CIMIP - Center for Identity Management and Information Protection

December 2009 News Archive



December 31, 2009


Waldec spreading through fake New Year's e-cards



Cybercriminals behind the Waledac botnet have begun using a New Year's-themed campaign to capture more victims, security experts warned Thursday. ...read full article

Elderly Protected From Predation by Investors



(CN) - The Securities and Exchange Commission won an order blocking executives at Homestead Properties from swindling elderly investors by allegedly day trading with millions of dollars in investment funds. ...read full article

Judge blocks part of new Neb. sex offender law



OMAHA, Neb. — A federal judge yesterday blocked portions of Nebraska's new sex-offender registry law, including provisions that sought to monitor convicted sex offenders' computer usage and prevent them from visiting certain Web sites. ...read full article

Three, including father and son, charged in accusations of inflating appraisals to obtain business from lenders



In the following press release the Orange County (CA) District Attorney announced that a father and son have been arrested on charges of conspiring to commit fraud by inflating property appraisal values with their real estate appraisal executive in order to secure more business with lending institutions. James Merritt Eaton, 60, his son Brian Chandler Eaton, 28, both of Laguna Beach, and real estate appraisal firm executive Michael John Bell, 32, Corona del Mar, are each charged with one felony count of conspiracy to defraud another of property, 17 felony counts of grand theft by false pretense, two felony counts of identity theft, two felony counts of false personation, and sentencing enhancement allegations for aggravated white collar crime over $100,000 and property damage over $50,000. If convicted, each defendant faces a maximum sentence of 18 years in state prison. ...read full article

One convicted, two others plead guilty in Queens/Brooklyn mortgage fraud



In the following press release Queens (NY) District Attorney Richard A. Brown today announced that a Queens Village woman who is a loan officer has been convicted of stealing the personal identity of a former client to help another client purchase a house in Brooklyn. ...read full article

Security breach reported by Internet trading site collective2.com



Users of the do-it-yourself trading site collective2.com received an “urgent” e-mail at a few minutes past noon Wednesday notifying them that the company's computer database had been breached by a hacker and that all users should log in to change their passwords immediately. ...read full article

RockYou Sued Over Alleged Security Hole


Lawsuit says Facebook, MySpace app failed to protect the data of millions of users.


An Indiana man has filed a class action lawsuit against RockYou, alleging it failed to protect the personal data of more than 32 million customers. ...read full article

Twitter Blacklists 370 Shoddy Passwords



To protect its users from themselves, the social networking site is preventing new users from selecting some common or easily hacked passwords for their accounts. ...read full article


December 30, 2009


Hacker Pleads Guilty in Major Cyberfraud Case



A sophisticated hacker pleaded guilty Tuesday to conspiring to hack into computer networks supporting major American retail and financial organizations, and to steal data relating to tens of millions of credit and debit cards in a case that the Justice Department said is one of the largest data breaches ever investigated and prosecuted in the United States. ...read full article

Homeland Security Blinks Over REAL ID Act



WASHINGTON (CN) - The Department of Homeland Security has indefinitely lifted its January 1 deadline to allow federal agencies to accept state driver's licenses and ID cards before allowing people to board commercial airplanes or enter federal buildings and nuclear power plants. ...read full article

Identity theft: Preparation is the best defense



Identity theft is an extremely serious crime; people are facing greater attacks on their personal and financial privacy than ever before. ...read full article

Dodge deputies bust alleged multi-county theft ring



An accident in late September helped Dodge County sheriff's deputies break an alleged identity theft ring operating in four counties. ...read full article

Police: Woman stole ID to get loan



A scheduler at Holmes Hospital in Corryville is accused of stealing a patient's identity and using it to get a small loan. ...read full article

MS dismisses IIS zero-day bug reports


It ain't vulnerable, just 'inconsistent'


Microsoft has dismissed reports that there's an unpatched critical flaw in the latest version of its webserver software. ...read full article

X-Box 360 theft suspect busted after online gaming sesh


From tagged to fragged


An alleged X-Box 360 thief was tracked down after he forgot to disable the game console's auto sign-in feature before hopping on the net. ...read full article

Study - Victims of Online Scams Avoid Reporting Attacks



Researchers at the Institute of Criminal Justice Studies of the University of Portsmouth recently conducted a study under NFA (National Fraud Authority) to find that people who become victims of spam mails, fake lotteries, phishing and identity theft, feel so embarrassed that they restrain from telling police about them. ...read full article

Adobe to be Prime Target for Malware in 2010



2009 is drawing to a close, and 2010 is almost upon us. The Chinese calendar says 2010 is the Year of the Tiger, but a report released from McAfee claims it could be the year of Adobe malware. ...read full article

Penn State notifies 30,000 of computer security breach


Social Security numbers may be compromised


Three Penn State University computer breaches described by an official as apparently unrelated have prompted the school to begin notifying nearly 30,000 individuals that their Social Security numbers may have been compromised. ...read full article

New Hampshire Enacts Strict Data Breach Notification Law Affecting Health Care Providers and Business Associates



New Hampshire’s new breach notification law builds on the breach notification requirements under the HITECH Act by requiring health care providers and business associates to notify individuals of disclosures of their protected health information that are prohibited by New Hampshire law, even if such disclosures are permitted under HIPAA or other federal law. ...read full article

Target Co Was Victim Of Hacker Albert Gonzalez



BOSTON/NEW YORK (Reuters) - Target Co said it was among the victims of computer hacker Albert Gonzalez, mastermind of the biggest identity theft in U.S. history. ...read full article

McMurray man indicted on identity theft charges



A federal grand jury yesterday indicted a McMurray man for allegedly obtaining another person's credit to get more than $330,000 in financing. ...read full article

California man accused of ID theft to sell life insurance policies



A Covina, Calif., man, who already lost his insurance license for fraud violations in 2003, is now accused of stealing a former employee’s identity to enable him to collect commissions from life insurance policies. ...read full article


December 29, 2009


Greatest security threats to education



With education-related cyber-security threats expected to rise in 2010, WatchGuard is predicting the top threats facing schools, colleges and universities. ...read full article

Health Net data breach likely caused by theft, Connecticut official says


The state attorney general also questions whether the health information leaked was as indecipherable as the plan claimed.


