2009

Yahoo, Go Daddy hosted websites targeted in two-stage phishing attack

If you control a blog or any small website, beware. Phishers are trying to lure owners of smaller websites who use hosting services from Yahoo, GoDaddy and MediaFire into divulging their administrator logons. full article

New Data Show Most Breaches Come From External Sources

New data compiled by Verizon in an addendum to its Data Breach Investigations Report shows that the vast majority of reported and investigated data breaches are the result of external incidents, not insider threats. full article

La. firm sues Capital One after losing thousands in online bank fraud

An electronics testing firm in Louisiana is suing its bank, Capital One, alleging that the financial institution was negligent when it failed to stop hackers from transferring nearly $100,000 out of its account earlier this year. full article

T-Mobile data scam detected a year ago

Customers in the dark

The Information Commissioner's Office (ICO) has been investigating the theft and sale of T-Mobile customers' personal data for almost a year, it has emerged. full article

EPIC Supports Privacy Safeguards for Genetic Information Recommends Robust Techniques for Deidentification

EPIC filed comments with the Department of Health and Human Services, advising the federal agency to strengthen the requirements for classifying data as “de-identified” under the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule. full article

Data stolen from HSBC in Switzerland: Bank

GENEVA: Data related to less than 10 clients was stolen from HSBC's Swiss branch, the bank said on Wednesday, amid media reports that some names of alleged French tax evaders was obtained by France through theft. full article

24,000 employees affected by data breach

Personal information exposed on the Internet, University working to minimize future threats

Important personal information, such as social security numbers, names and zip codes, of many Notre Dame employees was exposed to the Internet after the University accidentally placed the information in a publicly accessible location. full article

Attorney General Says Health Net Security Breach Concerns Worsen After Report Reveals Breach Was Likely Theft

The Connecticut Attorney General, Richard Blumenthal, has issued a statement about his intensified concerns about the Health Net breach: Attorney General Richard Blumenthal said he is deeply troubled by an investigative report on the Health Net security breach that acknowledges a missing disk drive containing private financial and health information on hundreds of thousands of citizens was likely stolen. full article

Hacker Exposes Unfixed Security Flaws In Pentagon Website

Romanian hacker posts proof-of-concept attacks for Pentagon's public Website

A Romanian hacker has posted a proof-of-concept attack exploiting vulnerabilities on the Pentagon's public Website that were first exposed several months ago and remain unfixed. full article

Scammers scrape RAM for bank card data

Malware sidesteps encryption

Forget keyloggers and packet sniffers. In the wake of industry rules requiring credit card data to be encrypted, malware that siphons clear-text information from computer memory is all the rage among scammers, security researchers say. full article

US air screening procedures leaked online

The US Transportation Security Administration (TSA) has revealed industry secrets about airport passenger screening practices by accidentally publishing an in-house manual online. full article

Verizon: Data Breaches Getting More Sophisticated

Methods of stealing data are becoming increasingly sophisticated, but attackers are still gaining initial access to networks through known, preventable vulnerabilities, according to a report released by Verizon Business on Wednesday. full article

Fired for Refusing To Let Bosses Use Son's Social Security Number, Waitress Says

WHITE PLAINS, N.Y. (CN) - A waitress says her managers fired her because she refused to take a bribe to let an undocumented kitchen worker use her son's Social Security number. Sheila Everly sued Legal Sea Foods in Westchester County Court. full article

Two Data Security Breaches Give State Attorneys General a Chance to Exercise Their New HIPAA Powers

In a sign that state attorneys general may be flexing the HIPAA enforcement muscle granted by the HITECH Act provisions in the Recovery Act, the Connecticut and Arizona attorneys general are investigating health plans that recently experienced data breaches that they failed to disclose for several months. full article

Police pledge on desal privacy breach

Victoria Police say privacy laws prevent them from releasing private information about opponents of Victoria's desalination plant.

They are reviewing an agreement that appears to allow police to give details about protesters to the company AquaSure, which is building the $3 billion plant at Wonthaggi, in the state's east. full article

Men Accused of File-Sharing Scam

SAN DIEGO (CN) - Two San Diegans stole $20,000 by stealing identities of people who use peer-to-peer file-sharing software, federal prosecutors said. Jeffrey Steven Girandola, 32, and Kajohn Phommavong, 25, are charged with conspiracy, computer fraud, access device fraud and aggravated identity theft, the U.S. Attorney's Office said. full article

Nevada agent fraudulently collects $27, faces four years in prison

A former Nevada insurance agent pleaded guilty to insurance fraud and could face up to four years in prison for writing fake insurance policies for friends and relatives without their knowledge. full article

Germany plans Internet virus phonecall alerts

German officials are planning to step up the fight against online viruses by phoning Internet users to warn them their computers are infected, an industry summit was told Tuesday. full article

Vulnerability in DISA security scripts could leave systems at risk

DISA warns government users not to run Unix Readiness Review Scripts until it is fixed

The Defense Information Systems Agency (DISA) is warning government administrators not to use its Security Readiness Review (SRR) scripts to evaluate Unix computers because of a vulnerability that could allow applications to install malicious software. full article

Over 40 percent of Facebook users invite identity theft by blindly accepting friend requests

In the shocking, yet not really unexpected, results of an investigative study by Sophos, 41% of Facebook users blindly accept friend requests from unknown contacts. full article

4 Santa Rosa residents arrested in identity-theft ring

Santa Rosa police on Tuesday arrested four Santa Rosa residents in connection with an identify-theft operation. full article

2001 city council candidate Knapp sought on ID theft charges

Mark Knapp, an environmental activist who once ran as a Green Party-endorsed candidate for a seat on the Minneapolis City Council, is being sought by authorities on a federal arrest warrant after he skipped a court date in Oregon. full article

28 Home Affairs officials arrested for identity theft

Addressing a media briefing in Pretoria yesterday, Home Affairs Minister Nkosazana Dlamini-Zuma said the officials were suspended last month. full article

