CIMIP - Center for Identity Management and Information Protection

Identity Theft News


News Archive


November 2009 News Archive

November 30, 2009

State mistake puts personal data at risk

Mishandling of confidential records jeopardizes vulnerable Oregonians' identities full article

Social Security number breach angers alumni

A Penn State professor's online grade book containing 303 Social Security numbers may have been compromised by a computer virus, and some of those affected say they've discussed taking legal action. full article

Secure on-line shopping tips for Cyber Monday

"Cyber Monday", the Monday after Thanksgiving when we begin our holiday online shopping activities in earnest, is upon us. full article

Police crack down on fake ID industry

Charlotte outfit shut down as problem grows. Officials worry about national security, identity theft full article

Gervais pic used in amusingly rubbish failed bank fraud

Crooks tried to impersonate Ricky Gervais by using a picture of The Office character David Brent mounted in a counterfeit passport as part of a comically inept attempt to withdraw a large sum from the comedian's bank account. full article

Latest Microsoft security patches cause black screen of death

The changes to some registry keys can render a PC useless, according to a UK security vendor that has a software fix full article

Identity Theft on the Rise

As our economy wiggles and our standard of living starts to deteriorates, money-rooted crimes like identity theft are now on the rise. full article

Watchdog's warning over fake lottery scams

The Office of Fair Trading is warning the public to beware of fake lottery scams. full article

Holiday Shopping Tips by the Internet Crime Complaint Center (IC3)

This holiday season the Federal Bureau of Investigation ( FBI) is reminding people that cyber criminals continue to aggressively create new ways to steal money and personal information. Scammers use many techniques to fool potential victims including fraudulent auction sales, reshipping merchandise purchased with a stolen credit card, and sale of fraudulent or stolen gift cards through auction sites at a discounted price. full article

NJ VA official admits faking military record

CAMDEN, N.J. — An official in New Jersey's Military and Veterans Affairs Department has admitted he falsely claimed a heroic record in the Vietnam War as a paratrooper and artilleryman. full article

Credit-Card Scammers Drilled Dentists

MANHATTAN (CN) - A man was sentenced to nearly 10 years in prison for leading a credit-card fraud ring that stole the identities of 176 dentists. Michael A. Roseboro and his crew stole $1.75 million from dentists around the country by claiming to be an investigator with Visa or Bank of America who was looking into potentially fraudulent charges on the dentists' credit cards. full article

Searchable database of patient records to go commercial

A plan to make a system developed at the Cleveland Clinic available to other health entities has raised questions about the adequacy of privacy protections.

The Cleveland Clinic is backing a startup company that has built a search engine for electronic databases that would allow research using de-identified patient data. full article

The Root of the Botnet Epidemic

Over the course of a few days in February 2000, a lone hacker was able to bring some of the Web's larger sites to their knees, using just a few dozen machines and some relatively primitive software to cripple Yahoo, eBay, E*trade, Amazon, ZDnet and others for hours at a time. No one knew it at the time, but these attacks would come to be seen in later years as some of the earlier outbreaks of what has become a massive online pandemic. full article

State Goes After Two Collection Agencies Over Identity Theft

A government agency in Minnesota announced actions against two collection agencies and a title company in an ongoing effort to crack down on identity theft in the state. full article

Medical Identity Theft Is On The Rise

"Medical identity theft is on the rise and expected to worsen," The Wall Street Journal reports. "The problem has grown during the recession as more uninsured people use the coverage of a friend, relative or even a stranger to get care. Of particular concern is the fact that most of the fraud is committed by people who pay medical workers for patients' information." full article

Europe extends antiterrorist data-sharing deal with U.S.

IDG News Service - Europe's Council of Ministers today extended a controversial program that sends information on international financial transactions to the U.S. for antiterrorism purposes. full article

November 28, 2009

Metro admits to improper release of criminal history data

Experts say unauthorized access by 12 employees raises privacy, integrity concerns

At least 12 Metro employees have been found since 2005 to be improperly accessing and disseminating criminal history information for reasons unrelated to police work, according to a Metro filing in a recent lawsuit. full article

November 27, 2009

Worm author given a job as an iPhone App Developer

Mogeneration, an Australian software company, has hired the author of the first iPhone worm, Ashley Towns, to develop applications for the iPhone App Store. At the beginning of November, 21 year old Towns circulated the "Ikee" worm via Australian operator Optus's UMTS network. The worm penetrates vulnerable jailbroken iPhones and spreads using open SSH connections. Once logged into a phone, the worm copies itself onto the device, deletes the SSH service and changes the wallpaper to a photo of Rick Astley with the caption "ikee is never going to give you up". It then starts searching for further iPhones to infect. full article

Social Security hopes to expand its data exchange

The move is considered a step in the growth of the nascent National Health Information Network.

fter what it called a successful year testing the National Health Information Network with select hospital systems and regional health information exchanges, the Social Security Administration said its next step will be to exchange data with the Dept. of Veterans Affairs and the Dept. of Justice. full article

China Warns About Return of Destructive Panda Virus

A computer worm that China warned Internet users against is an updated version of the Panda Burning Incense virus, which infected millions of PCs in the country three years ago, according to McAfee. full article

November 25, 2009

Biegelman and Borgers Bring CFE Expertise to Financial Crisis Inquiry Commission

A bipartisan Congressional commission created to investigate the worst financial crisis since the Great Depression begins its work with two Certified Fraud Examiners serving in key positions: Martin T. Biegelman, CFE, CCEP was appointed Assistant Director for the Financial Crisis Inquiry Commission (FCIC), and Thomas Borgers, CFE, was appointed Senior Investigator. full article

FBI Investigating Whether Hospital Leaked Patient Info to Personal Injury Attorneys

LAS VEGAS (CN) - The FBI is investigating whether the University Medical Center released confidential patient records to personal injury attorneys looking for potential clients. full article

Another Corruption Allegation in New York

MANHATTAN (CN) - A clerk in New York City's Human Resources Administration stole copies of welfare recipients' birth certificates and Social Security numbers and sold them, federal prosecutors said. Michael Wills, 59, faces up to 15 years in prison if convicted of aggravated identity theft. full article

November 24, 2009

ACORN Docs Pulled from Dumpster

As Derrick Roach tells it, it was either luck or Divine intervention. His version of events may be hard to believe for ACORN supporters but the former Republican state assembly candidate believes something drew him to the dumpster behind the ACORN office in National City on the night of Friday, Oct. 9. full article

Social Security, county bank account numbers accidentally made public

Copies of a report into past Anderson County finances, released to the public last week, contained Social Security numbers for two people, business tax identification numbers for two companies and three active county bank account numbers. full article

Hancock Fabrics Linked to Fraud in 3 States

CA, WI and MO Investigators Say Recent Thefts Tied to Retailer's Transactions full article

Men sentenced in University Hospital records theft

A garden-variety car burglary in Kearns caused widespread concern last year when police learned a stolen metal case contained tapes with the personal information of about 1.5 million University Hospital patients. full article

Ralsky jailed for four years over stock fraud spam scam

Godfather of spam sent down full article

Facebookers hit with steamy clickjacking exploit

Facebook administrators have blocked a clickjacking exploit that displayed images of a scantily clad woman on profile pages without first prompting the user for permission. full article

Notre Dame accidentally exposes employee info on the Internet

The university says they're not sure if anyone saw the list, which included social security numbers and birth dates. They also haven't determined how long it was posted online. full article

Missing disk drive puts 1.5 million Health Net members’ info at risk

Officials in Connecticut are investigating the disappearance of a disk drive from an insurer’s office that contains the personal information of 1.5 million members in four states. full article

James The Cash King Charged with Mortgage Fraud

James Benjamin Duncan, 38; Hendrix Moreno Montecastro, 37; Helen Moreno Pedrino, 57; Maurice McLeod, 37; Charlie Sung Muk Choi, 34; Cindi Gayle Kelly, 33; and Thuan Nhan Du, 33; have been charged with 249 counts of securities fraud, grand theft, elder abuse and corporate ID theft against seven people in Riverside County, Califrnia. full article

Drug figure who sparked license furor heads to jail

Drug dealer Eugene N. Cobbs, whose 2004 plane crash yielded West Virginia's largest cocaine haul and whose fake ID led to a grand jury rebuke of PennDOT's driver's licensing system, has admitted his guilt and is headed to prison for at least seven years. full article

Australians detail cybersecurity strategy

Australian attorney general Robert McClelland launched an in-depth national cybersecurity strategy on Monday, supported by a new Computer Emergency Response Team to rival the existing AusCert. full article

Guam Attorney General Warns Island Residents About Identity Theft Scam

Guam- Consumers beware: a group operating out of Hong Kong is looking to steal your identity and your money. full article

3 arrested in identity theft investigation

The Benton County Sheriff's Office announced Monday the arrests of three people in an identity theft case and say that more arrests could follow. full article

Medical identity theft red flags

Identity theft is a nightmare if it happens to you. Cleaning up your credit can take an enormous amount of time and effort. full article

Police link fraud, ID theft to Uniontown woman

A Fayette County woman is accused of identity theft after allegedly obtaining credit in the names of her two young children and those of her parents. full article

At UMC, audits show privacy lapses are not new

Past county audits found shortcomings in HIPAA compliance full article

8 tips to keep your holiday shopping season bright

If you're heading out shopping this weekend, don't forget that a few simple steps can ward off thieves. full article

Jets say someone hacked Clowney's Twitter account

On Monday, it appeared that Jets receiver David Clowney was on the Larry Johnson career path, via a Twitter rant that invited a fan via direct message to "kill yourself" and a string of "F" bombs on his public page. full article

University hands confidential student records to media

The University Observer can exclusively reveal major security flaws within the UCD Registry, which allow an individual to gain access to the detailed academic records of any UCD graduate. full article

Lori Bolsinger pleads not guilty to fraud

The wife of former Ashland Daily Tidings Editor Andrew Scot Bolsinger pleaded not guilty Monday to fraud and theft charges related to the pair's alleged swindling of investors of more than $200,000 through a string of failed downtown Ashland businesses they co-owned while he was the editor. full article