Health Net is defending its account of a data breach earlier this year, following criticism by Connecticut Attorney General Richard Blumenthal, who said the data disk the company claimed had "gone missing" from its Shelton, Conn., office most likely was stolen. ...read full article

Medical Co. Boss Says Worker Sold Her the Brooklyn Bridge



(CN) - The owner of a biomedical company claims an employee stole $500,000, told her an elaborate tale about a nonexistent FBI investigation, and said her life was in danger and she should flee the country and refrain from checking her bank accounts. When she did that, the woman moved into her home and emptied it of furniture, according to a RICO complaint in Oakland, Calif., Federal Court. ...read full article

Hackers show it's easy to snoop on a GSM call



IDG News Service - Computer security researchers say that the GSM phones used by the majority of the world's mobile-phone users can be listened in on with just a few thousand dollars worth of hardware and some free open-source tools. ...read full article

Chase Bank Says VP Embezzled & Ran



MANHATTAN (CN) - JPMorgan Chase Bank says a former vice president embezzled $2.8 million from a customer's account, then took it on the lam to Argentina. And the bank says that came after he embezzled $2.5 million from a client at his previous job, with UBS. ...read full article

Einstein and Citizens’ Privacy



Einstein is an intrusion detection – and soon an intrusion prevention – system the government is deploying to safeguard government IT systems. Some cybersecurity experts contend Einstein has the potential to intrude on the privacy of individual Americans, a concern Philip Reitinger dismisses. ...read full article

26C3: Network design weaknesses



At the 26th Chaos Communication Congress (26C3) in Berlin, security researcher Fabian Yamaguchi demonstrated a number of vulnerabilities that can apparently be found in many average communication networks and affect all levels from the access layer to the application layer. Attackers exploit many minor design flaws which allow "dangerous attacks" when combined, explained the Berlin-based security expert who last year investigated vulnerabilities in the basic TCP internet protocol. Overall, the "bugs" can reportedly be exploited to hijack a proxy server such as Squid and control all of the network traffic that flows through it. ...read full article

After Hacks, Louisiana Restaurants Sue POS Companies


More than 100,000 credit cards exposed by keylogger attack, Secret Service says


Two lawsuits have been filed in Louisiana after point-of-sale (POS) systems in restaurants were allegedly hacked via keylogger, resulting in the exposure of some 100,000 credit cards. ...read full article

Microsoft confirms IIS hole



Microsoft has confirmed the security hole in its IIS web server, but hasn't disclosed which versions of the product are affected. According to the finder of the "semi-colon bug", versions up to and including version 6 are vulnerable. The hole allows attackers, for instance, to camouflage executable ASP files as harmless JPEG files and upload malicious code to a server. ...read full article

Good Guys Bring Down the Mega-D Botnet


Chalk up one for the defenders. Here’s how a trio of security researchers used a three-step attack to defeat a 250,000-pronged botnet.


For two years as a researcher with security company FireEye, Atif Mushtaq worked to keep Mega-D bot malware from infecting clients' networks. In the process, he learned how its controllers operated it. Last June, he began publishing his findings online. In November, he suddenly switched from de­­fense to offense. And Mega-D--a powerful, resilient botnet that had forced 250,000 PCs to do its bidding--went down. ...read full article

Two indicted in Maryland straw buyer fraud scheme allegations



A federal grand jury has indicted Dema Daiga, age 28, of College Park, Maryland and Oluseun Oshosanya, age 29, of Laurel, Maryland, for wire fraud and aggravated identity theft arising from a scheme to defraud a mortgage lending company of approximately $664,493, announced United States Attorney for the District of Maryland Rod J. Rosenstein. The indictment was returned on December 2, 2009 and unsealed on December 23, 2009 upon the arrests of the defendants. Daiga is scheduled to have his detention hearing today at 11:30 a.m. and Oshosanya is scheduled to have his initial appearance today at 2:30 p.m. ...read full article

Browser Attacks Continue to Evolve



While the security teams at Microsoft, Mozilla and the other browser vendors continue to work on new defenses and exploit mitigations, the state of the art in attacks is continuing to evolve. ...read full article


December 28, 2009


Amazon Hit With DDoS Attack


The storage and computing cloud services, S3 and EC2, respectively, were briefly affected Wednesday.