Man pleads guilty to fraud, identity theft

STOCKTON - A 39-year-old Stockton man pleaded guilty in federal court Tuesday to fraud, identity theft and possession of stolen mail in a two-year fraud scheme. full article

New Study Indicates Consumers May Be Misinformed Regarding Identity Theft Risks

Consumers may have incorrect perceptions regarding identity theft while shopping for the holidays, according to a study commissioned by, the multilayered identity theft detection, protection and fraud resolution product. full article

Kennewick police arrest suspect in ID theft

KENNEWICK -- Kennewick police say they arrested one of two people sought in a week-old identity theft case and found someone wanted on unrelated warrants while tracking down suspects Monday. full article

7 of 8 suspects arrested, charged in fraud case

SURFSIDE BEACH, SC (WMBF) - Surfside Beach Police have arrested seven people in connection with a fraud investigation, and are looking for an eighth suspect. full article

Facebook gives users more privacy controls

Users will be able to select a privacy setting for each piece of content

NEW YORK - Facebook is changing its privacy settings to give users control over who sees the information they post on their personal pages. full article

Surprise! Merchants say Web fraud is down

Times are tough -- even for cybercriminals. Online merchants in the U.S. and Canada report a dramatic 18 percent drop in fraud, down from $4 billion in 2008 to $3.3 billion this year, according to a survey by the security firm CyberSource. full article

State Department Employee Sentenced for Illegally Accessing Confidential Passport Files

A State Department employee was sentenced today to 12 months of probation for illegally accessing more than 125 confidential passport application files. Kevin M. Young, 42, of Temple Hills, MD, was also ordered by U.S. Magistrate Judge Alan Kay in the District of Columbia to perform 100 hours of community service. Young pleaded guilty on Aug. 17, 2009, to a one-count criminal information charging him with unauthorized computer access. full article

Computer of Alleged Sarah Palin Hacker had Spyware

The 21 year-old college student charged with hacking former Alaska Governor Sarah Palin's Yahoo e-mail account was using a compromised computer that was secretly logging and reporting information without his knowledge, his lawyers say. full article

December 8, 2009

Student ordered to destroy downloaded music files

Student ordered to destroy downloaded music files

A graduate student who must pay four record labels a combined $675,000 in damages for downloading and sharing songs online has been ordered to destroy his illegal music files--but a judge declined to force him to stop promoting the activity that got him in trouble. full article

Seattle man sentenced to two years in prison for 35 years of ID theft

Clark Mower, 58, of Seattle, Washington was sentenced on Friday in U.S. District Court in Seattle to two years in prison and one year of supervised release for Aggravated Identity Theft. Mower had used the personally identifying information of a family acquaintance for more than 30 years to avoid prosecution for drug and alcohol charges. He then used the stolen identity to obtain government benefits and declare bankruptcy, creating years of difficulties for the victim. The victim, a resident of Oregon, has struggled for years to clear his credit and get Mower to stop using his identity. full article

Russian's Sneaky E-Filing Scam Netted $136K

SAN DIEGO (CN) - A Russian man was sentenced on Monday to 18 months in federal prison for a sneaky scheme in which he diverted federal tax returns to his own accounts. Maxim Maltsev, 23, of Novosibirsk and San Diego swiped $136,000 by setting up Web sites that claimed to be affiliated with the IRS "Free File" electronic filing program and taking the money from people who thought they were actually filing their returns with the IRS. full article

District Court Explains Ruling that Red Flags Rule Doesn't Apply to Lawyers, Implies Limitation of Applicability to Banking, Lending, & Finance Sectors

On December 1, Judge Reggie Walton of the U.S. District Court for the District of Columbia issued a memorandum opinion in a lawsuit by the American Bar Association against the Federal Trade Commission, explaining his October 29 ruling from the bench that the FTC's Red Flags Rule does not apply to lawyers. Holding that "[e]ven a cursory review of the language of [the Fair and Accurate Transactions Act (FACT Act), through which Congress authorized the creation of the Red Flags Rule, and other legislation defining relevant terms] and the purposes underlying their enactment leads the Court to the conclusion that it was not 'the unambiguously expressed intent of Congress' to bring attorneys within the purview of the FACT Act and thus subject them to regulation by the Commission's Red Flags Rule," Judge Walton rejected almost every argument put forth by the FTC and indicated that the court would similarly condemn any FTC attempt to apply the Rule to other professionals outside of the banking, lending, and financial sectors who bill periodically for services previously rendered. full article

uTest discovers cross-site scripting vulnerability on major retailer’s site

U-Test has just completed a substantive, independent review of three major e-tailing sites — and found a gaping security hole in one of them. full article

The end of paralysing DDoS attacks?

Denial of service attacks - hacker attacks that paralyse high-profile websites - could be a thing of the past, say UK academics.

Distributed denial of service (DDoS) attacks are increasingly popular with cybercriminals, security firm McAfee warned in a November report. full article

Google sues over work-at-home schemes

DG News Service - Google filed a lawsuit Monday against a U.S. company it alleges runs work-at-home scams that unnecessarily charge people's credit cards and spoof Google's brand name. full article

The Turducken Approach to Privacy Law

In June, the metaphor of the turducken made its first appearance in American jurisprudence. full article

ID Analytics Reveals New Address Discrepancy Research Findings

Organizations across a wide array of industries struggle to effectively identify fraudulent address changes and new Federal regulations are placing more stringent responsibilities on creditors to resolve address discrepancies. full article

Criminals outwit Captcha website security systems

Criminal gangs are using sophisticated software to outwit the Captcha systems used by webmail, microblogging and social networking services to protect their sites against hackers and spammers. full article

Groups Far Apart on Online Privacy Oversight

IF online privacy was once an obscure policy subject, it has come front and center. That much was apparent at the standing-room-only roundtable on privacy and technology that the Federal Trade Commission held here on Monday. full article

Cisco 2009 Annual Security Report

Cisco Security Intelligence Operations announces the Cisco 2009 Annual Security Report. The updated report includes information about 2009 global threats and trends, as well as security recommendations for 2010. full article