Woman Arrested in $20K Scheme

Police have arrested a Cumberland County woman accused in a $20,000 check and credit card scam against PSECU and a North Middleton Township resident. full article

Third iPhone worm targets jailbroken iPhones

The main visible symptom on the iPhone is intense battery drain as a result of the constantly-running SSH-attacking process that the worm starts

Another week, another worm hitting jailbroken iPhones. As with the previous exploits, which Rickrolled your phone's wallpaper and stole your data, this nasty piece of work burrows its way into your jailbroken device if you haven't changed the password for the iPhone's root account -- you have changed your root password, right? Right? full article

Secure your jailbroken iPhone with a password change

So, you’ve jailbroken your iPhone, for whatever reason—because you want some functionality that’s not available from Apple, or because you’re a rebel—but you’re feeling a little wary after this week’s announcement of not just one but two exploits that affect jailbroken iPhone. full article

November 23, 2009

Five ways to lose your identity (and wallet) this holiday season

How online shoppers can make their systems more attractive to online thieves

Computerworld - The holiday season is almost here, and even in a recession huge numbers of people will likely be shopping online for gifts this year. full article

Global warming research exposed after hack

IDG News Service - An anonymous hacker has posted private e-mails, files and other documents belonging to a noted climate researcher, sparking an international debate between skeptics of global warming and those who see it as an urgent problem. full article

Hackers post new attack code for Internet Explorer

Zero-day flaw is unreliable, but Symantec expects reliable exploits in the 'near future' for code that affects Internet Explorer versions 6 and 7

A hacker has posted attack code that could be used to break into a PC running older versions of Microsoft's Internet Explorer browser. full article

Privacy czar to probe files breach

B.C.'s privacy commissioner has launched his own investigation into how sensitive information from 1,400 income-assistance clients ended up at the home of a government employee. full article

AMA meeting: Better data protection needed from Blues

New AMA policy says the national insurer needs to expand its offer of credit protection for doctors whose information was on a stolen laptop. full article

First malicious iPhone worm slithers into wild

A Dutch internet service provider has identified a worm that installs a backdoor on jailbroken iPhones and makes them part of a botnet. full article

New hacker peril for older IE versions

New species of unpatched bug bites IE6 and 7 full article

'Fingerprinting' RFID Tags: Researchers Develop Anti-Counterfeiting Technology

ScienceDaily (Nov. 19, 2009) — Engineering researchers at the University of Arkansas have developed a unique and robust method to prevent cloning of passive radio frequency identification tags. The technology, based on one or more unique physical attributes of individual tags rather than information stored on them, will prevent the production of counterfeit tags and thus greatly enhance both security and privacy for government agencies, businesses and consumers. full article

Teen gets prison term for attack on Scientology Web site

Dmitriy Guzner also ordered to pay $37,500 to church for DDOS attack in 2008

Computerworld - A 19-year-old New Jersey man this week was sentenced to a year and a day in federal prison for attacking the Church of Scientology's Web site in January 2008. full article

Former GEXA employee pleads guilty to computer intrusion

A former database administrator for GEXA Energy has been convicted following his guilty plea to intruding into his former employer’s computer database system. The conviction of Steven Jinwoo Kim, 40, was announced yesterday by United States Attorney Tim Johnson. full article

Employer's DNA test rule raises legal concerns

Genetic checks on job applicants slammed

AKRON, Ohio—The University of Akron is expected to soon rescind a controversial rule that lets the university demand DNA samples from job applicants as part of a criminal background check. full article

Mom accused of using kids' IDs to get credit cards

A Fayette County woman has been jailed on charges she used her father's identity, and those of her two young children, to try to open up dozens of credit card accounts. full article

PayPal agrees to tighten security against money launderers and criminals

AUSTRALIA'S financial transactions regulator has given eBay subsidiary PayPal Australia until May next year to bulletproof its online payment service against money launderers and terrorism financiers. full article

Woman charged with identity theft

A Decatur woman who was scamming Athens-area businesses was arrested at her home Saturday, according to the Winder Police Department. full article

Defeating identity theft in Australia

In a major announcement in Canberra late this afternoon, Attorney General Hon. Robert McClelland launched a new Cyber Security plan and said that the Government had three main goals that "reflect the three elements of individuals, business and government." full article

E-tailers snagged in marketing 'scam' blame customers

First the good news for consumers: the U.S. government's investigation into how dozens of well-known online stores worked with controversial marketers to "deceive" customers out of $1.4 billion has prompted some retailers, including Continental Airlines, to sever ties with the marketers. full article

iPhone worm hjacks ING customers

Updated The second worm to infect jailbroken iPhone users reportedly targets customers of Dutch online bank ING Direct. Surfers visiting the site with infected devices are redirected to a phishing site designed to harvest online banking login details, the BBC reports. ING Direct told the BBC it planned to warn users' of the attack via its website, as well as briefing front line call centre staff on the threat. full article

Facebook Hit With New CSRF Worm

Latest exploit replicates itself through bogus wall postings; security researchers wonder what else is out there.

Security researchers have identified a new worm spreading across Facebook, luring people out to adult Web sites and automatically replicating itself across people's profile pages. full article

Physicians get 4th reprieve from FTC identity theft rule

The postponement until June 2010 comes as lawmakers consider exempting some physician practices from the "red flags" rule. The AMA wants all doctors excluded.

The delay in enforcement of a federal identity theft prevention rule could give physicians the time needed to secure legislative relief from what they say is an overreaching regulation by the Federal Trade Commission. full article

Pennsylvania Police Arrest Woman for Allegedly Stealing Her Children's Identities

UNIONTOWN, Pa. — A southwestern Pennsylvania woman has been jailed on charges she used her father's identity, and those of her two young children, to try to open up dozens of credit card accounts. full article

Defeating identity theft in Australia

Tonight, Attorney General Hon. Robert McClelland launched Australia's Cyber Security Strategy, formalising the roles, responsibilities and policies of the Australian intelligence, cyber and policing agencies. This includes the goals of education, secure operation and resiliency. full article

Bank teller, 5 others charged in identity theft rings

WEST PALM BEACH - Six people, including a bank teller, have been arrested in a federal investigation into identity theft rings in South Florida. full article

November 22, 2009

New state rules seek to prevent theft of customer information

New Massachusetts rules seek to prevent theft of customer info

BOSTON — .Five years ago, identity thieves intercepted wireless transmissions from two Marshalls stores in Miami, opening the floodgates for the biggest data breach in U.S. history. Now Massachusetts businesses are gearing up to comply with new state regulations designed to prevent a repeat of the breach at TJX Cos., the parent company of the Marshalls and T.J. Maxx chains. full article

November 21, 2009

Wheat board couldn't explain to auditor why producers' 'personal data' sent to companies: document

OTTAWA - The Canadian Wheat Board, apparently for no reason, shared "sensitive information" about farmers with companies that handle grain, says a newly released document. full article

Humboldt suspends police chief as DCI starts probe

Humboldt's police chief has been suspended over allegations that he improperly used driver's license and criminal history information available only to law enforcement officials. full article

Winder police catch suspected holiday scammer

Winder police have captured the woman believe to be soliciting donations from local merchants in a fraudulent manner, said police. full article

Increase in mistaken identity landing more innocent people in Collier, Lee jails

NAPLES — When Barron Collier High School assistant football coach Johnny Drummond Smith was arrested Monday on a domestic battery charge, it would take several days to clear his name. full article

So Much Data, So Little Encryption

We surveyed almost 500 business technology professionals and found little end-to-end encryption use. Instead, we're doing only what auditors demand.

If you go solely by top-level stats on encryption use, you'll come away feeling pretty secure--86% of the the 499 business technology professionals responding to our InformationWeek Analytics State of Encryption Survey employ encryption of some type. But that finding doesn't begin to tell the real story. Only 14% of respondents say encryption is pervasive in their organizations. Database table-level encryption is in use by just 26%, while just 38% encrypt data on mobile devices. And 31%--more than any other response--characterize the extent of their use as just enough to meet regulatory requirements. full article

AZ Attorney General to investigate Health Net

A second state’s attorney general is opening an investigation into the Health Net breach that was only recently revealed six months after the data were either lost or stolen. full article

Holmes hospital flags hacked e-mail

Hynes drops re-election bid amid patient privacy worries

A power struggle at Brevard County's largest hospital has taken a serious turn with allegations that the chief of the medical staff pilfered another doctor's e-mail account and violated patient confidentiality laws. full article

Planned medical privacy rules redundant, says commissioner

EDMONTON — A new bill meant to clarify privacy rules for paramedics is redundant and threatens individual privacy, Alberta's information and privacy commissioner said on Friday. full article

Miss. woman gets almost 7 years for identity theft

JACKSON — Bria Danielle Morris was sentenced to nearly seven years Friday for stealing the identity of someone she met at a women’s shelter and using it to rip off a charity, businesses and people. full article

November 20, 2009

House committee passes cyber R&D, standards bill

Two draft bills intended to improve the security of cyberspace were combined into one piece of legislation that was passed Wednesday by the House Committee on Science and Technology. full article

Microsoft denies it built 'backdoor' in Windows 7

Don't worry, company tells users; NSA involved only in security compliance standards

Computerworld - Microsoft today denied that it has built a backdoor into Windows 7, a concern that surfaced yesterday after a senior National Security Agency (NSA) official testified before Congress that the agency had worked on the operating system. full article

Three indicted for Comcast hack last year

Three hackers have been indicted for redirecting the Web site to a page of their own making in 2008. full article

Report suggests discrepancy between reported and actual data loss incidents

A study released by the Ponemon Institute suggests that the number of reported data loss incidents in the UK is significantly higher than 415 reported to the Information Commissioners' Office. full article

New SSL attack can steal sensitive info from secure Web sites

Security researcher has developed generic attack code that could give hackers a very powerful phishing tool, but is keeping it private

A Seattle computer security consultant says he's developed a new way to exploit a recently disclosed bug in the SSL protocol, used to secure communications on the Internet. The attack, while difficult to execute, could give attackers a very powerful phishing attack. full article