Amazon.com and Amazon Web Services (AWS) were apparently affected by a distributed denial of service attack Wednesday that struck their DNS provider. ...read full article

Foreclosure counselor victim of identity theft


Mitchell urges people to check credit report once a year ... it's free


Robert Mitchell's job is to provide counseling to people facing foreclosure, and he often urges them to check their credit report as they try to get their finances in order. ...read full article

Two sought in identity theft case



Crimestoppers and Champaign police are seeking the public's help in solving a case of deceptive practice, identity theft and forgery that took place last month. ...read full article

CRS: Privacy: An Overview of Federal Statutes Governing Wiretapping and Electronic Eavesdropping



This report provides an overview of federal law governing wiretapping and electronic eavesdropping. It also appends citations to state law in the area and contains a bibliography of legal commentary as well as the text of the Electronic Communications Privacy Act (ECPA) and the Foreign Intelligence Surveillance Act (FISA). ...read full article

Hospital keeps secret DNA file


Children’s University hospital in Temple Street is under investigation by the Data Protection Commissioner


A DUBLIN hospital has built a database containing the DNA of almost every person born in the country since 1984 without their knowledge in an apparent breach of data protection laws. ...read full article

Oregon drivers file lawsuit against purchasers of state database



Some Oregon drivers have filed a class action lawsuit against Direct Response Media Group and others who they claim purchased their drivers’ records in violation of Driver Privacy Protection Act, 18 U.S.C. §2721. ...read full article

Former Executive Accused Of Selling Data From Matchmaking Firm


Ex-employee allegedly ransomed customer information, then tried to deal it to competitors


A former executive of a matchmaking service firm in China is accused of stealing the personal data of about 16,000 registrants and attempting to sell it to other matchmaking firms. ...read full article


December 25, 2009


Woman faces ID theft charges on Christmas Eve


In Court: Police say they found 25 stolen licenses, in her purse; she was trying to open bank account


A 25-year-old Olympia woman appeared in court on Christmas Eve after she was arrested Wednesday on suspicion of 25 counts of identity theft and one count each of forgery, marijuana possession and possession of methamphetamine. ...read full article


December 24, 2009


Sex Offender Charged in Disappearance of Maryland Girl



Police in Maryland were searching Christmas Eve for a missing 11-year-old girl last seen wearing fuzzy Christmas pajamas, and they have charged a registered child sex offender in her disappearance. ...read full article

Dentist's Account Missing Nearly $400K


Dentist Office Recently Came Under Attack Of Phone Sex Calls


...read full article

Ex-Marana police officer facing felony charges



A former Marana Police Officer has been indicted on charges of computer tampering and identity theft. ...read full article

Ca: Commissioner Cavoukian expects health sector to encrypt all health information on mobile devices: Nothing short of this is acceptable



Ontario Information and Privacy Commissioner, Dr. Ann Cavoukian, today directed the province’s health sector not remove from their premises any personal health information on mobile devices – unless this very sensitive information is encrypted, as required in a health order issued in 2007. ...read full article

GAO: Release of Nuclear Document Caused No Damage



A five-month long investigation by the Government Accountability Office determined that the inadvertent publication of a 267 page document describing U.S. civilian nuclear research facilities caused no damage to national security and did not require any remedial security measures at the cited facilities. Yet surprisingly, even though its publication had no adverse consequences at all, GAO endorsed the claim that the document was “sensitive” and recommended that rigorous new procedures be adopted to prevent public disclosure of such information in the future. ...read full article

Users bypass Kindle restrictions



In a post on his blog, a hacker has published a Python script for the "Kindle for PC" application that converts open e-books with DRM protection into unprotected Mobipocket books. The method for bypassing the Digital Rights Management (DRM) used on Kindle devices to prevent the sharing of e-books isn't new: A conversion script used by the hack has been in circulation on the internet for over a year. ...read full article

California-Based Identity Theft and Bank Fraud Ringleader Sentenced



GRAND RAPIDS, MI—United States Attorney Donald A. Davis announced the sentencing on December 21 of Alonzo Lamar Holloway, 44, of Oakland, California, on a four-count Indictment that charged him with bank fraud, wire fraud, aggravated identity theft, and with conspiracy to commit bank and wire fraud and identity theft. Holloway, who is one of 16 defendants from Oakland charged in a long-running investigation conducted by the U.S. Secret Service and the U.S. Attorney’s Office, was sentenced by U.S. District Judge Robert J. Jonker to serve 11 years in Federal prison, to pay restitution of almost $700,000, and to serve five years of supervised release following his eventual discharge from prison. ...read full article


December 23, 2009


Suspected computer hack compromises Anchorage credit, debit card holders



ANCHORAGE, Alaska -- Just a simple swipe can lead to a ripple of consequences. ...read full article

Inmate gets 18 months for hacking prison computer



A former Massachusetts prison inmate has been given an 18-month prison sentence for hacking prison computers while he was incarcerated. ...read full article

Identity theft feared as data lost


Durham Region's loss of flu clinic information on 83,524 people called `disturbing'


Tens of thousands of people who attended flu clinics in Durham Region may be at risk of identity theft following the disappearance of a USB key containing their personal information. ...read full article

Credit card provider suffers breach, personal data lost



MBNA, the UK’s largest credit card provider, has confirmed that a laptop containing the personal details of its customers has been stolen from one of its third party contractors – NCO Europe Ltd – earlier this month. The information is said to include personal details, however, no PIN numbers were reported to be contained in the stolen data. ...read full article

Origin says MBNA laptop fiasco could easily have been avoided



Reports that a laptop containing the personal records of thousands of customers of MBNA Bank has been stolen (http://bit.ly/6BCAtg) mean that large numbers of the bank's credit cardholders will now be spend a worrisome Christmas and New Year break, concerned about their identities getting stolen. ...read full article

2010 data security trends: External attacks from the inside


Sentrigo announced its top data security trends to watch for in 2010.