Unisys Predicts Biometrics Boom To Protect Data In 2010

Identifies seven security trends that will emerge in 2010

BLUE BELL, Pa., December 8, 2009 " Slashed budgets and reduced staffing numbers delayed many security initiatives in 2009, but the vulnerabilities didn't retreat and will only intensify in 2010, Unisys security experts predict. full article

Ruggedised botnets pushing out even more spam

Cybercrooks have adapted to the takedown of rogue ISPs by building more resilient botnets. An annual security survey by MessageLabs found that the already high level of spam reached 87.7 per cent of email traffic during 2009, with highs and lows of 90.4 percent in May and 73.3 percent in February respectively. Junk volumes increased still further compared to the 81.2 per cent spam rate recorded by MessageLabs in 2008. full article

Microsoft downplays Windows BitLocker attack threat

Microsoft says research spelling out multiple attack scenarios to access files protected by BitLocker presents a relatively low security risk to users. full article

Consumers Are Advised to Beware of Credit Card Theft

The season of giving is a time of taking for some. The Lewis County Sheriff’s Office reported three cases of identity and credit card theft over the past weekend. full article

Pleasant Grove woman charged in identity theft case

PROVO — A Pleasant Grove woman accused of working with her boyfriend to steal his adopted daughter's identity faces criminal charges. full article

New Springville woman hit with identity theft charges

STATEN ISLAND, N.Y. -- Undeterred by her initial failure, an alleged identity thief from New Springville tried four more times to obtain credit cards in the name of a former friend’s wife. full article

FTC Warns World Cup Soccer Fans: Watch Out for Ticket Scams

In conjunction with the organizers of the World Cup, the Federal Trade Commission is warning soccer fans that they could become victims of scams. In some cases, Web sites that offer tickets for sale are run by con artists who don't really have tickets. In other cases, consumers buy "tickets" and travel to the World Soccer Cup site only to learn that the tickets they purchased are counterfeit. Other Web sites may offer packages that provide hotels, transportation and tickets - but they don't actually have the tickets, at all. full article

FTC Sues to Stop Robocalls With Deceptive Credit Card Interest-Rate Reduction Claims

Commission Also Issues National Do Not Call Registry Data Book for 2009

The Federal Trade Commission today announced its second major law enforcement effort this year targeting telemarketers who violated the Do Not Call Rule and other laws by making hundreds of thousands or even millions of pre-recorded robocalls to consumers. The cases announced today target three groups that allegedly made robocalls to sell worthless credit-card interest-rate reduction programs for hefty up-front fees of as much as $1,495. At the FTC’s request, in each case, the court has issued an order temporarily halting the robocalls pending trial. full article

Germany to set up centre to coordinate fight against botnets

In 2010 the German government is planning to pick up the fight against infected home computers. In the first half of next year it plans to set up an advisory centre which will help users purge their computers of viruses and bots. The idea, jointly developed by the Federal Office for Information Security (BSI) and the Association of the German Internet Industry (eco), is based on the premise that internet service providers (ISPs) have long had the technical capability to identify infected computers by analysing network traffic. The project was officially announced by BSI and eco at today's fourth national IT summit in Stuttgart. full article

December 7, 2009

HSBC exposed sensitive bankruptcy data

IDG News Service - HSBC Bank says a bug in its imaging software inadvertently exposed sensitive data about some of its customers going through bankruptcy proceedings. full article

Medicare Fraud Busted in Dallas

DALLAS (CN) - Beltline Medical Supplies submitted more than $1 million in false Medicare claims, and its owner pleaded guilty to federal charges of aggravated identity theft. Rafayel Movsesyan, 38, of Los Angeles, opened Beltline in Dallas in 2007. full article

Phishing losses add up

It's a numbers game – although the number of banking customers who fall victim to phishing attacks is small, it all adds up to a lucrative business for cyber criminals, according to a study by security services provider Trusteer. According to the Trusteer report, in any one phishing attack on a US banking institute, around 13 out of every million customers visit a phishing website, as a result of actions such as clicking on a link in an email, and of these almost half enter their login details on the phishing website. full article

HIPAA's role in liability cases tested in Mich.

Courts have split over whether the federal privacy statute prevents informal discovery of certain patient information.

Michigan's Supreme Court is set to decide whether the Health Insurance Portability and Accountability Act preempts a state law allowing defendants in medical liability lawsuits to informally interview plaintiffs' other treating physicians -- a move that doctors say could put them at a disadvantage in defending such cases. full article

Feds Challenged in Bid to Dismiss Wiretapping Suit

(CN) - The government can't use national security to justify its illegal wiretapping program, class-action attorneys argued in their bid to block the government from using the state secrets privilege to have the case dismissed. full article

CBS 6 Exclusive: Confidential UAlbany documents part of Climategate leak

t least two confidential documents that SUNY lawyers refused to release earlier this year were leaked as part of thousands hacked from a top climate research center last month. full article

New System Swaps the Cash Register for an iPhone

Some experts doubt that startup Square can succeed.

Square, a new startup based in San Francisco and headed by Twitter cofounder Jack Dorsey, opened its doors amid much hype and fanfare last week. But some experts are already questioning whether the company will be able to sustain itself. full article

China Warns of Skype Phishing, Shuts Offending Domain

China's cyberthreat response group Monday warned local Skype users about phishing scams being carried out through the chat program, in a show of ongoing efforts to counter phishing in the country. full article

Viruses infect Admissions server

An Office of Admissions server containing personal information of current, prospective and former undergraduate students was infected with a number of viruses on Nov. 11. full article

Police: Greenport woman's social security number stolen in '88, ID thief found

An investigation that began when a Greenport, Columbia County woman had trouble applying for a mortgage has been traced back to an identity theft transaction that occurred 21 years ago, State Police say. full article

Woman pleads guilty to identity theft

A Fort Drum woman could be sentenced to up to three years in state prison for illegally using another woman's debit card. full article