Webroot reports on fake Verified by Visa phishing scam

IT security vendor Webroot says that a phishing scam purporting to come from Visa, the international card issuer, is scamming internet users as they start their online shopping for Christmas. full article

Cyberattacks on U.S. military jump sharply in 2009

Cyberattacks on the U.S. Department of Defense -- many of them coming from China -- have jumped sharply in 2009, a U.S. congressional committee reported Thursday. full article

MS discovers flaw in Google plug-in for IE

Microsoft has helped discover a flaw in the Google Chome Frame plug-in for Internet Explorer users. full article

Twilight ‘New Moon’ fans targeted for scareware and viruses

Twilight fans beware. A viral marketing campaign designed to exploit your anticipation over the New Moon movie coming out tomorrow may look like normal free media you’ve come to expect on the Internet. full article

Database anonymity at risk, warns researcher

People might be more identifiable than previously thought from supposedly anonymised information contained in large databases, according to a technology law expert. New research recommends that privacy practices and even privacy laws need to change. full article

IE8 bug makes 'safe' sites unsafe

The latest version of Microsoft's Internet Explorer browser contains a bug that can enable serious security attacks against websites that are otherwise safe. full article

IRS Pilot Program Will Allow Truncated Social Security Numbers on Information Returns

The IRS on Thursday announced a pilot program aimed at deterring identity theft (Notice 2009-93). Under the program, filers of certain paper information returns will be allowed to truncate the payee’s Social Security number on the payee statement. The change affects statements for 2009 and 2010. full article

New IBM Database Flaw Could Affect Several Other Vendors' Products

Denial-of-service (DoS) attack vulnerability in IBM's SolidDB affects HP OpenView

It turns out a newly discovered vulnerability found and reported in HP OpenView was really a bug in an IBM relational database product deployed in OpenView -- and the vulnerability could affect many other applications that also use the so-called IBM SolidDB technology in their products. full article

UMC has patient privacy leak

Without authorization from families, accident victims’ info sent to attorneys’ offices full article

Pre-Paid Legal Services says FTC may sue

Pre-Paid Legal Services Inc., a network of independent law firms, said Thursday that the Federal Trade Commission may sue the company over allegedly misleading representations made by its identity theft prevention program. full article

Inmate Charged with Identity Theft

The investigation revealed that an inmate obtained personal information from other inmates to fraudulently complete more than 50 Internal Revenue Service (IRS) tax refund forms totaling more than $88,000.

The Florida Department of Law Enforcement’s (FDLE) Tallahassee Regional Operations Center, Florida Department of Corrections’ (FDOC) Inspector General’s Office and United States Postal Inspection Service yesterday charged Michael William Joseph, 50, with fraudulent use of personal identification and organized fraud. full article

Identity crisis: The threat of bulk thefts

Small thefts are reported most often, but identities online are still at risk full article

Six arrested in crackdown on South Florida identity theft rings

A bank teller and five other people were arrested this week in a tri-county crackdown on identity theft rings in South Florida, according to the U.S. Attorney's Office. full article

Husband arrested, wife flees in suspected identity theft case

A parolee was charged Thursday with stealing personal information from the mail of South Bay residents to commit identity theft, police said. full article

Students Signing Up For Computer Hacking

The threat of cyber attacks on businesses and governments has led to a rapid increase in the number of universities offering students the chance to learn how to hack computer networks. full article

Local briefs: Ex-Fresno Co. worker convicted of ID theft

A former Fresno County welfare worker was convicted Thursday of three counts of identity theft and four counts of receiving stolen property. full article

2 women face sentencing in identity theft case

(AP) — JACKSON, Miss. - Two women faced federal sentencing Friday in scheme in which one of them stole the identity of someone she met at a women's shelter and used it to rip off people, businesses and charities. full article


The defendants are charged in a million dollar bank fraud and identity theft scheme. full article


A former Senior Vice President of Area Operations for First Service Credit Union in Houston has pleaded guilty to embezzling more than $30,000 from his former employer, United States Attorney Tim Johnson announced today. full article

Lost laptops shock watchdog

Privacy chief 'stunned' by casual way missing personal data treated full article

Banks on watch after suspected card breach

IDG News Service - An apparent data breach in Spain has caused Visa and MasterCard to warn banks of possible fraudulent credit card transactions. full article

Predictive Policing: A National Discussion

This week in Los Angeles, California, the Justice Department’s National Institute of Justice (NIJ) and Bureau of Justice Assistance (BJA) hosted the Nation’s first symposium on Predictive Policing. Predictive policing is a relatively new law enforcement concept that integrates approaches such as cutting-edge crime analysis, crime fighting technology, intelligence-lead policing and more to inform forward thinking crime prevention strategies and tactics. full article

Notre Dame security breach potentially affects employees

Notre Dame is warning university employees to keep an eye on their bank accounts after a security breach. full article

November 19, 2009

Lawmakers Slam Deceptive Web Marketers

Post-transaction marketing abuses bring calls for stronger oversight.

Three Internet companies -- Affinion, Vertrue, and Webloyalty -- and their hundreds of partners were pilloried by Senate lawmakers and academics on Tuesday for deceptive marketing tactics. full article

Gov't executives cite unstructured data as top concern

More than cloud computing, mobile devices and Web 2.0 applications, unstructured data is the cyberthreat federal government IT executives are most worried about, according to a survey released Wednesday by the Ponemon Institute and IT management software and solutions vendor CA. full article

1.5 Million Medical Files At Risk In Health Net Data Breach

A hard drive with seven years of personal and medical information on about 1.5 million Health Net customers, including 446,000 in Connecticut, was lost six months ago and was first reported Wednesday, state and company officials said. full article

80,000 Mailers Sent Out With Recipients' Social Security Numbers In Plain View

Check your mailbox. Thousands of Pennsylvanians could become victims of identity theft just because a piece of mail has been sent to their homes. full article

Spanish payment breach prompts huge German card recall

Holidaymakers at risk of fraud full article

ISA report reveals email security lapse

The Independent Safeguarding Authority's first annual report reveals that it sent an email with confidential data to the wrong address. full article

Palin claims webmail hack disrupted GOP campaign

Sarah Palin has described the hack of her webmail account as the "most disruptive" event in her campaign to become US vice president last year. full article

NSA role in Windows 7 development raises privacy concerns

Privacy expert says the NSA could build backdoors that enable tracking users and intercepting communications, but security researchers dismiss the idea

The National Security Agency (NSA) worked with Microsoft on the development of Windows 7, an agency official acknowledged this week during testimony before Congress. full article

McAfee, Inc. Warns Consumers about “The Twelve Scams of Christmas,” or Popular Online Attacks This Holiday Season

Cybercriminals Take Advantage of the Holiday Season, Aiming to Steal Consumers’ Money, Identities and Financial Information full article

Many U.S. flights delayed; FAA probing glitch

Delays reported in Atlanta, Boston and New York-area airports full article

NZ: Photos released after death may not be protected by privacy laws

Under U.S. privacy laws, HIPAA protections extend past death. The same does not appear to be true in New Zealand. full article

DNA Testing Firm Goes Bankrupt; Who Gets the Data?

An Icelandic firm that offers private DNA testing to customers has filed for bankruptcy in the U.S., raising privacy concerns about the fate of customer DNA samples and records, according to the Times of London. full article

Dura Identity Theft Investigation

MANCELONA, MI -- Around 300 employees at this Dura plant in Mancelona were handed a pink slip more than a year ago. This time it's a letter in their mailbox from the same company that is causing some concern. full article

NJ men accused of collecting $11.5 million in tax scheme involving identity theft

Franklin, Old Bridge men accused of collecting millions in bogus tax refunds

A Franklin man and an Old Bridge man are among four facing federal charges in an alleged scam to collect nearly $11.5 million in bogus tax refunds using stolen identities, authorities said Wednesday. full article

'Doppelganger' held for fraud

A Zimbabwean national was arrested after the man whose identity he allegedly stole tracked him down, Gauteng police said on Thursday. full article

Security tech co McAfee warns Israel at cyber risk

Israel is among the world's five most vulnerable countries to a cyber attack on critical systems. full article

Internet Check Biz Faces Contempt Order

LOS ANGELES (CN) - A federal judge granted the FTC's request to cite an Internet-based check service for contempt of court. Neovi and its operators violated a 2009 order telling them to stop running their business that lets people create and e-mail checks without verification of users' identities or their authority to draw funds on the accounts they use, the FTC said. It seeks daily fines and imprisonment if it doesn't stop. full article

Class Claims Facebook & Zynga Duped Them

SACRAMENTO (CN) - Facebook and game developer Zynga help to scam customers with misleading ads that dupe them into revealing their telephone and credit card numbers and then bill them for bogus charges, a class action claims in Federal Court. full article

November 18, 2009

Two held in global PC fraud probe

Two suspected computer hackers have been arrested in Manchester in a major inquiry into a global internet scam designed to steal personal details. full article

Classes Seek Millions for DMV Data Grabs

KANSAS CITY, Mo. (CN) - Southwestern Bell is the latest in a series of class-action defendants accused of using misrepresentations to get confidential data from a Department of Motor Vehicles database "for commercial purposes." full article

Credit card security breach fear

Reports are being investigated of a major credit card scam in Spain. full article

How to hack China for just $1,800

IDG News Service - Fraudsters may have a hot deal waiting for them in the form of an obscure Chinese domain name that's for sale on the Internet. full article

Justice, NSC lead review of cyber laws

The Justice Department and the National Security Council are leading a review of all laws that apply or could apply to cyberspace. full article

No jail for ex-cop over sex snooping

A FORMER West Australian detective has escaped a jail term for using the police computer system to access the details of more than a dozen women he fancied. full article

RIM security chief sees smartphone attacks on horizon

TORONTO/BOSTON (Reuters) - Hackers could one day turn ordinary smartphones into "rogue" devices to attack major wireless networks, Research In Motion's security chief warned. full article

Survey finds Mac, PC users are equal cybercrime victims

Because of phishing, operating a Mac yields no more protection from cybercrime than running a Windows machine, according to a survey conducted by security firm ESET. full article

China Defense Ministry Site Fends off Hackers

The Web site of China's defense ministry was attacked 2.3 million times in its first month online, Chinese state media said.

