CIMIP - Center for Identity Management and Information Protection

September 2012 News Archive

September 28, 2012

Cyber Attacks on U.S. Banks Expose Tech Vulnerability

Cyber attacks on the biggest U.S. banks, including JPMorgan Chase & Co. (JPM) and Wells Fargo (WFC) & Co., have breached some of the nation’s most advanced computer defenses and exposed the vulnerability of its infrastructure, said cybersecurity specialists tracking the assaults. full article

FTC Sues Hotel Operator Wyndham Worldwide Over Data Breaches

The Federal Trade Commission (FTC) is suing hotel company Wyndham Worldwide and three of its subsidiaries for security failures that resulted in three data breaches in less than two years. full article

Hackers Attack Philippine Central Bank Site to Protest Cyber Law

Hackers attacked websites of the Philippine central bank and at least two other government agencies last night to protest a law against cyber crime set to take effect next week. full article

Justice Department, IRS Seek to Avoid Tax Identity Theft

The U.S. Justice Department and the Internal Revenue Service are working to head off identity theft aimed at stealing people’s tax refunds when the filing season begins in January, the government’s top tax prosecutor said. full article

September 27, 2012

FTC Refunds over 138,000 Victims of “Free” Goods Telemarketing Scam

Good news for the victims of the Sure Touch telemarketing scheme. The US Federal Trade Commission (FTC) has started sending out refund checks to 138,737 individuals who fell for the shady company’s “free” goods and services pitch. full article

California Joins Ban on Employers Demanding Social Media Access

California today joined two other states making it a crime for employers and colleges to ask applicants or workers for their social media login information in order to access their private Web sites. The new laws -- one for companies and one for colleges -- go into effect Jan. 1, 2013. full article

Halifax Bank Phishing Scam: Upward Review of Credit Limit

Emails entitled “Urgent Notification (Protect Your online Banking),” apparently coming from Halifax Bank, urge recipients to click on a link and update their online accounts. full article

New FERC office to focus on cyber security

The Federal Energy Regulatory Commission (FERC) has created a new FERC office — Office of Energy Infrastructure Security (OEIS) — which will help the Commission focus on potential cyber and physical security risks to energy facilities under its jurisdiction full article

Authorities identify Hoover woman charged with identity theft

FAIRFIELD, Alabama - Fairfield police today charged a Hoover woman after authorities say she stole a woman's identity and more than $21,000 over the past two years. full article

Drones Subject to GPS Spoofing, Privacy ‘Abuses,’ GAO Report Warns

The Government Accountability Office is warning Congress that its push for drones to become commonplace in U.S. airspace fails to take into account concerns surrounding privacy, security and even GPS jamming and spoofing. full article

ACLU forces government to reveal skyrocketing surveillance stats

Feds got more peoples' phone call records in last 2 years than previous 10.

Statistics obtained by the American Civil Liberties Union provides additional evidence that government surveillance of Americans has skyrocketed in recent years. The government is legally obligated to release reports about its surveillance activities, but it refused to do so until the ACLU sued to compel the production of the documents. full article

Massive identity theft scheme busted

A Chilliwack woman is facing multiple charges after Mounties uncovered what they say was a complex identitytheft scheme operating out of a Yale Road house. full article

Couple Gets 13 Years for Defrauding BP Oil Spill Trust Fund

MIAMI, Florida, September 26, 2012 (ENS) – A south Florida couple were sentenced today in Miami federal court for perpetrating a series of disaster-related fraud schemes, including the largest case of financial loss arising from claims filed in connection with the 2010 BP Deepwater Horizon oil spill in the Gulf of Mexico. full article

September 26, 2012

Why your next 'Passw0rd' might not be a password

It's been a rough year for passwords. First, 6.5 million LinkedIn passwords were leaked online. Soon after, millions of passwords from eHarmony and Yahoo users were published by hackers. These events exposed untold numbers of accounts to criminals, as many consumers use the same passwords across multiple accounts. full article