Generally, companies have viewed attacks as either coming from outside the network perimeter or from internal users abusing privileges. However, the line between internal and external is blurring as a result of several new attack vectors. ...read full article

Facebook clickjacking attack spreads



A new clickjacking attack has targeted Facebook users. It presents itself in the form of a comment on the users' account ...read full article

Mother of two sent to jail for multiple identity-theft charges



A Hamilton mother of two girls who claims to have been a "runner" for a ring of identity thieves has been sentenced to 22 months in a provincial reformatory. ...read full article

Waupun couple charged in series of burglaries, identity thefts



JUNEAU — A couple accused of breaking into several storage units and vehicles parked near the Horicon Marsh has been charged. ...read full article

That’s not me: Resident fights identity theft, loss



He thought he was building a lasting relationship with someone he met on an online social networking site. What it turned out to be was a detailed, drawn out scam to steal his identity and rob him of more than $9,000. ...read full article

Pharma link spammers invade Live Space


Fake blog posts spamvertise knock-off pills


Cybercrime affiliates of unlicensed pharmaceutical websites have begun moving on from attacks purely designed to poison Google search engine results, and are now targetting Microsoft's web properties. ...read full article

Hackers break Amazon's Kindle DRM


The great ebook 'unswindle'


An Israeli hacker says he has broken copyright protections built in to Amazon's Kindle for PC, a feat that allows ebooks stored on the application to work with other devices. ...read full article

China State-linked Microblog Service Hacked at Launch



A Twitter-style service offered by a government-linked news site in China was hacked and has since gone offline, according to screenshots posted on the Web. ...read full article

Malware Writers Get Bold, Rent Datacenters


Not content with infecting individual PCs, the criminals who run botnets are now setting up shop in legitimate datacenters. How?


Security firm Kaspersky Lab has uncovered a disturbing trend among the criminal syndicates that write and distribute botnets (define). Instead of relying just on individual PCs, they are now taking advantage of loopholes and laxness to set up shop in datacenters. ...read full article

The scoop on state SSN laws and required policies



Businesses possess a great deal of personal information about job applicants, employees, and former employees such as retirees. In addition, employees and independent contractors of businesses often have access to personal information. One of the most common types of personal information is a Social Security number. ...read full article

Settlements Still Leave Many Post-Breach Legal Woes for Heartland



With two settlements announced in less than a week, merchant acquirer Heartland Payment Systems Inc. is putting some of the legal repercussions of its huge data breach behind it as 2009 draws to a close. But most of the legal troubles Heartland faces in the wake of the breach it announced last January still await resolution. ...read full article

New year brings new requirements for Florida driver's license changes



A trip to the DMV has always required a certain level of mental preparation -- the patience to endure what could be a long wait, the self-esteem to shrug off a license picture you know doesn't really look like you. ...read full article


December 22, 2009


Schmidt Tapped as White House Cybersecurity Coordinator



An administration official told CSOonline.com Monday night that IT security veteran Howard Schmidt will be the new White House cybersecurity coordinator, a position President Obama created seven months ago. ...read full article

Ten 2010 IT Security Predictions, Part 2: Schmidt and ICSA Labs



Howard Schmidt, former eBay CISO and vice chairman of the President's Critical Infrastructure Protection Board, and the folks from ICSA Labs, a vendor-neutral testing and certification lab, offer 10 predictions for security in 2009. (Second of 2 parts). ...read full article

Report: Russian gang linked to big Citibank hack



IDG News Service - U.S. authorities are investigating the theft of an estimated tens of millions of dollars from Citibank by hackers partly using Russian software tailored for the attack, according to a news report. ...read full article

Microsoft's 'whitelist' helps hackers, says Trend Micro


Rival researcher disagrees, says public posting of AV exclusion list no big deal


Computerworld - By recommending that users exclude some file extensions and folders from antivirus scans, Microsoft may put users at risk, a security company said today. ...read full article

FTC Seeks Scam Marketer’s Assets in Bankruptcy Court to Repay Money Owed to Consumers



The Federal Trade Commission has filed a complaint in bankruptcy court seeking assets from the operator of a defunct money-making scam, so that those assets can be used to help pay more than $17 million that he owes consumers as a result of a court judgment against him. ...read full article

An E-Book Buyer's Guide to Privacy



As we count down to end of 2009, the emerging star of this year's holiday shopping season is shaping up to be the electronic book reader (or e-reader). From Amazon's Kindle to Barnes and Noble's forthcoming Nook, e-readers are starting to transform how we buy and read books in the same way mp3s changed how we buy and listen to music. ...read full article

Teachers' data are private, union says



The head of Ohio's largest teachers union told a judge yesterday that releasing the names, addresses and other personal information of licensed teachers, administrators and school staff puts their safety and privacy at risk. ...read full article

Spammer fined, banned from cluttering inboxes



A Sunshine Coast man accused of being the mastermind of the world's largest online spam operation, which could send 10 billion emails a day, has been fined $210,000 by a Brisbane court. ...read full article

Tom Cruise Accused of Spying



LOS ANGELES -- The former owner of a Beverly Hills-based magazine has filed a complaint seeking $5 million from actor Tom Cruise, celebrity lawyer Bertram Fields and private investigator Anthony Pellicano that claims he was illegally wiretapped after Cruise filed a defamation suit against him. ...read full article

Identity of Chicago Blackhawks legend stolen



Chicago Blackhawks legend Stan Mikita says he's been the victim of identity theft. ...read full article

Woman charged with identity theft



LINCOLNSHIRE -- A Libertyville woman has been charged with identify theft following an investigation. ...read full article

Accused member of identity theft ring to enter guilty plea



JACKSON -- A member of an alleged identity theft ring that called itself the "Felony Lane Gang" and operated in south Mississippi is scheduled to plead guilty next month to conspiracy to commit mail fraud, according to federal court records. ...read full article

How The Koobface Worm Gang Makes Money


Trend Micro report looks at the true motivation behind the widespread malware-laden botnet


Chances are you know someone who has been hit by Koobface, one of the first successful social networking worms. But there are many faces to Koobface, and many ways its authors make money from it. ...read full article