The report is a reminder that Chinese government and military bodies, often accused of cyberespionage against the U.S. and other countries, are also frequently attacked online. full article

Woman sentenced for identity theft

CHARLESTON, W.VA. -- Ramona Mack, 40, of Winfield was sentenced by U.S. District Judge Robert Chambers to 40 months in prison for aggravated identity theft and theft of government benefits. full article

Credit card pickpocketers arrested

Fairfax County police said they have arrested three members of a credit card pickpocketing ring. full article

Smartphones: A Bigger Target for Security Threats

As the iPhone, BlackBerry, and other devices have become more popular, harmful software such as viruses and spyware is emerging to exploit their vulnerability full article

FBI Suspects Terrorists Are Exploring Cyber Attacks

The Federal Bureau of Investigation is looking at people with suspected links to al Qaeda who have shown an interest in mounting an attack on computer systems that control critical U.S. infrastructure, a senior official told Congress Tuesday. full article

UK police reveal arrests over Zeus banking malware

IDG News Service - British police said Wednesday they've made the first arrests in Europe of two people for using Zeus, a sophisticated malicious software program that can scoop up any sensitive information on a PC. full article

ALERT -- Social security numbers found in area library books

TOLEDO, Ohio (WTOL) - Folks have been warned about not giving out personal information, but never knew an old library book could hold clues to their identities. full article

Dover's Wentworth-Douglass Hospital now ID'ing patients

DOVER — Wentworth-Douglass Hospital and all primary and specialty care practices affiliated with the hospital have implemented a new policy where patients must provide photo identification during their next visit, if they haven't done so already. full article

Second-hand ATM trade opens up fraud risk

Craigslist cash machine contains 1,000 card numbers full article

UK cybercops cuff ZeuS Trojan suspect pair

Alleged Bonnie and Clyde of malware full article

Bill would restrict P2P use on government networks

House bill is in response to embarrassing data leaks

Computerworld - House lawmakers introduced a bill that would restrict the use of peer-to-peer technology on government networks in response to several embarrassing data leaks. full article

The uninsured turn to fraud

Uninsured use identity theft to win access to care

Identity theft in health care is rising dramatically as a way for uninsured patients to receive treatment, according to the chief investigator for the state’s largest medical insurer. full article

November 17, 2009

Hackers Breach State Database

Affected Servers Hold Worker's Compensation Information

LINCOLN, Neb. -- A hacker has broken into the Nebraska Worker's Compensation database, prompting an FBI investigation and an effort to contact those who may be affected. full article

Trojans likely to follow Win 7 activation hack

Trojan attacks are likely in the wake of the Windows 7 product activation system cracks developed last week, less than a month after the release of Microsoft's latest operating system. full article

Are nations paying criminals for botnet attacks?

Network World - Nations that want to disrupt their enemies' banking, media and government resources don't need their own technical skills; they can simply order botnet attack services from cybercriminals. full article

Chicago's Camera Network Is Everywhere

Extensive Surveillance System Integrates Nonpolice Video, Raises Concerns About Possible Privacy Abuses

A giant web of video-surveillance cameras has spread across Chicago, aiding police in the pursuit of criminals but raising fears that the City of Big Shoulders is becoming the City of Big Brother. full article

3 charged in identity theft scheme

Federal agents have charged three women in connection with a scheme to allegedly use identity thefts to defraud local banks. full article

The Queen could better manage security of personal information than civil servants are

Her majesty’s servants seem to be lacking any sense of responsibility these days. full article

FAQ: Recognizing phishing e-mails

If you have received an e-mail from the Internal Revenue Service or the Federal Deposit Insurance Corporation, chances are it was a phishing attempt. If you received e-mail from your bank, PayPal, or Facebook urging you to immediately verify information or risk having your account suspended, it was undoubtedly phishing. full article

Nations arming for cyber war, says McAfee

An increasing number of attacks carried out over the internet have explicitly political goals, according to a report by security firm McAfee.

The US, Russia, France, Israel and China are armed with cyberweapons, the report said, with the UK, Germany and North Korea preparing for a future in which conflict is partly conducted through the internet. full article

UK mobile phone company staff sell customer data

The personal data of thousands of mobile phone users has been sold by staff at one of the UK's major mobile phone firms.

The Information Commissioner's Office (ICO) said investigators have been working with the mobile telephone company. It had suggested to the ICO that employees allegedly sold details relating to customers' mobile phone contracts, including when their contracts expire. The ICO investigation revealed that the information has been sold on to several brokers for large sums. full article

Verisign hopes to end phishing attacks

Verisign has begun working with the internet community to deploy DNS Security Extensions (DNSSEC), which could put a stop to phishing scams.

The internet security company is working to roll out the DNSSEC security standard across all .com and .net top-level domain names (TLDs) to protect users against man-in-the-middle-style attacks. full article

ID theft laws stuck in queue

NEW laws aimed at preventing identity theft and giving victims a means of untangling the mess are languishing in federal parliament, 10 months after they were introduced to the Senate by then human services minister Joe Ludwig.

The Identity Crimes Bill adds three identity offences to fill gaps in existing laws: trafficking in identity data (up to five years' imprisonment); possession with intent to commit a crime and possession of equipment for the purpose of identity theft (both a maximum three years). full article

Anti-skimming legislation 'toughest in Australia'

The Western Australian Attorney General, Christian Porter has unveiled legislation which he says will produce the toughest anti-identity theft and card-skimming laws in the country.

Under the proposed laws, anyone caught with another person's identity information or in possession of equipment used to make, supply or transmit the material with intent to commit a crime, will face a maximum five years imprisonment. full article

Laptop with voter details goes missing

A computer with personal data of more than 14,000 voters has gone missing from the offices of a local authority.

The laptop disappeared from offices in St Albans in what is thought to be an opportunistic theft. full article

Sprint customer seeing red over unauthorized payments

So you keep a credit card or debit card on file with a business so that you can call up to conveniently make a payment by phone? One individual found out that the convenience enabled a stranger to authorize $1000 in deductions from his bank account to pay his Sprint account. full article

New HIMSS Analytics Survey Reveals Healthcare 'Business Associates' Are Unprepared for Data Breach

68 Percent of Provider Respondents Indicated that the HITECH Act's Expanded Breach Notification Requirements will Result in More Discovery and Reporting of Incidents full article

Most security products flunk quality tests

Nearly 80 percent of security products that are sent for certification fail to perform as intended during the initial round of tests, and generally require additional two or more cycles of testing before they are certified, said ICSA Labs. full article

US govt to disclose findings in Web 'mystery charge' probe

The so-called mystery charges that have appeared on some of their customers' credit card statements will come under scrutiny at a hearing held by the U.S. Senate Committee on Commerce, Science and Transportation. full article

Federal Regulators Issue Final Model Privacy Notice Form

Eight federal regulatory agencies today released a final model privacy notice form that will make it easier for consumers to understand how financial institutions collect and share information about consumers. Under the Gramm-Leach-Bliley Act (GLB Act), institutions must notify consumers of their information-sharing practices and inform consumers of their right to opt out of certain sharing practices. The model form issued today can be used by financial institutions to comply with these requirements. full article

Vulnerability in Wikipedia Toolbar for Firefox

Security service provider Secunia has discovered a critical vulnerability in the Wikipedia Toolbar extension for Firefox that can be exploited by an attacker to compromise a victim's system. According to the report the cause of the problem is due to the application using invalidated input in a call to eval() which can be exploited to execute arbitrary JavaScript code. full article

FBI Says Hackers Targeting Law Firms, PR Companies

FBI alert says hackers increasingly targeting lawyers offices, public relations firms

Hackers are increasingly targeting law firms and public relations companies with a sophisticated e-mail scheme that breaks into their computer networks to steal sensitive data, often linked to large corporate clients doing business overseas. full article

Ex-MI5 agent in memoirs battle sues newspaper for naming him

Lawyers for undercover agent in war on terrorism threaten Guardian with injunction though his name circulates online

A former MI5 secret agent is suing the London Evening Standard for revealing his name, his lawyers say, in an attempt to extend Britain's privacy laws to cover the identity of intelligence officers. full article

T-Mobile investigated for leaking customer data***UPDATE****

Company reveals it is part of ICO investigation

T-Mobile has sensationally revealed it is part of an investigation by the Information Commissioner's Office into a data breach, after it was found that certain staff within the company had allegedly sold on thousands of people's details to competitors. full article

Watchdog raises alarm over security measures

Ottawa is collecting too much information through anti-money laundering agency and failing to regulate no-fly list, Privacy Commissioner says in annual report

OTTAWA – Were you the person who recently cashed a government-issued cheque for under $300 at your local trust company? You probably never expected to be flagged as suspicious, but you were, says Canada's privacy commissioner in a new audit of Canada's financial watchdog agency. full article

Attorney General Eric Holder Speaks at the Financial Fraud Enforcement Task Force Press Conference

Good afternoon. I am joined here by some of my partners in the new effort we are launching today, Secretary of the Treasury Tim Geithner, Secretary of Housing and Urban Development Shawn Donovan, and Robert Khuzami, the Director of Enforcement at the Securities and Exchange Commission, who is here representing SEC Chairwoman Mary Schapiro. full article

President Obama Establishes Interagency Financial Fraud Enforcement Task Force

WASHINGTON – Attorney General Eric Holder, Treasury Secretary Tim Geithner, Housing and Urban Development (HUD) Secretary Shaun Donovan, and Securities and Exchange Commission (SEC) Chairwoman Mary Schapiro today announced that President Barack Obama has established by Executive Order an interagency Financial Fraud Enforcement Task Force to strengthen efforts to combat financial crime. The Department of Justice will lead the task force and the Department of Treasury, HUD and the SEC will serve on the steering committee. The task force’s leadership, along with representatives from a broad range of federal agencies, regulatory authorities and inspectors general, will work with state and local partners to investigate and prosecute significant financial crimes, ensure just and effective punishment for those who perpetrate financial crimes, address discrimination in the lending and financial markets and recover proceeds for victims. full article

Obama administration unsure about new cybersecurity laws

IDG News Service - Current laws addressing cyber crime aren't adequate to address growing attacks on the government and businesses, a representative of U.S. President Barack Obama's administration said Tuesday. full article

Merchants caught in middle of Heartland, VeriFone dispute

Battle over encryption technology could leave thousands with questionable support

Computerworld - Tens of thousands of customers of Heartland Payment Systems are finding themselves caught in the middle of an escalating war between the payment processing vendor and point-of-sale terminal vendor VeriFone Inc. full article

Healthcare Affiliates Unprepared For Data Breaches

Patient privacy is at risk from the companies that healthcare providers do business with, study says.