Energy Giant Telvent Claims Chinese Hackers Installed Malware on Its Systems

Telvent Canada Ltd, an organization that’s actively involved in providing software and services for the remote administration of energy industry systems, claims that a group of hackers breached its systems, planted malicious software, and stole trade secrets. full article

FTC: Software used by rent-to-own stores spied on customers

The stores used software to capture screenshots, log keystrokes and take webcam pictures, the FTC alleges

IDG News Service - The U.S. Federal Trade Commission has reached proposed settlements with a software vendor and seven rent-to-own stores after the agency accused them of installing spyware on rented computers that captured screenshots of personal information, logged keystrokes and, in some cases, took webcam pictures of people in their homes. full article

Tiny Evil Maid CHKDSK Utility Can Steal Passwords

Stealthy malware that can sneak onto machines during the boot process and remain undetected indefinitely is one of the brass rings of security research. There have been a number of tools developed over the years that aimed to accomplish this goal, with Joanna Rutkowska's Evil Maid attack being perhaps the most famous. Now a developer in Canada has produced a similar tool that impersonates the CHKDSK utility and can grab a user's password and then exit without the user's knowledge. full article

Researcher Finds 100k Passwords Stored in Plain-Text on Public FTP Server

A Romanian computer scientist discovered that the Institute of Electrical and Electronics Engineers (IEEE) was storing its members' usernames and passwords in plaint-text on a publically accessible file transfer protocol (FTP) server. full article

AvMed data breach case opens door for ID theft claims

A recent federal appeals court ruling may narrow the burden for plaintiffs to prove that they are victims of identity theft as result of a data breach. full article

Wells Fargo recovers after site outage

The banks appears to be the latest victim in a string of cyberattacks on U.S. financial instiutions

September 26, 2012 — IDG News Service — Wells Fargo's website experience intermittent outages on Tuesday, while the hacker group claiming responsibility threatened to hit U.S. Bancorp and PNC Financial Services Group over the next two days. full article

Four Miami-area residents indicted by federal grand jury in Birmingham on bank fraud charges

BIRMINGHAM - Four Miami, Fla., area residents were indicted by a federal grand jury in Birmingham today for conspiracy, bank fraud, access-device fraud and aggravated identity theft, federal authorities announced. full article

September 25, 2012

Two men admit to $10 million hacking spree on Subway sandwich shops

The Romanians admitted their role in ring that compromised some 146,000 cards.

Two Romanian men have admitted to participating in an international conspiracy that hacked into credit-card payment terminals at more than 150 Subway restaurant franchises and stole data for more than 146,000 accounts. The heist, which spanned the years 2009 to 2011, racked up more than $10 million in losses, federal prosecutors said. full article

Police warn of ID theft

Man had info on hundreds

The Wichita Falls Police Department has sent letters to potential identity theft victims, urging them to check their credit for any recent unknown activity, a department spokesperson said Monday. full article

Warrants served at local banks, house in identity theft probe

Search warrants were served Monday at two banks and a residence in Lafayette as part of an 18-month, statewide investigation into fraudulent and stolen Social Security numbers. full article

New NIST publication provides guidance for computer security risk assessments

The National Institute of Standards and Technology (NIST) has released a final version of its risk assessment guidelines which can provide senior leaders and executives with the information they need to understand and make decisions about their organization’s current information security risks and information technology infrastructures full article

Cyber espionage campaign targets energy companies

Signs suggest remote access trojan by group that attacked RSA

Computerworld - Hackers using a Remote Access Trojan (RAT) named Mirage have been engaged in a systematic cyber espionage campaign against a Canadian energy company, a large oil firm in the Philippines and several other entities since at least this April, Dell's SecureWorks Counter Threat Unit says. full article

Social Engineering Still a Major Factor in Corporate Compromise

Businesses today cannot function at full capacity without Email. Criminals know this, and despite billions spent to protect corporate email, it’s the easiest way for an attacker to get inside a company. With that said, FireEye has published a report on the top Spear Phishing campaigns so far this year, which they say have shot up more than 50% compared to levels in 2011. full article