New charge in children's program embezzlement

RICHMOND, Va. (AP) - A Richmond woman accused of embezzling from a state-run children's program is facing a new charge of extortion. full article

Supreme Court Audit Board Case Could Reopen Sarbanes-Oxley Debate

The Supreme Court hears a case on Monday that could alter how corporate America is audited and overhaul the Sarbanes-Oxley corporate reform act. full article

The hidden costs of identity theft

(CNN) -- Debra Guenterberg doesn't have to go to a horror movie to get spooked. She says she's been living a nightmare for the past 13 years. full article

Hacker scalps NASA-run websites

Miscreants took advantage of weak security to hack into two NASA-run websites over the weekend. full article

AU: Contractors should not have access to police files

On Saturday The Age revealed that Victoria Police had agreed to hand over to Aquasure, the international consortium building a desalination plant near Wonthaggi, information about people involved in protests against the plant. In a 20-page memorandum of understanding, signed in August by Assistant Commissioner Paul Evans and the secretary of the Department of Sustainability and Environment, Peter Harris, the police agreed to release to Aquasure ”law-enforcement data” in the form of ”any text, images, audio and video … and includes (but is not limited to) data related to individuals, aggregated data, written reports and correspondence, memoranda, police diaries, official notebooks, running sheets and other data repositories”. In other words, anything at all. full article

Facebook users fall for rubber duck's friend request

People still haven't learned that social sites are criminal gold mines, says security firm

Computerworld - Facebook users haven't learned to keep their personal information private, a security researcher said today after his company conducted a test that sent randomly-selected people a friend request from bogus accounts. full article

December 6, 2009

Kids' Social Security numbers on school postcards

RALEIGH -- The Wake County school system accidentally sent out about 5,000 postcards with students' Social Security numbers printed on the front, a mistake that angered parents and will cost the district nearly $100,000 to remedy. full article

December 5, 2009

Beware of online ‘Breaking Dawn’ casting scam

Bogus ads appear on ‘Twilight’ fan sites, but movie isn’t even in production

Fraudulent e-mails announcing casting calls for “The Twilight Saga: Breaking Dawn,” have been flooding the inboxes of fanpires across the country, according to The Casting Scoop. full article

Ca: Bank not responsible after new account was opened using stolen identity

A fraudster used forged identification of an individual to open a bank account in the individual’s name. When the fraud was discovered, the individual realized that the fraudster had also used an invalid address and telephone number when applying for the account. The victim claimed the bank could have avoided the fraud and the resulting impact on his credit rating by verifying this personal information before opening the account. full article

Phishers angling for Web site administrators

Scam e-mail artists have launched a massive campaign to trick webmasters into giving up the credentials needed to administer their Web sites, targeting site owners at more than 90 online hosting providers. Experts say the attackers are attempting to build a distributed network of hacked sites through which to distribute their malicious software. full article

Mail carrier suspected in theft of passport forms

Charges were pending against a Canada Post worker in Gatineau, Que., on Friday after about 70 Ontario passport applications full of personal information vanished in the mail. full article

Identity Theft Charges Against Former UAlbany Student

Prosecutors in the Albany County District Attorney's Office say 22-year-old Jessica Erazo was able to get her hands on $19,000 by using stolen identities to co-sign for loans. full article

December 4, 2009

FTC To Host Privacy Roundtable

The Federal Trade Commission will host the first of three public Roundtables to explore the privacy challenges posed by technology and business practices that collect and use consumer data. This first roundtable will focus on the benefits and risks of information-sharing practices, consumer expectations regarding such practices, behavioral advertising, information brokers, and the adequacy of existing legal and self-regulatory frameworks. full article

Teen sues over ID in online arrest log

MADISON — In what may be the first lawsuit of its kind in the state, a Rhode Island man is suing the town because he was listed in an online arrest log when he was 17 years old, which is not permitted by law. full article

New study calls for cybersecurity overhaul in U.S.

Government needs to focus on offering businesses incentives to fix security problems and educating corporate leaders about the benefits of enhanced cybersecurity

The U.S. government and private businesses need to overhaul the way they look at cybersecurity, with the government offering businesses new incentives to fix security problems, the Internet Security Alliance said. full article

Thanksgiving Webcam promo leads to malware

IDG News Service - The $10 Webcam that Anna Giesman bought her daughter at Office Depot over the Thanksgiving weekend sounds like one of those deals that's too good to be true. And for her, it was. full article

No harm, no foul, says judge in Express Script data breach case

Plaintiffs failed to show how breach affected them directly, judge rules

Computerworld - A federal court in Missouri has thrown out a consumer class-action lawsuit that was brought against pharmacy benefits company Express Scripts over a 2008 data breach in which millions of customer records were believed to have been illegally accessed. full article

Seychelles & Barclays Called Financial Pirates

(CN) - The owner of a solar energy company says Barclays Bank and the African Republic of Seychelles are conspiring to "commandeer the world's financial system." Along the way, they plundered his corporate bank account, illegally seizing $8.5 million from it, LXE Solar claims in Manhattan Federal Court. full article

New FTC website educates kids about privacy and fraud

The Federal Trade Commission has opened new areas of a “virtual mall” with content that will help kids learn to protect their privacy, spot frauds and scams, and avoid identity theft. The FTC Web site,, introduces key consumer and business concepts and helps youngsters understand their role in the marketplace. The FTC is the nation’s consumer protection agency. full article

Health Net’s notification to New Hampshire

Health Net’s notification to the New Hampshire Attorney General’s Office is now available online (pdf). Dated November 23, the letter states that although the files on the lost portable hard drive were not encrypted as they should have been, because they were image-only format files of scanned documents, they would be difficult to view. The files contained names, addresses, phone numbers, Social Security numbers, and possibly protected health information and financial information of 504 New Hampshire residents. full article