Companies that do business with healthcare providers, including accounting firms and offshore transcription vendors, are unprepared to meet data breach obligations included in new federal regulation, according to a survey released Tuesday. full article

Thousands of web sites compromised, redirect to scareware

Security researchers have detected a massive blackhat SEO (search engine optimization) campaign consisting of over 200,000 compromised web sites, all redirecting to fake security software (Inst_58s6.exe), commonly referred to as scareware. full article

E.On reveals customer bank data

The personal details of 817 E.On customers have been disclosed in error.

E.On said it was trying to find out how it happened and was in the process of contacting all of those affected. It has apologised for the mistake. full article

Shadowserver to Take Over as Mega-D Botnet Herder

An effort is underway to clean up tens of thousands of computers infected with malicious software known for churning out thousands of spam messages per hour. full article

November 16, 2009

Online gangs cash in on swine flu

LONDON (Reuters) - Criminal gangs are making millions of dollars out of the H1N1 flu pandemic by selling fake flu drugs over the internet, a web security firm said on Monday. full article

Raleigh woman sentenced in ID theft scam

A Raleigh woman has been sentenced to one year and one day imprisonment in an identity theft case in federal court, according to a statement issued by United States Attorney George E.B. Holding. full article

Customers' Info Stolen From Blue Cross Office

68 Computer Hard Drives Contained Social Security Numbers

CHATTANOOGA, Tenn. -- One of Tennessee's largest holders of personal information confirms that an October theft from a Chattanooga office affects about 2 million of its clients. full article

Report: Countries prepping for cyberwar

Major countries and nation-states are engaged in a "Cyber Cold War," amassing cyberweapons, conducting espionage, and testing networks in preparation for using the Internet to conduct war, according to a new report to be released on Tuesday by McAfee. full article

Union County man is indicted for allegedly stealing Internet domain names

A Union County man who is accused of pilfering an Internet domain name from a Miami-based company and then selling it to a professional basketball player for more than $100,000 was indicted today on theft charges, authorities said. full article

The Botnet Hunters

They're the Internet equivalent of storm chasers, spending endless hours scanning and sleuthing, looking for the telltale signs of botnets. Here's an inside look at the battle against cybercrime's weapons of mass infection.

A self-proclaimed geek from the age of 14, Andre DiMino had always been interested in computers and networking. But it wasn't until he entered his professional life many years later that he became interested in the security side of that world. full article

How Secure Is Cloud Computing?

Cryptography solutions are far-off, but much can be done in the near term, says Whitfield Diffie.

Cloud computing services, such as Amazon's EC2 and Google Apps, are booming. But are they secure enough? Friday's ACM Cloud Computing Security Workshop in Chicago was the first such event devoted specifically to cloud security. full article


2,100 ATMs Worldwide Hit at Once

It was a highly sophisticated and cleverly orchestrated crime plot. And one unlike any we’ve ever seen before. full article

Real ID program in deep trouble

Computerworld - A decision by lawmakers to slash funding for the unpopular Real ID national driver's license program has put an already struggling initiative on life support. The U.S. Senate recently approved a $43 billion budget for the U.S. Department of Homeland Security for the federal government's 2010 fiscal year, which began Oct. 1. The appropriation called for substantial increases in DHS spending in several key technology areas but slashed Real ID funding by 40%, from $100 million to $60 million. full article

Police probe breach of NHS smartcard security as e-records launched in London

An NHS trust at the forefront of work on the £12.7bn NHS IT scheme has called in police after a breach of smartcard security compromised the confidentiality of hundreds of electronic records.

Patients in Hull have expressed their dismay that an unauthorised NHS employee has accessed their confidential records; and the local primary care trust, NHS Hull, says it is "shocked" at the breach of security by a member of staff who has since left. full article

GMH Issues Notice of Breach of Unsecured Health Information

Guam- Pursuant to the federal Health Information Technology for Economic and Clinical Health Act, Guam Memorial Hospital Authority has issued a notice of breach of unsecured health information after a laptop computer used by the GMHA Employee Health Office was stolen from the Guam Memorial Hospital. A file on the computer contained limited health information on approximately 2,000 employees, volunteers, contractors and physicians. full article

Password theft via vulnerability in SSL/TLS protocol

e vulnerability in the design of the SSL/TLS protocol revealed earlier this month can apparently be used to carry out attacks in practice. On his blog, student Anil Kurmus reports that he was able to steal a Twitter password by using a man-in-the-middle attack. Until now it had been assumed that the problem was largely theoretical and would be made manifest only in very limited scenarios. The design weakness can be exploited by attackers to inject content into secure connections. full article

MasterCard to authenticate online transactions by phone

IDG News Service - In the face of mounting threats from hackers, MasterCard said today it will use mobile phones to improve security for online transactions. full article

Gang sentenced for UK bank trojan

A British court has sentenced four men to prison after they admitted they used sophisticated trojan software to steal almost £600,000 from bank accounts and send it to Eastern Europe full article

Spammers aim to profit from swine flu pandemic

Russian cybercrooks have laid the groundwork needed to build a business cashing in on swine flu panic-buying. full article

Agents sentenced for filing bogus life policies to get commissions

Two California life insurance agents received probation and must pay thousands of dollars in restitution after filing faulty applications in order to receive commissions. full article

Identity fraud increases by third as recession tightens cash flow

CASES of identity fraud across the UK have risen by a third in the first nine months of the year as the recession bites, says fraud prevention agency CIFAS. full article

November 15, 2009

Taxpayers foot bill for employees being sued by ‘Joe the Plumber’

COLUMBUS — Ohio taxpayers are right in the middle of the civil rights lawsuit that Samuel Joseph — “Joe the Plumber” — Wurzelbacher has filed against three former state employees, charging that they illegally accessed his confidential information through state databases. full article

November 14, 2009

N.Y. man charged with identity theft

WALLINGFORD — A sharp-eyed bank teller foiled a man’s attempt Thursday to steal $5,000 from a Bank of America account using fake identification. full article

Microsoft confirms first Windows 7 zero-day bug

Company urges users to block ports until a patch is ready, but the workaround cripples browsers

Microsoft late on Friday confirmed that an unpatched vulnerability exists in Windows 7, but downplayed the problem, saying most users would be protected from attack by blocking two ports at the firewall. full article

Biometrics sparks privacy fears in Ireland

Collecting biometric information could put civil liberties and privacy at risk, despite considerable benefits, says the Irish Council for Bioethics (ICB). full article

The Cyberwar Plan

It's not just a defensive game; cyber-security includes attack plans too, and the U.S. has already used some of them successfully.

In May 2007, President Bush authorized the National Security Agency, based at Fort Meade, Md., to launch a sophisticated attack on an enemy thousands of miles away without firing a bullet or dropping a bomb. full article

Job search scams: Protect yourself against identity theft

Identity theft rings have set their sights on the people who are unemployed and looking for work. Here's how to ensure you don't end up a victim.

As unemployment has increased, so too has the number of job search scams identity theft rings are perpetrating against desperate job seekers. full article

November 13, 2009

Sophisticated parcel mule scam unpicked

Middlemen stung by work-from-home scam full article

Adobe Flash attack vector exploits insecure web design

User-supplied malware upload peril full article

Press Copy to have your Identity Stolen

A Call for Action investigation a year in the making reveals one possible way thieves could get a hold of your personal information. full article

Microsoft defends Hotmail's cookie requirement

Log out block 'good for security'

Microsoft has said its new policy of requiring users to accept third party cookies to log out of Hotmail improves security. full article

Nandan Nilekani's Confidential UID Document Leaked Options

Wikileaks is a website that publishes anonymous submissions and leaks of sensitive governmental, corporate, or religious documents, while attempting to preserve the anonymity and untraceability of its contributors. Wikileaks today published the Confidential plan on UID Wikileaks Tweet Says : Confidential plans for 1.2 billion ID cards: Creating a unique ID for every resident in India full article

The Low-Tech Reality of Identity Theft

Stop worrying so much about that vaguely Eastern European computer hacker and start worrying about that clerk at the DMV. full article

Florida Man Gets Prison for Fraud, Identity Theft in Arizona

A Florida man who worked as car salesman in Southern Arizona has been sentenced to five years in federal prison for bank fraud and identity theft. full article

Online fraudsters use spam campaign to target payment transfer system

Messages warn of an ACH transfer problem and try to get users to install the Zeus malware

A new spam campaign is targeting a financial transfer system that handles trillions of dollars in transactions annually and has proved to be a fertile target of late for online fraudsters. The spam messages pretend to come from the National Automated Clearing House Association (NACHA), a U.S. nonprofit association that oversees the Automated Clearing House system (ACH). full article

Keeping Pacemakers Safe from Hackers

Communicating with ultrasound could help make implantable medical devices safe from attack.