12 things computer users should fear in 2010



About once a year, computer security news leaps out of the technology section and onto the front page and the top of network news broadcasts. ...read full article

Enemies lurk on friendly Facebook


Social networking sites fall prey to cyberbullies who steal identities


Mike Brown was late to join Facebook's swelling ranks. When he finally did, he kept his security settings high, used perfect punctuation and was careful about what he posted. ...read full article

Accused 'Wolverine' pirate calls charges 'ridiculous'



The FBI has accused the man who allegedly was first, or among the first, to upload a pirated copy of "X-Men Origins: Wolverine" that circulated online in April. What authorities have apparently yet to do is identify the original source of the leak. ...read full article

Attorney General Sues Three Companies for Loan Modification Scam



TALLAHASSEE - Attorney General Bill McCollum today announced he has filed a lawsuit against three businesses operating in Miami-Dade County, their principles and affiliated attorneys on allegations of deceptive and unfair trade practices regarding their involvement in a foreclosure rescue scam affecting homeowners nationwide. ...read full article

7-Eleven Hack From Russia Led to ATM Looting in New York



Flashback, early 2008: Citibank officials are witnessing a huge spike in fraudulent withdrawals from New York area ATMs — $180,000 is stolen from cash machines on the Upper East Side in just three days. After a stakeout, police arrest one man walking out of a bank with thousands of dollars in cash and 12 reprogrammed cards. ...read full article

Citigroup Denies Report of Hacking Theft



(AP) The FBI is investigating a hacker attack on Citigroup Inc. that led to the theft of tens of millions of dollars, The Wall Street Journal reported Tuesday. ...read full article

iPhone worms can create mobile botnets


Paranoid, and not just about Android


A detailed analysis of the most malign in a recent spate of iPhone worms points to future mobile botnet risks. ...read full article

Microsoft AV advice may aid attackers, researcher warns


Better performance. But at what cost?


A security researcher is taking Microsoft to task for advising customers to exclude certain files and folders from anti-virus scanning, arguing the practice could be exploited by pushers of malware. ...read full article

Paper-based data breaches on the rise



More than one quarter of data breaches so far this year involved consumer records that were jeopardized when organizations lost control over sensitive paper documents. ...read full article

Hacker Breaches College Library System



Officials for a community college system in North Carolina this week acknowledged that someone managed to hack his or her way into a server housing the Social Security and driver's license numbers of more than 51,000 library patrons. ...read full article

Madison woman jilted and duped in identity theft scam



An Eastside woman fell prey to an identity theft scam that cost her $20,000 and her heart. The identity thief used a stolen identity to swoon and swindle her. The woman met the scamster on an Internet dating service according to the Madison Police Report. ...read full article

Music Producer Files Identity Theft Suit



A top music producer has been the victim of brazen identity theft by a convicted felon who allegedly impersonated his way into a Hollywood Records studio. ...read full article

Chicago Sports Legend: Victim Of Identity Theft



Chicago (CBS) - More than $100,000 in two weeks -- gone. A Chicago sports legend, the victim of identity theft. CBS 2 Chief Correspondent Jay Levine reports that Blackhawks legend Stan Mikita has won virtually everything there is to win. But he thought he lost big, too, when cyber thieves created an online account and started paying themselves with his money. ...read full article

Five Myths About Cybersecurity



The Internet is the global communications and information infrastructure that provides the medium for communication and computation that facilitates the provisioning of numerous applications and infrastructure services, including e-mail, on-line banking, data storage, and quantum computing power. ...read full article

Alleged fraud targeted money for veterans



Eight current or former Colorado Springs residents posing as former military service members have been indicted for allegedly stealing $214,000 in unemployment benefits due veterans. ...read full article

Former Agent in S. California Arrested for Identity Theft



California Insurance Commissioner Steve Poizner today announced that James Alfred Morris, 66, of Covina, has been arrested and charged with eight felony counts of identity theft and six felony counts of grand theft after allegedly stealing a man's identity in order to sell life insurance policies and collect commissions. ...read full article

Madison woman jilted and duped in identity theft scam



An Eastside woman fell prey to an identity theft scam that cost her $20,000 and her heart. The identity thief used a stolen identity to swoon and swindle her. The woman met the scamster on an Internet dating service according to the Madison Police Report. ...read full article


December 21, 2009


26 Arrested in Three States in Medicare Fraud Schemes



FORT LAUDERDALE, Fla. (AP) — Federal agents arrested 26 suspects in three states on Tuesday, including a doctor and nurses, in a crackdown on Medicare fraud totaling $61 million. ...read full article

New credit card scam reaches Kent County



GRAND RAPIDS, Mich. (WZZM)- A new credit card scam is circulating, just in time for the holidays. ...read full article

iPhone Worm Was Simple, Yet Effective, Analysis Shows



The iKee worm that was infecting jailbroken iPhones last month was a simple, yet effective, piece of software that shows how easy it might be for an attacker to create a fairly large, functioning botnet comprising mobile devices, an analysis of the worm shows. ...read full article

Google Found Guilty In French Copyright Case


A judge ordered Google to pay 300,000 euros to a French publisher, plus 10,000 euros per day until it removes extracts of the publisher's books from its database.