Healthcare Data Breaches Slow To Surface

Doug Pollack, Chief Marketing Officer for ID Experts, wrote the following article, questioning why we’re not yet seeing any reports of breaches affecting 500 or more posted to HHS’s website under the provisions of HITECH that went into effect September 23. Keeping in mind that not all breaches involving healthcare organizations involve unsecured protected health information, that it takes time to figure out a breach and report it, that HHS gave entities an “out” by inserting a “harm threshold” that Congress did not want or legislate, and that HHS may not have anyone dedicated to updating their web site, I’m not particularly surprised that we’re not seeing anything on HHS’s web site yet. But like Doug, I keep watching their site, too. full article

DOD to miss deadline for removing Social Security numbers from IDs

The Defense Department will not meet its end-of-the-year deadline for removing Social Security numbers from military ID cards as they are issued or renewed, the Pentagon has confirmed. full article

PayPal mistakes own email for phishing attack

Banks and financial institutions are fond of lecturing customers about the perils of phishing emails, the bogus messages that attempt to trick marks into handing over their login credentials to fraudulent sites. Yet many undo this good work by sending out emails themselves that invite users to click on a link and log into their account rather than going a safer route and telling users to use bookmarked versions of their site. full article

Two charged with trafficking counterfeit computer hardware

Federal prosecutors have charged two Johnson County men with trafficking counterfeit computer hardware they got from China and Hong Kong. full article

Responding To The Red Flags Of Identity Theft

Today's high-profile breaches and increased media coverage guarantee that we're all familiar with identity theft. But the most rapidly growing segment – and one of the most damaging – is medical identity theft, which grew 400 percent in 2008 and accounts for close to five percent of all identity theft cases according to a Federal Trade Commission (FTC) survey. full article

Woman told she is dead

An elderly Durban woman has become the latest victim of a Home Affairs bungle resulting in her being declared dead. full article

ICBC camera led police to government files breach

Facial-recognition software found photos of same person, two names

New computer technology designed to protect B.C. driver's licences from fraud and identity theft red-flagged a civil servant last February and led to the discovery of a serious government privacy breach, court documents show. full article

Supreme Court provides broad view of Internet luring

OTTAWA — The Supreme Court of Canada moved Thursday to "close the cyberspace door" on Internet predators in a unanimous ruling that is expected to make it easier to enforce Canada's criminal ban against luring children online. full article

Know the traps before applying for a store credit card

NEW YORK | The offer could tempt anyone buying holiday gifts: Open a store credit card and save 20 percent on your purchase. full article

Financial Agencies Release Safe Harbor Form

WASHINGTON (CN) - Financial institutions regulated under the Gramm-Leach-Bliley Act will issue new privacy statements to their account holders detailing the privacy policies of the institution and the rights of account holders under those policies. full article

Gumblar Continues to Spread, Thousands of Sites Infected

Months after it first appeared on the scene, the Gumblar malware continues to infect thousands of servers across the Internet and is closing in on nearly 80,000 servers pointing to the hosts that are serving the malware. full article

N.J. Supreme Court Weighs Travelers' Right of Privacy in Baggage They Don't Claim

A case heard by the New Jersey Supreme Court on Tuesday may clarify whether a passenger who doesn't claim his luggage can assert a Fourth Amendment right against search and seizure of its contents. full article

New SpyPhone iPhone App Can Harvest Personal Data

A Swiss iPhone developer has released a new application that is capable of harvesting huge amounts of personal data from iPhones, including geolocation data, passwords, address book entries and email account information, all using just the public API. full article

Attack on Windows BitLocker

Fraunhofer SIT has presented a method for discovering the BitLocker drive encryption PIN under Windows. The method even works where TPM is used to protect the boot process. The trick? An attacker with access to the target computer simply boots from a USB flash drive and replaces the BitLocker bootloader with a substitute bootloader which mimics the BitLocker PIN query process but saves the PINs entered by the user to disk in unencrypted form. full article

Attack exploits just-patched Mac security bug

If you haven't installed the latest security update for Mac OS X, now would be a good time. A security researcher has released a proof-of-concept attack that exploits critical vulnerabilities that Apple patched on Thursday. The vulns stem from bugs in the Java runtime environment that allow attackers to remotely execute malicious code. Sun Microsystems patched the flaws early last month. full article

Web Site Aims to Uncover Fakers in Fatigues

Military impostors, beware: A Web site has been launched to root out fraudulent veterans and fakers in fatigues. full article

Security breach compromises information on 1,400 District 86 grads

A security breach discovered last month at the University of Nebraska involved the names, addresses and Social Security numbers of 1,400 Hinsdale High School District 86 graduates. full article

EIU warns of student data security breach

CHARLESTON, Ill. (AP) - Eastern Illinois University says someone outside the school may have broken into files containing personal information from about 9,000 current and former students and applicants. full article

Lost Textron Financial hard drive held employee, customer data

Textron Financial has notified the New Hampshire Attorney General’s Office that an external hard drive lost in mid-October contained personal information on 54 former and current employees as well as customers. full article

DoD nixes vendor of online monitoring software over privacy concerns

Echometrix suspended from selling products via military's shopping portal

Computerworld - Echometrix Inc., a vendor of parental control software that is already under fire for alleged violations of an online children's privacy law, has been suspended from selling its products on a Department of Defense shopping portal because of privacy concerns. full article

December 3, 2009

Morton loses confidential papers

Brief case stolen from friend's car eventually recovered

Sustainable Resources Minister Ted Morton told CBC News on Wednesday he felt really "stupid" after his brief case, containing confidential government documents, was stolen from a friend's car and found in a downtown apartment building. full article

Memory stick given to Bristol boy sparks school data law row

A school has been accused of breaching data laws after it sent a 10-year-old boy home with a computer memory stick which contained sensitive information about his fellow pupils. full article

Malware derails Indian business school admission tests

Politician wade in as exams for 8,000 applicants postponed

A malware infection has screwed up plans for Indian business schools to run admission tests online for the first time. full article

Wanted: A Smokey Bear for cybersecurity

Cybersecurity has become more than a homeland security issue; it has become a national lifestyle issue that hinges on raising education at the individual level, a panel of information security experts said today. full article