Manufacturers have started adding wireless capabilities to many implantable medical devices, including pacemakers and cardioverter defibrillators. This allows doctors to access vital information and send commands to these devices quickly, but security researchers have raised concerns that it could also make them vulnerable to attack. full article

ID Theft Ringleader Gets 11 Years

ALEXANDRIA, Va. - The man federal prosecutors called the ringleader of a nationwide identity theft ring has been sentenced to more than 11 years in prison. full article

Estonians charged in 'highly sophisticated' hacking case

TALLINN - Five Estonians have been charged in a high-profile computer hacking case that allegedly saw the defendents steal more than 9 million US dollars in just one day. full article

Hackers hit Vancouver Schools

Thousands of Vancouver School District employees could be at risk of identity theft after hackers broke into the district's finance system software last week. full article

15 charged in costumed ID theft ring

NEW YORK -- Prosecutors say a crime ring combined old-fashioned pickpocketing, modern-day identity theft and an array of costumes to steal more than $600,000 from victims' bank accounts. full article

Tech Giants Aim To Master Disaster

Microsoft, Google, Yahoo form alliance to develop software solutions for improving emergency response efforts.

Three of the world's top tech firms, along with the U.S. space agency, have teamed up to develop software they hope will help organizations better prepare for, and respond to, disasters such as natural catastrophes and terrorist strikes. full article

Consumer modems are worsening DNS problem linked to DDoS attacks

As more consumers demand broadband, ISPs are rolling out modems configured to accept DNS queries from all sources, including hackers

Internet security experts say that misconfigured DSL and cable modems are worsening a well-known problem with the Internet's DNS, making it easier for hackers to launch DDoS attacks against their victims. full article

Fake Verizon 'balance-checker' is a Trojan

IDG News Service - Cyber-criminals have started preying on Verizon Wireless customers, sending out spam e-mail messages that say their accounts are over the limit and offering them a "balance checker" program to review their payments. full article

Teen Decoy a 'Victim' in Sex Offender's Sentencing

CN) - A 14-year-old decoy from an Internet sting operation can be considered a "victim" in sentencing a sex offender as a sexually violent predator, the Colorado Court of Appeals ruled Thursday. full article

Weaknesses in CALEA Wiretaps

This week in Chicago, Micah Sherr, Gaurav Shah, Eric Cronin, Sandy Clark, and I have a paper at the ACM Computer and Communications Security Conference (CCS) that's getting a bit more attention than I expected. The paper, Can They Hear Me Now? A Security Analysis of Law Enforcement Wiretaps [pdf] examines the standard "lawful access" protocols used to deliver intercepted telephone (and some Internet) traffic to US law enforcement agencies. Picking up where our 2004 analysis of wireline loop extender wiretaps [pdf] left off, this paper looks at the security and reliability of the latest communications surveillance standards, which were mandated by the 1994 Communications Assistance for Law Enforcement Act (CALEA). The standards, it turns out, can leave wiretaps vulnerable to manipulation and denial of service by surveillance targets who employ relatively simple technical countermeasures. full article

Amazon called out over cloud security, secrecy

Amazon EC2 lacks many enterprise features, Burton Group says

Amazon's cloud computing service should not be used for applications that require advanced security and availability, the Burton Group analyst firm says in a report accusing Amazon of secrecy regarding its cloud data centers. full article

Boxes of medical files found abandoned

SOUTH BEND — An agent with the Indiana attorney general’s office removed 21 boxes of medical records from a downtown office building Friday that contain the personal information of hundreds of local people. full article

Man-in-the-middle attacks demoed on 4 smartphones

Security researchers from SMobile Systems have released a paper detailing successful man-in-the-middle attacks against several smartphones. full article

San Jose man pleads guilty in attempt to buy $760,000 home by fraud

In the following press release the Santa Clara County (CA) District Attorney annouced that at arraignment this week, 42-year old Lawrence Maschino pleaded guilty to charges including writing checks with insufficient funds, using a victim’s personal information without authorization, and grand theft of personal property over $400. In addition, Mr. Maschino has three prior felony convictions for similar offenses. full article

Three plead guilty in Builder Bail-Out / Kickback /ID Theft scheme

n the following press release the United States Attorney’s Office for the Central District of California announced that the former director of sales for a Colorado real estate company that built luxury homes throughout the state agreed in court papers filed today to plead guilty to a federal conspiracy charge, admitting that he and other company officials participated in a $16 million “builder bailout” scheme in which buyers of $1 million-plus homes were paid kickbacks if they purchased homes from the company. full article

Former Missouri resident pleads guilty to obtaining mortgage using mothers ID

In the following press release Michael W. Reap, Acting United States Attorney for the Eastern District of Missouri announced that Susan Feaman, formerly of Perryville, Missouri, has pleaded guilty to charges of interstate transportation of stolen property and identity theft. full article

Personal data of Cal Poly Pomona applicants inadvertently put online

The Social Security numbers, home addresses and phone contacts for at least 300 students who applied for admission to Cal Poly Pomona six years ago were unintentionally disclosed online, the university said today. full article

Data breach could affect 60,000 GIs, civilians

The Corps of Engineers is investigating the recent loss of an external hard drive that could pose identify theft problems for as many as 60,000 soldiers and Army civilians. full article

November 12, 2009

Work-At-Home Company Called a Scam

CHICAGO (CN) - Pacific WebWorks runs a "work-at-home" Internet scam that falsely promises people can earn "thousands of dollars" by buying a "Google Business Kit," then charges outrageous, hidden monthly fees, according to a class action in Cook County Court. It's not the first recent case in which a company is accused of using (nonparty) Google's name to sucker people for money. full article

Health Insurer Violated Privacy, Class Claims

MILWAUKEE (CN) - Aurora Health Care revealed patients' health care records in its bankruptcy filing, a class action claims in Milwaukee Federal Court. The class claims Aurora violated federal court orders by including in its bankruptcy filing Proofs of Claim that disclose policyholders medical treatments and records. full article

Resort worker sentenced for ID theft

A man who worked at a Florida resort received a time-served jail sentence for stealing the identities of more than 100 vacationers, including some from Collegeville and West Norriton, and using the credit card information to pay for his own trips. full article

Barcelona hospital has opened a disciplinary case against the doctor patient details on the street

The inquiry said the information found did not exceed 40 pages, containing a list of monitored cardiac transplant patients - dated March 2007 - and some discharge reports full article

Caltex clerk stole customers' credit cards: police

A Norseman petrol station clerk splurged on mobile phones after stealing credit card details from customers, police claim. full article

UK's cyber warriors go into battle in March

The UK's new cyberwarfare unit will be ready for action on 10 March, according to the government. full article

Indian police arrest company boss accused of selling medical records of British patients

The head of an Indian outsourcing company has been arrested for selling confidential medical records of patients treated at one of Britain's top private hospitals. full article

Gumblar: New Generation of Self-Building Botnets

We've been looking at the infrastructure of the Gumblar malware and found some curious facts on how Gumblar operates which we would like to share to make hosting owners aware of the Gumblar threat. full article

T.O. man sentenced for identity theft

Visanio Eugene Vann, 47, of Thousand Oaks was sentenced last week in Los Angeles to 95 months in federal prison for orchestrating an identity theft scheme in which he used personal identifying information taken from dozens of mortgage and credit files to fraudulently obtain credit cards that were used to purchase more than $1 million in goods and services. full article

Deputy arrested, charged with identity theft, forgery

A Knox County Sheriff's Office deputy was arrested at work Wednesday on charges that she stole a woman's identity and used it to buy thousands of dollars worth of furniture from at least one store, authorities said. full article

Man sentenced for identity theft

Justin Bailey, 21, of Poca was sentenced Monday by United States District Judge Robert C. Chambers to two years in prison for aggravated identity theft. full article

Court Ruling Jeopardizes Credit Card Privacy Law

The California Legislature long ago recognized the dangers associated with collecting and maintaining consumers’ personal identification information, finding that the practice put the physical safety of consumers at risk and jeopardized consumers’ financial security due to identify theft and credit card fraud. In response, the Legislature enacted an amendment to the Song Beverly Credit Card Act in 1990 to protect privacy rights guaranteed to consumers by Article 1, Section 1 of the California Constitution. A recent State Court of Appeal ruling now threatens to open a loophole in this law, enabling retailers to collect detailed personal information on customers who pay with credit cards. full article

Hotmail imposes tracking cookies for logout

And where do you think you're going?

Hotmail users are now unable to log out of their account if the browser they are using does not accept third party cookies. full article

Rhode Island Governor Vetoes Restrictions on RFID

Senate Bill 211 would have prohibited the technology's use to track the locations of students in the state's schools, while also limiting the way in which information from vehicle RFID programs, such as toll collection, is used.

Nov. 12, 2009—Rhode Island's governor, Donald Carcieri (R), has vetoed the latest effort by the state's legislature to pass a bill limiting how RFID technology would be employed to track students at schools and school functions, as well as vehicles as they are tracked by E-ZPass or other toll-collection systems. With his veto of Senate Bill 211 (S. 211) on Monday, Carcieri stated that local school and community officials should be allowed to decide if they need to use RFID to track students. He cited the potential for weather-related natural disasters, terrorist attacks or crimes that might prompt a school district to want to do so. full article

MS Bracing For Malware Attacks From Embedded Fonts

Heads up to all Microsoft Windows users: If you’re running Windows 2000, Windows XP or Windows Server 2003, stop what you’re doing and immediately download and apply the MS09-065 update released earlier this week. full article

November 11, 2009

Possible identity theft reported at Mercy

Patient records may have been left accessible

Baltimore police are investigating a security breach at Mercy Medical Center that left an undisclosed number of patient records open to possible identity theft, according to the Maryland attorney general's office. full article

Anatomy of the RBS WorldPay Hack

The four men whom a federal grand jury indicted this week for their alleged roles in a scam that stole millions of dollars from RBS WorldPay were no fools. The small crew of hackers had a distinct division of labor, operated with skill and efficiency and left one of the world's larger banks holding the bag. full article

Feds Facing Daily Cyber Threats, Tight Budgets

New study highlights shortcomings in federal cybersecurity amid White House policy overhaul

Nearly one-third of federal agencies confront cyber threats every day, with many of the vulnerabilities stemming from foreign attacks and lax internal policies and employee habits, according to a study released today by IT contractor CDW-G. full article

Facebook hit by ‘Control Your Info’ intruder

Social networking site had small number of groups affected, company says

Facebook was hit on Tuesday by a well-meaning intruder who took over some of the site's online groups as a way of sending a message: "Think about the safety in your social media life to the same extent you do in your real life." full article