A Paris court on Friday ruled that Google violated French copyright law in digitizing books, but it;s unlikely the decision will be the last word on the search engine's controversial book-scanning project. ...read full article

Spyware snags Akron Children’s Hospital patient and employee info



The Associated Press reports that Scott Graham of Ohio faces prison time after pleading guilty in federal court to felony charges of intercepting electronic communications by using spyware to spy on a woman’s computer activities. By spying on her, he also accidentally retrieved confidential information from the computer system at Akron Children’s Hospital, where she was employed. The software he employed was purchased over the Internet by a firm who says it is legal to use the software — if it’s installed on a computer owned by the purchaser. ...read full article

PennDOT computer heist remains unsolved



Three years after a mysterious heist of computer equipment from a state driver's license center, police are still unsure why the crooks targeted the state Department of Transportation building. ...read full article

Privilege Takes Center Stage as WaMu Bankruptcy Heats Up



Lawyers for Washington Mutual filed papers Friday in the bank's Chapter 11 case claiming Sullivan & Cromwell, on behalf of WaMu's new owners at JPMorgan Chase, has been sending out letters asking WaMu's old law firms to turn over their client files on WaMu -- files that include privileged material. ...read full article

B.C. civil servant accused of sending personal data to U.S. border guard


Victoria has suspended the employee and is investigating the security breach


A B.C. government employee under investigation for an alleged privacy breach is accused of e-mailing personal data about government clients to an American border guard in Washington state. ...read full article

DECAF: “Game Over”



Earlier this week, this site linked to a news report on DECAF, a counter-COFEE application. Now it appears that DECAF was a hoax (but see Comment 1, below, that it was not a hoax). ...read full article

Cyber Challenge tests nation's top hackers



Washington (CNN) -- With the coolness of a card shark at the final table of the World Series of Poker, Matt Bergin pulls the hood of his brown sweatshirt over his head and concentrates on the task at hand. ...read full article

New Twitter Attack Details Emerge



The attack that took down Twitter Dec. 17 used legitimate credentials to log in and redirect Twitter.com to a site purporting to be under the control of the Iranian Cyber Army. The incident underscores the importance for businesses of keeping an eye on DNS security. ...read full article

Brittany Murphy's death used for peddling rogue security software



It didn't take long before cybercriminals seized the opportunity to use the death of actress Brittany Murphy to peddle malware. The most obvious choice was search engine optimization poisoning. ...read full article


December 19, 2009


Attorney for doctors in WDH privacy breach disputes AG's finding



DOVER — An attorney for two doctors impacted by the privacy breach at Wentworth-Douglass Hospital says the Office of the Attorney General would have found WDH had to notify patients if the state knew a rogue employee accessed patients' social security numbers and sensitive insurance policy data. ...read full article

£1.2bn e-Borders programme may be illegal under EU data law



The government's £1.2bne-Borders programmecould be illegal under EU law because of thedatait collects on passengers entering the UK, MPs have said. ...read full article


December 18, 2009


Thief steals U.S. Army laptop from employee's home



A laptop containing the personal information of tens of thousands of U.S. Army soldiers, family members and U.S. Department of Defense employees was recently stolen. ...read full article

Twitter Downed By 'Iranian' Hackers


Social networking site infiltrated by group claiming ties to Middle Eastern country.


Social networking site Twitter was knocked offline early Friday by hackers who claimed to have links to Iran. ...read full article

Judge grants TJX hacker sentencing delay over health



The sentencing of TJX hacker Albert Gonzalez was halted after a psychiatrist determined that he has a developmental disorder and may not have known he was committing a crime, according to information filed by his attorneys this week in federal court in Boston. ...read full article

Facebook Hit With FTC Complaint


Electronic Privacy Information Center files formal objection against social networking site's privacy changes.


A group that advocates Internet privacy has filed a formal complaint with the Federal Trade Commission over Facebook's decision to open more of its members' information to public view unless they actively take steps to limit their data's exposure. ...read full article

Government Grapples With EMR Security, Privacy


Healthcare providers aren't stepping up to protect privacy of electronic medical records. Can the government provide adequate data security?


While electronic medical records promise massive opportunities for health benefits, the privacy and security risks are equally enormous. ...read full article

Illinois Department of Insurance Warns of Possible Auto Insurance Scam



The Illinois Department of Insurance reports that some Illinois residents have received letters, printed on fake insurance department letterhead, advising recipients that their “automobile insurance policy is cancelled,” and that their “Driver’s License and/or License Plate’s will be suspended within 10 days from receipt of this letter.” ...read full article

Arkansas Reports Insurance Scam Targeting Consumers in That State



Arkansas Insurance Commissioner Jay Bradford has cautioned that a scam operation that has sold fraudulent health insurance in Oklahoma and Connecticut is now targeting Arkansans. ...read full article

Arizona Mulls Shutting Insurance Fraud Unit



With a $2 billion state budget deficit looming, Arizona may become the first state in the country to abolish the anti-fraud unit of its Department of Insurance. ...read full article

Los Angeles-Area Agent Convicted of Identity Theft



California State Insurance Commissioner Steve Poizner today announced that Janet Gail Wroe, 49, of Canyon Country has been convicted of felony identity theft and sentenced to two years in prison after she stole the identity of a senior citizen and forged the victim's name on a Medicare Advantage plan enrollment form in order to receive a commission. ...read full article

Heartland Pays Amex $3.6 Million Over 2008 Data Breach



Heartland Payment Systems will pay American Express US$3.6 million to settle charges relating to the 2008 hacking of its payment system network. ...read full article

Cloud Security Alliance Issues New Guidelines



The Cloud Security Alliance published the second edition of its guidelines for secure cloud computing on Thursday, delivering a voluminous document that sets out an architectural framework and makes a host of recommendations around cloud security. ...read full article

How to protect your privacy on Facebook


Social network recently overhauled its privacy policies; here's how users can continue to safeguard their privacy