Fake websites shut down by police

More than 1,200 websites that claim to sell cut-price designer goods have been shut down in the biggest police operation of its kind in the UK. full article

Men arrested in burglary, ID theft

Two men were in custody in the Wichita County Jail on Wednesday after being arrested in Iowa Park for vehicle burglary and identity theft-related charges, records show. full article

Marion man arrested in identity theft case

A Marion man accused of taking a Florence man’s Social Security number, stealing from his bank account twice and getting a Verizon phone in his name has been arrested — but only after the victim said he contacted the U.S. Secret Service himself. full article

Grand Jury Indicts Man Accused of Using Stolen ID Since 2001

PHOENIX (AP) — Maricopa County authorities say a man has been indicted on charges of identity theft and forgery. full article

Spamwatch: Personal vaccination profiles

Hugh Williams over at the Identity Theft unit of the state attorney general's office sent me a tip about a new form of spam e-mail floating around the Internet, this time preying on swine flu fears. full article

Sprint Denies 'Massive Disclosure' Of Sensitive Information

A privacy expert's claims vastly overstate the case, the company says.

Responding to Indiana University doctoral student and privacy researcher Christopher Soghoian's claim that Sprint Nextel (NYSE: S) provided law enforcement agencies with customer GPS location data over 8 million times in just over a year, Sprint said the information was "inaccurate" and has been "grossly misinterpreted." full article

Government Surveillance Of Social Networks Challenged

Policies governing the usage of social network data remain unclear at many government agencies.

The U.S. government's use of social networks as an investigatory tool is being challenged by two legal advocacy organizations. full article

Cameroon, China riskiest country domains, McAfee finds

Websites registered in the African nation of Cameroon are the most likely domains to infect users' computers with malware, according to McAfee's annual study on the web's riskiest recesses. full article

Breached restaurateurs suing point-of-sale provider

Seven restaurant chains that suffered data breaches are suing the maker and distributor of a bank card processing system, which they say was vulnerable and allowed hackers to steal customer information. full article

Bronx woman faces identity theft, forgery charges in New Rochelle

NEW ROCHELLE — A 45-year-old Bronx woman was arrested after, police said, she tried to use an altered Staten Island resident's driver's license as identification to withdraw $4,500 from Chase bank in New Rochelle. full article

Fed chair's ID theft linked to woman charged in Colorado

DENVER - A woman busted for stealing the identity of Federal Reserve Chairman Ben Bernanke's wife now faces identity theft charges in Denver after cashing stolen checks at banks in Cherry Creek. full article

Top Experts Examine Causes Of Breaches In Spy Museum Forensics Panel

Enterprises should rethink their approach to IT security, panelists say

WASHINGTON, D.C. -- Cyber Forensics: Digital CSI Event -- Here at the U.S. Spy Museum, breaches are taken seriously. And in a panel held here last night, four top security experts had some serious advice for enterprises and security professionals. full article

Many More Government Records Compromised in 2009 than Year Ago, Report Claims

If you're bummed about the data in your department that just got breached, you have some cold comfort. Although the combined number of reported data breaches in the government and the military has dropped in 2009 compared to last year, many more records were compromised in those breaches, according to recent figures compiled by a California nonprofit. full article

Tax Documents Found in Atlanta Dumpster

ATLANTA (MyFOX ATLANTA) - Private personal information was found in a dumpster Tuesday. Everything from tax returns to mortgage applications from a midtown accountant's office were found and state investigators said the documents should have been shredded. full article

MS honeypot research sheds light on brute-force hacks

Microsoft's honeypot-based research has highlighted common password mistakes, as well as shedding light on automated hacking techniques. full article

The FBI Says You've Won the Lottery

A Fight Identity Theft visitor forwarded this email to us today and it was so creative I just had to post it here. full article

Birmingham Man Sentenced to Prison for False Tax Refund Scheme

Cardale Leon Bates of Birmingham, Ala., was sentenced to 57 months in prison today by U.S. District Court Judge L. Scott Coogler, the Justice Department and Internal Revenue Service (IRS) announced. full article

John Deere purchase unraveled alleged identity theft scam for James Jett, of Byron Township

KENT COUNTY -- When James Jett purchased a $10,000 John Deere Gator two years ago, his credit was so good he qualified for a loan with no down payment and no interest for six months. full article

Identity theft and homeowners insurance

If you have a bank account, credit card, social security number or driver's license, pay close attention: you're at risk for identity theft. full article

AG Van Hollen: Milwaukee countyman sentenced in identity theft case

MILWAUKEE - Attorney General J.B. Van Hollen announced that a MilwaukeeCounty man was sentenced today for identity theft. full article

Two sentenced to prison for online money laundering

IDG News Service - Two Bulgarians have been sentenced for their roles in an online money-laundering scheme that collected about $1.2 million from U.S. residents and sent it to a criminal group in Eastern Europe, the U.S. Department of Justice said. full article

Black Screen Of Death Hits 50,000 PCs

Thousands of Microsoft Windows users download tool in hopes of fixing critical bug.

A security firm that's developed a fix for the so-called "black screen of death" affecting Windows PCs said more than 50,000 users have downloaded the utility in just five days—an indication that the problem is widespread. full article

December 2, 2009

Navy to investigate security breach

Royal Navy investigators flew to Belfast last week after a memory stick containing "restricted" information on naval manoeuvres and personnel around the UK was reported missing. full article

Wichita Student Private Information Online

Many Wichita parents are angry after learning their children's names, ages, addresses and phone numbers are listed on an internet web site. full article

Civilization's High Stakes Cyber-Struggle: Q&A With Gen. Wesley Clark (ret.)