Burglary and theft account for a third of data security breaches

Fines for reckless data breaches will focus minds at Board level to improve security full article

NSW unveils new ID theft laws

THE NSW government plans to create three new identity offences - trafficking in identity data, possession with intent to commit a crime, and possession of equipment for the purpose of identity theft - in an overhaul of the state's Crimes Act. full article

Woman gets probation for ID theft that netted her free power from PPL

A medical assistant who stole personal information from patients and a co-worker and used it to get free power from PPL has been placed on two years' probation. full article

Drawing Security-Spooked Customers Into the E-Commerce Fold

There's a huge base of potential customers online every day who look but don't buy. full article

2009 Data Breaches: An Interactive Timeline

A Look at the Top Breaches Involving U.S. Financial Institutions full article

The PC Privacy Battle at the Border

Border protection agents have extensive rights to search electronic devices that travelers take with them through U.S. ports of entry.However, relatively few searches are actually conducted. full article

Putnam man gets two years for identity theft

HARLESTON, W.Va. -- A Putnam County man was sentenced Monday in federal court to two years in prison for aggravated identity theft, the U.S. Attorney's Office announced. full article

Hackers Indicted in Widespread ATM Heist

WASHINGTON -- The U.S. Justice Department indicted eight Russian and Eastern European computer hackers, alleging they were part of a crime ring that allegedly broke into ATMs in hundreds of cities world-wide and stole $9 million in a matter of hours. full article

Microsoft patches critical hole in Windows kernel

Microsoft on Tuesday issued six security bulletins fixing 15 vulnerabilities, including a critical patch for holes in the Windows kernel and other Windows and Office components that could allow an attacker to take control of a computer. full article

How to DDOS a federal wiretap

IDG News Service - Researchers at the University of Pennsylvania say they've discovered a way to circumvent the networking technology used by law enforcement to tap phone lines in the U.S. full article

Hackers pillage jailbroken iPhones

Portable attack runs on Windows PCs and Macs, then sniffs out nearby iPhones to plunder

mputerworld - Hackers are plundering personal data from jailbroken iPhones using the tactic demonstrated last week by an Australian programmer's self-described "prank," researchers said today. full article

Survey: Healthcare Companies Not Ready For New Privacy And Security Regulations

Crowe Horwath LLP and Ponemon Institute release findings on HITECH compliance readiness

OAK BROOK, Ill. (Nov. 11, 2009)—A recent survey of healthcare organizations found that 94 percent believe they are not ready to comply with the privacy and security provision of the Health Information Technology for Economic and Clinical Health (HITECH) Act. The new provisions take effect in February. The survey of 77 U.S. healthcare organizations was conducted by the Ponemon Institute and sponsored by Crowe Horwath LLP, one of the largest public accounting and consulting firms in the U.S. full article

Bing hit by costly security loophole

It has spent hundreds of millions of dollars trying to take on Google, but Microsoft's Bing search engine was facing embarrassment today, after it emerged that a security loophole could allow users to skim huge sums of money from the system without its knowledge. full article

Stolen Laptop Contained Social Security Numbers of Students & Alumni

Bloomsburg University of Pennsylvania is notifying current and former students who were enrolled in psychology professor Julie Kontos' classes from spring 2004 through the summer of 2006 about the possible loss of their social security numbers when a laptop was stolen from a campus office. full article

Holiday Shopping Brings Identity Theft Warning

BLOOMINGTON, Minn. (WCCO) ? Like falling leaves, decorations hanging from the Mall of America signal a change of seasons. This is a time when holiday gift buyers will grab for the plastic and give it to the clerk. Holiday shopping is well underway. full article

Stolen USB Drive Puts Tennessee Students at Risk

A purloined USB drive contains thousands of student Social Security Numbers -- exposing 16,000 to potential identity theft.

Roane State Community College in Harriman, Tenn. is the latest institution of higher learning to accidentally divulge sensitive personal information thanks to a stolen USB drive that exposed almost 16,000 student and employee Social Security numbers last month. full article

The AICPA Files Lawsuit Challenging Application of Federal Trade Commission's "Red Flags Rule" to CPAs

HINGTON--(BUSINESS WIRE)--The American Institute of Certified Public Accountants filed a lawsuit in the U.S. District Court for the District of Columbia seeking an injunction barring the Federal Trade Commission from applying its so called Red Flags Rule, which would impose onerous and unnecessary requirements on AICPA members. full article

November 10, 2009

Breach notification laws get green light

The EU has announced that "nothing stands in the way" of its ePrivacy Directive, paving the way for stronger rules surrounding data breaches and other privacy issues. full article

Queensland Police email private details of traffic offenders

AN internal police intelligence document that detailed the private information of up to 12 traffic offenders already dealt with was leaked to as many as 50 people outside the Queensland Police Service. full article

Winnipeg bank customers defrauded

Hundreds of Winnipeggers woke up on the weekend to discover that while they were sleeping, criminals were awake and stealing money from their bank accounts. full article

Vancouver schools' employee data breached

Payroll system compromise imperils workers’ information full article

Rickroll virus attacks iPhones

An Australian has released a virus for the Apple iPhone, 'ikee', which replaces the infected device's background picture with an image of singer Rick Astley. full article

Google fixes risky Chrome bugs

Google has updated its Chrome browser to fix a critical bug that could allow an attacker to execute malicious code on a user's system. full article

Pirates get a taste of Microsoft COFEE

Microsoft's Computer Online Forensic Evidence Extractor (COFEE) software, which helps law enforcement officials grab data from password protected or encrypted sources, has leaked.

Microsoft's Computer Online Forensic Evidence Extractor (COFEE) has made it into the hands of pirates, and their virtual ships are distributing it quickly for everyone to get a taste. The COFEE application uses common digital forensics tools to help law enforcement officials at the scene of a crime gather volatile evidence of live computer activity that would otherwise be lost in a traditional offline forensic analysis. In other words, it lets officers grab data from password-protected or encrypted sources. That means you can now break the law twice over: download the software and then use it to steal information from other people's computers. full article

Apple update tackles domain spoofing, other attacks

Apple on Monday released a large security update for Mac OS X that fixes dozens of vulnerabilities and provides protection against potential attacks exploiting a weakness in the protocol used to verify that a domain is legitimate. full article

MassMutual Warns Of Data Breach

Database may have been compromised via third party vendor

A leak at a third-party service provider may have caused a compromise of employee and customer data at insurance giant MassMutual, the company says. full article

Alleged International Hacking Ring Caught in $9 Million Fraud

Major Credit Card Processor Victimized in Elaborate Theft of Account Numbers

Sergei Tsurikov, 25, of Tallinn, Estonia; Viktor Pleshchuk, 28, of St. Petersburg, Russia; Oleg Covelin, 28, of Chisinau, Moldova; and a person known only as "Hacker 3;" have been indicted by a federal grand jury in Atlanta, Ga., on charges of hacking into a computer network operated by the Atlanta-based credit card processing company RBS WorldPay, which is part of the Royal Bank of Scotland. full article

Car Dealers May Be Held Responsible For Identity Theft

The Harris County District Attorney's Office is cracking down on identity theft used to purchase cars, but the thieves aren't the only targets. full article

Coke given zero penalty for SMS campaign

COCA-COLA says it never intended to spam mobile phone users and will take steps to ensure it doesn't happen again. The Australian Communications and Media Authority (ACMA) has accepted enforceable undertakings from three companies - Vodafone, New Dialogue and Big Mobile - involved in the SMS promotional campaign. full article

W.D. Pa.: Compulsory taking of DNA from pretrial detainee violates Fourth Amendment

Compulsory taking of DNA from a pretrial detainee under 42 U.S.C. § 14135a violates the Fourth Amendment. It cannot be supported under special needs, totality of the circumstances, or a compelling governmental interest. United States v. Mitchell, 2009 U.S. Dist. LEXIS 103575 (W.D. Pa. November 6, 2009) full article

ICO investigates breach

The Information Commissioner's Office has confirmed it is investigating complaints into full article

Pentagon chiefs buy net-security early warning system

US weapons megacorp Raytheon is chuffed to announce that it and allied firms have landed a $28m deal from the Pentagon to provide an early-warning system for defence against cyber attacks on military networks. full article

Firefox flaws make up 44% of all browser bugs?

Firefox flaws accounted for nearly half (44 per cent) of all browser bugs in the first half of 2009 - according to a survey which fails to factor in the seriousness of browser flaws. full article

Next generation spammers rise up in Asia, India and Brazil

High-speed broadband allows worldwide miscreanting

A new generation of spammers is rising up in regions such as Asia Pacific, Japan, and South America, and beginning to outstrip their North American counterparts in junk mail output. full article

Google Reader Koobface spotlights security risk 2.0

Threat-resistant workers bypass Web 2.0 roadblocks full article

Security firm chokes sprawling spam botnet

A botnet that was once responsible for an estimated third of the world's spam has been knocked out of commission thanks to researchers from security firm FireEye. full article

Cops: Social Security numbers stolen from Woodbury company

A former employee broke into a Woodbury financial services company, photocopied customers' Social Security numbers and bank reference numbers and took the photocopied data with him when he left, Nassau police said Tuesday. full article

November 9, 2009

Cenzic Web Application Security Trends Report Shows Increase in Hacker Attacks on Web Sites Exploiting Faults in Popular Web Browsers and Software

SANTA CLARA, CA -- (Marketwire) -- 11/09/09 -- Cenzic Inc., the leading provider of Web application security vulnerability assessment and risk management solutions, today released its report revealing the most prominent types of Web application vulnerabilities for the first half of 2009. The report, which includes a list of the 10 vendors with the most severe Web security vulnerabilities, details the steady rise of attacks by hackers targeting these exploits ultimately costing the U.S. billions of dollars in both IT damage and identity theft. Specifically, the report identified over 3,100 total vulnerabilities, which is a 10 percent increase in Web application vulnerabilities compared to the second half of 2008. full article

Data breaches on the increase

PRIVACY: Sixty-five incidents were reported in 2008, leaving personal information exposed for all to see full article