New Twitter-Based Malware Uses Direct Messaging to Spread

Sophos is warning of a new trick to get Twitter users to open direct messages from trusted users that ultimately infect their machines with malware. full article

Fake Microsoft Emails Designed to Phish Out AOL, Yahoo!, Gmail Credentials

Fake Microsoft emails inform recipients that their “installation records are out of date.” The messages attempt to trick users into handing over their Windows Live, Yahoo!, Gmail, AOL or other credentials. full article

Threat from hacking of city of Tulsa's website extends beyond city limits

TULSA - The city of Tulsa's website was hacked recently, but it's not just Tulsans whose personal information is at risk. full article

JPMorgan Chase Bank Servers Hacked, Tiffany Employee Details Exposed

Computer servers owned by JPMorgan Chase Bank have been breached. The financial institution alerted high-end jewelry company Tiffany & Co because the affected machines contained the personal details of some employees. full article

September 24, 2012

Latricia Williams, Shelton Tanner sentenced in identity theft and tax credit fraud scheme

PHOENIX - Buckeye resident Latricia Williams was sentenced to three years in prison Friday after pleading guilty in March 2012 as one of three individuals involved in an identity theft and tax credit scam. full article

Discover will refund $200 million to settle charges it tricked customers

Discover Bank will refund $200 million to more than 3.5 million cardholders to settle charges that its telemarketers used deceptive tactics to sell credit card “add-on” products, such as credit score tracking and identity theft protection. full article

Massachusetts Hospital Agrees to Pay $1.5m After Stolen Laptop HIPAA Violation

Massachusetts Eye and Ear Infirmary, a Boston-based hospital, agreed to pay $1.5 million to the U.S. Department of Health and Human Services (HSS) earlier this week, settling a HIPAA violation stemming from a 2010 incident. full article

Co-operative Bank Scam: Checking for Inactive Customers

A new variant of an old scam is making the rounds, landing in the inboxes of unsuspecting Co-operative Bank customers. The phishing emails attempt to convince recipients that the financial institution is checking for inactive customers and incorrect email addresses. full article

Breach Exposes POS Vulnerabilities

Hackers Sentenced; Court Docs Reveal Attack Details

Two Romanian hackers pleaded guilty to roles they played in the point-of-sale attacks that hit 100 Subway sandwich shops and other U.S. retailers. And details revealed in court expose common POS security vulnerabilities that remain a concern for smaller merchants and their banking institutions. full article

Chinese hacktivists launch cyber attack on Japan

Government sites sink in dispute over islands

Chinese hackers have taken up cyber arms and followed up widespread anti-Japan protests in the People’s Republic over a set of disputed islands by attacking at least 19 Japanese government and other web sites. full article

Cyber espionage campaign targets energy companies

Signs suggest remote access trojan by group that attacked RSA

Computerworld - Hackers using a Remote Access Trojan (RAT) named Mirage have been engaged in a systematic cyber espionage campaign against a Canadian energy company, a large oil firm in the Philippines and several other entities since at least this April, Dell's SecureWorks Counter Threat Unit says. full article

Silicon Valley Mercury News , September 20, 2012

Three arrested at Fremont motel accused of running an identity theft ring

Three people, two caught hiding in a motel bathroom, were arrested in Fremont, California Tuesday in connection with an identity theft ring after police say they found them with stolen personal checks and other personal information that did not belong to them. full article

2,500 involved in Kentucky data breach

The Kentucky-based Cabinet for Health and Family Services notified approximately 2,500 clients Tuesday that a possible employee e-mail account breach may have resulted in the unintentional release of personally identifiable information. full article

Former NFL and College Players Enter Pleas in Federal Court

Several former NFL and college football players have been charged in federal court with crimes such as tax fraud and aggravated identity theft. full article

September 19, 2012

Many steps recommended to stay safe from identity theft

Kim Dauplaise has never had her identity stolen, but the New Bedford woman nonetheless worries that she's not doing enough to prevent it from happening. full article