As wrenching as traditional warfare is, there is a new kind of threat brewing that ultimately could cause even greater harm to the planet, retired general Wesley Clark told TechNewsWorld. " full article

Personal Documents Discovered in Dumpster

(Battlefield, MO) -- A shocking discovery made inside a Battlefield, Missouri dumpster. full article

Cameroon leapfrogs Hong Kong in malware hosting blocklist

One in three .cm domains booby-trapped, warns McAfee full article

UK mulls extension of McKinnon judicial review period

Refusal to step in branded 'spineless' full article

Russian ransomware blocks net access

New social engineering wheeze appears in east full article

Foodies sue providers of hacked payment system

Breaches R Us full article

Malicious PDFs can commandeer BlackBerries, RIM warns

Patch available

Attackers can commandeer your BlackBerry servers by attaching maliciously formed PDF files to emails, Research in Motion warned Tuesday. full article

FreeBSD bug gives untrusted root access

'Unbelievably simple' exploit full article

Federal Judge Releases Written Opinion on 'Red Flags Rule'

The judge who ruled that lawyers can't be forced to comply with new federal rules meant to prevent identity theft released his written opinion Tuesday. full article

Keep an eye on temps, and other holiday season security tips for retailers

Deck the halls, but watch the data logs, say security experts full article

Social Security Numbers On County Website

Thousands of social security numbers posted on-line, has a Virginia watchdog group labeling a Shelby County office holder "the king of stupid." full article

Hancock Fabrics: 4th State Linked to Possible Breach

A fourth state has been linked to the recent fraud associated with national retailer Hancock Fabrics. full article

‘Mastermind’ of $1 million N.Y. Medicaid scheme sent to prison

David Williams, who authorities call “the mastermind” of a Long Island Medicaid scheme responsible for stealing more than $1 million, was sentenced to three years to nine years in prison. full article

Ohio broker sanctioned for stealing two sisters’ $90,000 inheritance

A Miamisburg, Ohio, securities broker was barred by FINRA for misappropriating a $90,000 inheritance two sisters received from their deceased aunt. full article

Trusteer Reports that Half of Online Banking Users Who Click on Phishing E-mails Lose their Login Credentials

Annual Phishing Related Losses Estimated to be as High as $9.4M per Million Customers full article

Hackers spread virus with swine flu vaccine offer

Hackers are spreading a vicious computer virus through spam email messages that urge recipients to visit a bogus website offering vaccinations to protect them against another virus -- the one that causes swine flu. full article

Gurnee man accused of ID theft

A 34-year-old Gurnee man was arrested last by Lincolnshire police as a suspect in an identity theft case. full article

Data Breach Can Lead to Identity Theft

A recently released report reinforces the strong link between fraud and identity theft and warns consumers that they should be more proactive when it comes to protecting their personal information from ID thieves. full article

'Tis the season for purse snatchings, car break-ins, identity theft

Officials aim to keep shoppers safe full article

Duo indicted on multiple counts of credit card theft

WINCHESTER -- A local man and woman stole credit cards and used them to buy items in the city, according to indictments handed down by a Winchester Circuit Court grand jury in November. full article

SC woman faces ID theft charges in Denver

DENVER (AP) — A woman awaiting sentencing in a Washington, D.C.-area identity theft case whose victims included Federal Reserve Chairman Ben Bernanke's wife also faces charges in Denver. full article

Koobface botnet enters the Xmas season

The Koobface botnet, one of the most efficient social engineering driven botnets, is entering the Xmas season with a newly introduced template spoofing a YouTube video page, in between enticing the visitor into installing a bogus Adobe Flash Player Update.... full article

5 security threats to watch in 2010

SINGAPORE--Everyday Internet users will be a key target for cybercriminals looking to get people to download their malware, while the proliferation of social sites such as Facebook and Twitter will lead to an increase of possible fraud cases, reported Symantec. full article

Globalized domains to up phishing attacks

The upcoming launch of internationalized domain names (IDNs) is unlikely to have a significant impact on spam levels but may deliver a spike in phishing, security experts warned. full article

Microsoft: November security updates are fine

Microsoft said Tuesday that its investigation has turned up no evidence that anything in its November security updates should be causing users to encounter a so-called "black screen of death." full article

India blocks service to millions of handsets

India has blocked service to all mobile phones without a valid identity code, as part of antiterrorist measures being implemented by the Indian government. full article

Issuing fake uni degrees should be a crime - expert

An American authority on university degrees wants New Zealand to make it a crime to issue or purchase unapproved educational qualifications, after putting New Zealand on its list of countries that churns out "fake" degrees. full article

Facebook to overhaul privacy structure

Facebook is about to begin a major overhaul of its privacy structure, the company said in an announcement posted on the service Tuesday night. full article

Holiday shopping season and cyber-criminals

UTICA, N.Y. (WKTV) - As the holiday shopping season is in full-swing, the chances of getting scammed or losing personal information through identity theft looms large. full article

December 1, 2009

Court orders spam mastermind to pay $15.15 million

At the request of the Federal Trade Commission, a federal judge has ordered the mastermind of a vast international spam network to pay $15.15 million in a default judgment for his role in what was identified by the anti-spam organization Spamhaus as the largest “spam gang” in the world. The spam gang deceptively marketed products such as male-enhancement pills, prescription drugs, and weight-loss pills. Ringleader Lance Atkinson, a New Zealand citizen and Australian resident, last December admitted his involvement in the spam network to New Zealand authorities and has already paid more than $80,000 (nearly $108,000 New Zealand dollars). Atkinson’s accomplice, U.S. resident Jody Smith, agreed to an order requiring him to turn over nearly all of his assets to the FTC, to settle FTC charges. full article

Hospital laptop stolen, data may be breached

A Children's Hospital of Philadelphia laptop computer containing Social Security numbers and other personal information for 943 people was stolen from a car outside an employee's home on Oct. 20. full article

Laptop Theft Debated by Councillors

A FOUR-day lapse between council staff realising a laptop containing nearly 15,000 postal voter details was missing and reporting it to police was called into question last week. full article

Breach Of Privacy Information At Kern Medical Center

BAKERSFIELD, Calif. -- On Oct. 31, a theft occurred at Kern Medical Center outside the Information Services Department located at 1700 Mount Vernon Ave. full article