60 Minutes

Sabotaging The System

Could hackers get into the computer systems that run crucial elements of the world's infrastructure, such as the power grids, water works or even a nation's military arsenal? Steve Kroft reports. full article

NY's Cuomo settles with over emails

NEW YORK (Reuters) - New York's attorney general said the operator of would pay $500,000 and overhaul its practices to resolve charges that the social networking site tricked members into providing personal details to lure new members and send out tens of millions of spam emails. full article

AP IMPACT: Framed for child porn by a PC virus

Of all the sinister things that Internet viruses do, this might be the worst: They can make you an unsuspecting collector of child pornography. full article

Eighth Person Pleads Guilty to Illegally Accessing Confidential Passport Files

eighth individual pleaded guilty today to illegally accessing numerous confidential passport application files. Susan Holloman, 58, of Washington, pleaded guilty before U.S. Magistrate Judge Alan Kay in the District of Columbia to a one-count criminal information charging her with unauthorized computer access. Holloman is scheduled to be sentenced on Jan. 21, 2010. full article tagged for $250k by Texas

Texas Attorney General Greg Abbott today resolved an enforcement action against Tagged, Inc., a social networking site operator that has an estimated two million Texas users. Under an agreed final judgment obtained by the state, Tagged must implement new privacy features and take additional measures to inform users about how the Web site will utilize their personal information. full article

Online Belford Schools Called a Scam

(CN) - An online high school that falsely claims to be accredited charges students $250 for fake diplomas, according to a RICO class action in Detroit Federal Court. The class claims Belford High School refuses to return tuition to students who realize they have been duped. full article

CT AG “appalled’’ at delay in Anthem data theft

The state attorney general is demanding Anthem Blue Cross Blue Shield of Connecticut provide more answers and identity-theft protection for nearly 19,000 health professionals whose confidential data was on a stolen laptop computer. full article

Nastygram: MySpace Phish Plants Spy Software

A new spam campaign targeting users once again illustrates the blended threat from junk e-mail attacks, experts warn. This latest run tries to lure recipients into giving up their MySpace credentials, and then attempts to trick victims into installing password-stealing malicious software. full article

November 7, 2009

ContactPoint database of 11million children’s details to go ahead despite security fears

Every child in England will have their personal details stored on a controversial database despite fears over security and privacy.

Ministers are pressing ahead with the introduction of ContactPoint to every local authority in the country after claiming that a pilot project has proved a success. full article

November 6, 2009

Grand Jury Indicts 9 in Suspected Identity Theft Ring

A grand jury has indicted five men and four women accused of being part of an identity theft and forgery ring that operated in Jefferson County, the Denver area and Colorado Springs. full article

US to Get Data Breach Notification Laws

Commerce agencies in the US will have to notify anyone whose personal information may have been accessed in a breach, when two bills become law

Two bills that address the handling of data breaches have been approved by a The US Senate Committee - and the country also got a new official body for identity protection. full article

Apology as patients' details lost

A hospital trust in Surrey has apologised and banned the use of unencrypted memory sticks after 76 patients' personal details were lost.

The information was contained on three data sticks lost by Ashford and St Peter's Hospitals NHS Trust. full article

Chaminade posted Social Security numbers of thousands of students online

Chaminade University inadvertently posted confidential information, including Social Security numbers, of thousands of students, on its Web site for months, school officials said today. full article

PD: Man stole from health care patients to buy movie tickets

MESA, AZ -- A Banner Health employee has been accused of stealing personal information from hundreds of patients. full article

Class Claims Gamer Swiped Phone Numbers

SAN FRANCISCO (CN) - A maker of games for the Apple iPhone and iPod Touch collected players' phone numbers without their knowledge, according to a federal class action. The class claims Storm8, creator of "iMobster" and "Vampires Live," wrote its software to collect phone numbers automatically when players download the games. full article

New Scams Center On H1N1, Fake IRS Emails

PITTSBURGH (CBS) ? Lately people have been worried about H1N1 flu and when scam artists see that worry, they also see an opportunity to get your cash. full article

November 5, 2009

Men allegedly broke into computers of former employer

Federal authorities on Wednesday filed intrusion charges against two men accused of accessing the computer systems of their former employer. full article

European 'internet freedom' law agreed

Europe is set to get a major overhaul of its telecoms regulation, after the European Parliament and Council of Telecoms Ministers reached a compromise on the rights of internet users across the continent.

The Telecoms Reform Package is a raft of new laws that tackle issues ranging from data-breach notification to faster number porting. Following an agreement reached on Wednesday night, the package will now become part of national legislation in every EU country, with a deadline of May 2011. full article

November 4, 2009

Agencies: Glitch with foreign SS numbers is fixed

(AP) — CONCORD, N.H. - Two federal agencies that put Americans at risk for identity-theft-like problems have fixed a glitch that linked U.S. Social Security numbers to those issued by three foreign countries, officials said. full article

Woman charged with ID Theft and mortgage fraud

In the following press release Michigan Attorney General Mike Cox today announced that his office has filed charges against a Wyoming, MI woman accused of defrauding the Michigan State Housing Development Authority (MSHDA) by fraudulently obtaining a mortgage, defaulting on that mortgage and leaving taxpayers to pick up the tab. full article

Travelers: ID fraud often starts with stolen wallet

With incidents of identity fraud climbing for the second year in a row, Hartford insurer Travelers Cos. is warning consumers that low-tech theft is the most common entry to this 21st-century crime. full article

Police search for man accused of identity theft

PALM BEACH COUNTY, Fla. (WSVN) -- Detectives need help identifying a man they said is stealing people's identities and passing counterfeit checks across South Florida. full article

ISP warns citizens of jury duty scam

PENDLETON, Ind. (WANE) - The Indiana State Police would like to warn citizens of a jury duty scam that has now been reported in 11 states. full article

DHS approves enhanced tribal ID cards

The Homeland Security Department has entered in to agreements with four Native American tribes to produce enhanced identification cards approved for use at U.S. border crossings. full article

Insurer Says SS Numbers May Be On Stolen Laptop

Blue Cross Blue Shield Warns 10,000 NH Providers

CONCORD, N.H. -- Anthem Blue Cross and Blue Shield is warning 10,000 New Hampshire physicians, dentists and other providers that their Social Security numbers may have been stolen. full article

Corporate Breaches Increase Chances Of Consumer ID Theft, Study Says

When their data is leaked by a business, individuals are four times more likely to suffer identity theft, Javelin study says

Consumers who have received data breach notifications within the past year are at a much greater risk for fraud than typical consumers, according to a new study. full article

November 3, 2009

iHacked: jailbroken iPhones compromised, $5 ransom demanded

Yesterday, a “Your iPhone’s been hacked because it’s really insecure! Please visit and secure your phone right now!” message popped up on the screens of a large number of automatically exploited Dutch iPhone users, demanding $4.95 for instructions on how to secure their iPhones and remove the message from appearing at startup. full article

Conficker's first birthday looms - seven million IPs still infected

As Conficker approaches the first anniversary of its appearance in the wild, the Shadowserver Foundation says that at least seven million IP addresses - each representing one or more computers - are now infected by the worm. full article

Britons targeted in new online scam

Sellers of high-value products on sites such as eBay and Gumtree are being duped into sending the items without receiving payment full article

Microsoft Warns Online Gamers Of Worm Attacks

Online gamers are the target of a "pervasive" computer worm which steals personal data, Microsoft has warned full article

November 2, 2009

Lifestyle Hackers

Jim Routh and Gary McGraw examine why twenty-somethings skateboard right past security controls, and what it means for employers (i.e. you!)

The insider threat, the bane of computer security and a topic of worried conversation among CSOs, is undergoing significant change. Over the years, the majority of insider threats have carried out attacks in order to line their pockets, punish their colleagues, spy for the enemy or wreak havoc from within. Today's insider threats may have something much less insidious in mind—multitasking and social networking to get their jobs done. full article

Phishing, worms spike this year, say Microsoft and McAfee

Scammers are targeting social networks with phishing scams and relying more heavily on worms and Trojans to attack computers, according to security trend reports to be released Monday by Microsoft and McAfee. full article

Military lags in safeguarding officers’ identities

The military is playing catch-up on a year-old complaint that hundreds of thousands of officers’ Social Security numbers have been floating around on the Internet. full article

FDIC: Uptick in 'money mule' scams

The Federal Deposit Insurance Corporation (FDIC) is warning financial institutions about an uptick in scams involving unauthorized funds transfers from hacked online bank accounts to so-called "money mules," people hired through work-at-home scams to help cyber criminals overseas launder money. full article

Former YouSendIt chief accused of DoS attack

A former chief executive of file-transfer service YouSendIt has been accused of launching denial-of-service attacks against the company. full article

Wi-Fi firms put onus on users for hotspot security

Wi-Fi hotspot operators have said security is the responsibility of their customers, after the BBC demonstrated a hack of users' email at public open-access hotspots. full article

Google Voice stats revealed through PDF error

Google Voice may not have made it onto the iPhone yet, but the service has still managed to attract more than 1.4 million users. full article

New Trojan encrypts files but leaves no ransom note

Symantec is warning about a new Trojan horse that encrypts files on compromised computers but offers no ransom note like other software designed to hold data hostage for a fee. full article

Bank IT Worker Charged In $1.1 Million Fraud

A computer technician has been indicted for stealing the identities of 150 Bank of New York employees, as well as for grand larceny and money laundering.

Adeniyi Adeyemi, 27, of Brooklyn, New York, was charged last week in a 149-count indictment for allegedly using his position as a computer technician to steal the identities of over 150 employees of the Bank of New York Mellon and to subsequently defraud charities, non-profits, and other organizations for more than $1.1 million over an eight year period. full article

FTC allows eight more months for Red Flags compliance

The Federal Trade Commission again is pushing back the deadline for financial institutions and creditors to comply with the Red Flags Rules. full article


Contact Information

Center for Identity Management and
Information Protection
Dr. Donald Rebovich,
Executive Director
Utica College
1600 Burrstone Road
Utica, NY 13502