Over the past week, Facebook has been nudging its users to review and update their privacy settings. The site has given users many granular controls over their privacy, more than what's available on other major social networks. Still, in updating their privacy settings, several users might have made more information about themselves public than what they had intended. ...read full article

Hacker hit community college system



Patrons of the state's community colleges may have had their drivers license and Social Security numbers stolen by a hacker. ...read full article

Boise man pleads guilty to aggravated identity theft



A Boise man pleaded guilty in federal court Thursday to aggravated identity theft, according to a release from the U.S. Attorney for Idaho. ...read full article

Man in alleged identity theft ring to plead guilty



JACKSON, Miss. -- A member of an alleged identity theft ring that called itself the "Felony Lane Gang" and operated in south Mississippi is scheduled to plead guilty next month to conspiracy to commit mail fraud, federal court records said. ...read full article

ID thief got credit file? Equifax makes amends



Dear Fixer: Equifax gave my credit report to an identity thief one day in early September. The thief appears to have visited www.annualcreditreport.com. ...read full article

American Express phishing scam



Emails purportedly coming from American Express are making the rounds of inboxes this month. Panda Labs reports they contain a request for Amex customers to update their accounts. ...read full article

Officers Warned of Flaw in U.S. Drones in 2004



Senior U.S. military officers working for the Joint Chiefs of Staff discussed the danger of Russia and China intercepting and doctoring video from drone aircraft in 2004, but the Pentagon didn't begin securing the signals until this year, according to people familiar with the matter. ...read full article

B.C. civil servant accused of e-mail privacy breach



VICTORIA — The B.C. government is investigating an employee who is accused of e-mailing sensitive government information across the border to someone in the United States. ...read full article

TSA Cannot Order Sites to Take Down Sensitive Manual



After a Transportation Security Administration (TSA) manual containing “sensitive security information” was inadvertently disclosed on a government website, it was reposted on several non-governmental websites where it remains freely available. Asked what TSA intends to do about that, Acting TSA Administrator Gale D. Rossides told Congress that her agency does not have the legal authority to compel members of the public to remove sensitive TSA documents from their websites, though she wished that they would do so. ...read full article

ID Analytics Research Finds Conventional Wisdom About Change of Address and Fraud Risk is Incorrect


Traditional Metrics No Longer Provide Comprehensive Risk Coverage: Study Finds Identity Scoring Offers a More Effective Approach


SAN DIEGO, Dec. 18 /PRNewswire/ -- ID Analytics, Inc., the leader in on-demand identity intelligence, today announced the publication of its latest research study, "Address Discrepancy Data Study: Change of Address and Address Mismatch." ID Analytics' study examines the relationship between changes in address and fraud risk to determine whether certain variables related to an address change indicate a greater risk of fraud. The study finds that traditional variables no longer provide comprehensive risk coverage and the variables need to be modernized. ...read full article


December 17, 2009


U.S. House to toughen internal cybersecurity policy



Congressional leaders on Tuesday accepted five new cybersecurity policy recommendations aimed at protecting sensitive information belonging to the U.S. House and securing its IT systems from attack. ...read full article

Intelligence Improperly Collected on U.S. Citizens



WASHINGTON — In February, a Department of Homeland Security intelligence official wrote a “threat assessment” for the police in Wisconsin about a demonstration involving local pro- and anti-abortion rights groups. ...read full article

Meaning of identity theft key to appeal in Palin case


Defense says hacking e-mail doesn't count


The case of a Democratic state senator's son accused of perusing the contents of a conservative Republican vice presidential candidate's e-mail account is making for strange political bedfellows. ...read full article

Delaware crime: Police say woman stole $22,600 from account


Wachovia Bank teller's suspicions lead to charges of identity theft, forgery


A 27-year-old Philadelphia woman was charged with identity theft after a bank teller notified state police that she was trying to withdraw money from another customer's account. ...read full article

Credit Suisse to pay $536M to settle Iran wire transfer case



Credit Suisse Group has agreed to pay $536 million to settle a Justice Department probe and admit to violating U.S. economic sanctions by hiding the booming illegal business it was doing for Iranian banks. ...read full article

Autopsy reports altered in data breach at WDH: Frisbie says it will notify families of deceased



ROCHESTER — Frisbie Memorial Hospital says it will notify the families of two patients whose autopsy reports were altered when a Wentworth-Douglass Hospital employee made unauthorized changes to patients records' at WDH's pathology lab. ...read full article

PCSO fined for data access breach



A police community support officer has been fined £2,000 for unlawfully accessing information on Metropolitan Police databases. ...read full article

Former Lone Star National Bank VP convicted of bank fraud



(McALLEN, Texas) - A former vice president and senior loan officer of Lone Star National Bank has been convicted of bank fraud, U.S. Attorney Tim Johnson announced today. ...read full article

China cages game Trojan hackers



Chinese authorities have sentenced 11 members of a malware gang to long stretches behind bars, after the group was convicted of creating and distributing Trojans designed to steal the login credentials of online gamers. ...read full article

Secure USB drive relies on recognising faces


Works as a bottle opener too


Portable data security has stepped up a notch following one manufacturer’s decision to pair a USB Flash drive with facial recognition technology. ...read full article

Conficker jams up developing interwebs



The infamous Conficker worm has disproportionally affected computer systems in the developing world, according to new research. ...read full article

Adobe: critical Acrobat flaw fix 4 weeks away



Users of Adobe's Acrobat and Reader programs have a full four weeks to fret over a critical flaw that's being exploited in the wild to install malware on vulnerable machines. ...read full article

The 2009 data breach hall of shame


A review of the companies that made headlines for all the wrong reasons


Computerworld - If there was anything even vaguely comforting about the data breaches that were announced this year, it was that many of them stemmed from familiar and downright mundane security failures. ...read full article