Navy Finds Lessons In Stolen Laptops, Storage Drives

The theft of computer equipment from a Naval office turned out to be less serious than feared, but served as a reminder on the importance of securing external hard drives and encrypting data. full article

British minister denies McKinnon extradition appeal

Accused U.S. government hacker Gary McKinnon must be extradited to the United States to stand trial, a top British official has decided. full article

A rather bland breach notification sparks questions

Alpha Software Inc., a business that focuses on development tools for businesses wishing to create AJAX-based platforms, recently announced a data breach in a manner so casual, some actually questioned if it was real. full article

UK: Information Commissioner’s Office demystifies data protection

The Information Commissioner’s Office (ICO) has produced a new plain English Guide to Data Protection to provide businesses and organizations with practical advice about the Data Protection Act and dispel myths. The guide will help organizations safeguard personal data and comply with the law. The guide takes a straight-forward look at the principles of the Data Protection Act and uses practical, business-based examples. full article

'Iqbal' Derails Tubercular Attorney's Privacy Complaint

Andrew H. Speaker, the lawyer who made headlines when he took a trans-Atlantic commercial flight while infected with a rare strain of tuberculosis, probably lost his bid to hold the Centers for Disease Control and Prevention liable for federal privacy act violations because of relatively new case law that changed the standard for dismissal on the eve of Speaker's filing. full article

Privacy fears prompt Fry to quit Plaxo

Stephen Fry has quit Plaxo after he became annoyed that the social networking site was revealing what he sees as too many personal details with anyone visiting the site - as opposed to designated contacts full article

Extra spam and malware security for has partnered with security firms to bolt improved anti-spam and malware protection onto the URL shortening service. full article

Low Tech Data Security Measures Essential To Hitech Compliance

With the February 17 deadline looming, Kroll Fraud Solutions releases white paper outlining key steps to HITECH compliance. full article

Growth of EHRs Could Lead to Rise in Medical Identity Theft

Although some people have touted electronic health records as a strategy to improve health care efficiency, others are expressing concern that EHRs could make patients more vulnerable to medical identity theft, the Wall Street Journal reports full article

NICB sets up texting capability to report insurance fraud

As a way to increase the reporting of insurance fraud from the more than 246 million cell phone users in the U.S., the National Insurance Crime Bureau (NICB) is adding a text feature to its reporting system. full article

Six Individuals Sentenced for Multi-Million Dollar E-Mail Stock Fraud Scheme

WASHINGTON – Six individuals were sentenced today in federal court in Detroit fortheir roles in a wide-ranging international stock fraud scheme involving the illegal use of bulkcommercial e-mails, or “spamming.” full article

Court to decide what time, trouble are worth in Hannaford breach

PORTLAND, Maine — Whether Hannaford Bros. customers may recover damages for the time and trouble it took them to straighten out their bank or credit card accounts after the Scarborough-based firm’s computer system was breached in late 2007 and early 2008 now is up to the Maine Supreme Judicial Court. full article

Identity theft equipment, cocaine found at apartment, Alameda police say

ALAMEDA — Equipment linked to identity theft, including a machine for embossing names and numbers on blank credit cards, was seized when investigators searched an apartment in the city's West End. full article

Teacher charged with breach of computer security

A Southwest Austin middle school teacher was arrested last week and charged with breach of computer security, according to school district police. full article

Scammers get more powerful tools for tapping social networks

Potential attackers are able to build detailed profiles that can then be used in highly targeted phishing scams against individuals and enterprises

New tools capable of quickly finding, gathering, and correlating information about individuals from social networking sites and other public sources are giving online scammers a powerful new weapon, say security researchers. full article

Identity thieves prey on careless holiday shoppers

December may be the peak of the holiday shopping season, but it’s also the time of year when customers are most at risk for identity theft. full article

Iwallet Corp launches iWallet to help prevent identity theft

iWallet helps to avoid identity theft, as it could be opened only if it recognizes your finger print. full article

I.D. Theft Suspects Arrested in Madera County

MADERA COUNTY, Calif. (KFSN) -- A traffic stop has led to four arrests in Madera County; all of them are suspects in an alleged identity theft operation with victims across the country. full article

Despite warnings, plenty still falling for scams

The letter offered the deal of a lifetime - the chance to split at least $16.5 million. full article

Abu Dhabi Commercial Bank Partners with Cyveillance to Increase Customers' Online Security

Partnership enables Bank added customer protection from online threats and improved online protection of its brand full article

Identity theft equipment, cocaine found at apartment, Alameda police say

ALAMEDA — Equipment linked to identity theft, including a machine for embossing names and numbers on blank credit cards, was seized when investigators searched an apartment in the city's West End. full article

New ransomware attack blocks Internet access

Security researchers have stumbled upon a new piece of ransomware that blocks an infected computer from accessing the Internet until a fee is paid via SMS (text message). full article

Tiger Woods car accident leads to malicious sites created and detected

The car accident involving golfer Tiger Woods has led to Google trends being dominated by the event. full article

New Ransomware Blocks Internet Access

Security researchers have stumbled upon a new piece of ransomware that blocks an infected computer from accessing the Internet until a fee is paid via SMS (text message). full article

WA Police leveraged in PayPal email scam

The Western Australia Police banner, badge and logo are being used by scammers in a fake email requesting recipients to hand over PayPal details. full article

Northrop Grumman launches cybersecurity research group

IDG News Service - Government security contractor Northrop Grumman has joined with three leading cybersecurity research universities to launch a research consortium focused on fixing the most vexing problems in information security. full article

Court to decide what time, trouble are worth in Hannaford breach

PORTLAND, Maine — Whether Hannaford Bros. customers may recover damages for the time and trouble it took them to straighten out their bank or credit card accounts after the Scarborough-based firm’s computer system was breached in late 2007 and early 2008 now is up to the Maine Supreme Judicial Court. full article


Contact Information

Center for Identity Management and
Information Protection
Dr. Donald Rebovich,
Executive Director
Utica College
1600 Burrstone Road
Utica, NY 13502