Fourteen arrested in U.S. tax fraud, identity theft ring

(Reuters) - Fourteen people were arrested on Wednesday and charged with operating a long-running U.S. identity theft ring that filed thousands of fraudulent federal income tax returns to claim $65 million in illegal refunds, according to the U.S. Attorney's office in New Jersey. full article

U.S. Justice Department speeding arrests of tax refund thieves

Federal prosecutors gain new authority for criminal tax cases

(Reuters) - The U.S. Justice Department launched a new effort on Tuesday to combat identity theft used to steal income tax refunds, granting federal prosecutors authority to quickly arrest suspects. full article

String of I.D. thefts strikes FL subdivision

Toll from fraud case nears $100K for 14 victims in Summerfield development

The Forest Lake Police Department last week used its Code Red system to alert residents in a Forest Lake subdivision of a lengthy string of identity thefts. full article

Fake doctor with stolen ID saw 500 patients in South Carolina

Austell - A Ghanaian man living in Austell, Ga., stole the identity of his physician friend, opening credit cards in his name. He took the identity theft one step further by assuming the identity of the doctor and seeing hundreds of patients in South Carolina. full article

Eleventh Circuit Rules “Damages” Properly Alleged in Data Breach-Identity Theft Lawsuit

In a case of first impression in the Eleventh Circuit, the Court ruled in a 2-1 opinion that the plaintiffs in a putative class action had sufficiently alleged liability against a health plan provider for a data breach involving actual identity theft. The Court’s opinion, decided under Florida law, gives crucial guidance to plaintiffs seeking damages for identity theft caused by a data breach and to defendants seeking to defend against such claims. See Curry v. AvMed, Inc., No. 11-13694, 2012 WL 2012 WL 3833035, — F.3d —- (11th Cir. Sep. 5, 2012). full article

Ex-Assemblyman Carl Washington arrested by FBI

Carl Edward Washington, who was a Democrat in the Assembly from the 52nd district, was arrested Monday on federal charges that he defrauded Farmers and Merchants Bank, First City Credit Union, and LA Financial Credit Union out of thousands of dollars by falsely claiming to be the victim of identity theft. Washington, 47, works for the Los Angeles County Probation Department. full article

September 14, 2012

BUCKS; ID Numbers And Medicare

Images of a woman waving her Medicare card on television at the Democratic convention last week in Charlotte, N.C., prompted the folks at and others to ask: Why do Medicare cards still have Social Security numbers on them anyway, when access to the numbers can post a risk of identity theft? full article

Old, Trusting and Tricked Out of Life Savings

GRACE, an 81-year-old widow in Colorado, lost her life savings recently to identity thieves who had stolen her personal and financial information. She has hard-earned advice for anyone who gets a call from a stranger. full article

College students need to study up on ID theft

(Reuters) - Two months before Shundra Jackson was due to graduate from the University of Georgia in 2008, she received a letter at her campus job warning that her wages were about to be garnished if her credit card bills remained unpaid. The problem was: Jackson did not have any credit cards. full article

Local financial planner sentenced for identity theft

A former financial planner at the Indianapolis offices of Northwestern Mutual and One America-American United Life was sentenced Tuesday to two years in federal prison after pleading guilty to identity theft. full article

McAfee identifies new malware threats

The second quarter 2012 (Q2 2012) McAfee Threat Report was released on Sept. 4 and has brought attention to new malware threats. The report identified threats such as mobile "drive-by downloads," the use of Twitter for control of mobile botnets, and the appearance of mobile "ransomware." This report covered the largest number of malware samples ever collected. The malware sample discovery rate accelerated to nearly 100,000 per day during 2012. full article

Despite warnings, most states slow to confront corporate ID theft

September 12, 2012 — IDG News Service — How easy is it to steal the identity of a business? Just ask Roger Lee Shoss and Nicolette Loisel, two Houston-based attorneys who turned hijacking the identities of publicly traded companies into a cottage industry. full article


Contact Information

Center for Identity Management and
Information Protection
Dr. Donald Rebovich,
Executive Director
Utica College
1600 Burrstone Road
Utica, NY 13502