Chinese ISP Hosts 1 in 7 Conficker Infections



Security experts have known for months that some countries have had a harder time battling the Conficker worm than others. But thanks to data released Wednesday by Shadowserver, a volunteer-run organization, they now have a better idea of which Internet Service Providers have the biggest problem. ...read full article

Eighth defendant in North Carolina staged accident ring sentenced



The eighth and final defendant in an auto insurance fraud ring that netted more than $100,000 in phony claims payments from staged accidents was sentenced in North Carolina. ...read full article

Insurgents Hack U.S. Drones


$26 Software Is Used to Breach Key Weapons in Iraq; Iranian Backing Suspected


WASHINGTON -- Militants in Iraq have used $26 off-the-shelf software to intercept live video feeds from U.S. Predator drones, potentially providing them with information they need to evade or monitor U.S. military operations. ...read full article

Bank manager charged with embezzling



A branch manager of Piedmont Bank in Statesville was accused Wednesday of stealing more than $270,000 from the bank and its customers - including more than $100,000 from her parents - to support her gambling addiction. ...read full article

Sands Casino scam attempt doesn't pay off



New York woman faces prison after pleading guilty to thefts. She stole $10,000 in 13 hours. ...read full article

Police: Identity thief looted $22,000 from bank account



A Philadelphia woman has been arrested and charged with stealing a bank customer's identity and looting the victim's account of more than $22,000. ...read full article

Consumers Overestimate The Dangers Of Online Identity Theft, Study Says



More than one-third of users think ID theft is most likely to happen online, but only 10 percent of the losses happen on the Web, researchers say ...read full article

Google, Dell, Microsoft, Yahoo invoked in work from home scam



Online scammers are abusing top web brand names such as Google, Dell, Microsoft and Yahoo to sell fake "work from home" packages and defraud unsuspecting users, an online security firm has warned. ...read full article

8 Japanese computer servers suspected in July cyber attack



Japan's National Police Agency said Thursday it suspects eight computer servers in Japan were involved in a wave of cyber attacks in July against government and private sector websites in South Korea and the United States, Japan's National Police Agency said Thursday. ...read full article

Five Things to Know About Social Engineering



SOCIAL ENGINEERING IS GROWING UP. Social engineering, the act of tricking people into giving up sensitive information, is nothing new. But today's criminals are having a heyday using e-mail and social networks. ...read full article

Cybersafety Booklet for Parents and Kids Now Available


FTC, Department of Education, Federal Communications Commission Officials Present Free Booklet at D.C. Middle School


A new booklet released today by the Federal Trade Commission and other government agencies helps parents and teachers steer kids safely through the online and mobile phone worlds. ...read full article

Parkersburg Man Facing Federal Charges



A Parkersburg man is facing federal charges after he's indicted for fraud and identity theft. ...read full article

Identity theft case has a bizarre twist



A five-page criminal complaint detailing a bizarre story of a man who claims to be a professor involved in human cloning research allegedly stealing the identify of a man in prison for murder in California who could be his brother. ...read full article

Upper Darby man arrested, faces identity theft charges



UPPER DARBY — An alleged swindler involved in a sophisticated identity-theft ring involving personal information copied from hospital records is facing multiple identity theft and theft charges, police said. ...read full article

Tennessee: Former Knox County deputy faces theft charges



A former Knox County sheriff's deputy was arraigned in federal court in an identity theft case. ...read full article

Sanctions Imposed for Wiping BlackBerrys



Numerous courts have imposed sanctions for failing to preserve e-mails and other electronic documents. But few decisions have addressed the consequences of destroying electronic information stored on portable electronic devices -- such as BlackBerrys and smart phones. This may be starting to change. ...read full article

Trial Date Set for Champaign Couple Charged with Credit Card Fraud



A Champaign, Illinois couple, Karen D. Dooley, 29, and her husband, Michael J. Jefferies, 32, were arraigned in federal court in Urbana on various federal criminal offenses related to credit card fraud in a seven-count indictment. ...read full article

Check your Facebook privacy settings. Now!


More than ever, your personal information is flapping in the breeze


If Facebook founder Mark Zuckerberg can't figure out his social networking site's privacy settings after they were ripped open earlier this month, what hope is there for the rest of us? ...read full article

Ohio court: Cell phone searches require warrant


ACLU described ruling by Ohio Supreme Court as landmark case


COLUMBUS, Ohio - The Ohio Supreme Court said Tuesday police officers must obtain a search warrant before scouring the contents of a suspect's cell phone, unless their safety is in danger. ...read full article


December 16, 2009


Microsoft Tackles the Child Pornography Problem



The Internet is a hyper-efficient distribution channel for media of all kinds. So it is hardly surprising, even if disturbing, that the march of the Net has also brought “an explosion in the spread of child pornography,” as Ernie Allen, president of the National Center for Missing and Exploited Children, put it. ...read full article

CA Predicts More Malvertising, Mac Attacks in 2010



Security researchers at business software developer CA this week warned enterprise customers to expect even more complex security threats in 2010 -- including an expected surge in so-called "malvertising" scams and more attacks targeting the Apple platform. ...read full article

Detroit Police probe stolen medical records


2 separate incidents put many at risk of identity theft


Detroit -- City health department officials announced Tuesday that police are investigating two incidents in which patients' medical records, including Social Security numbers, were stolen. ...read full article

Police Bust Possible Identity Theft Ring


Officers discover 61 pieces of stolen personal information


Dallas police said they believe they have broken up a major identity-theft ring. Officers discovered all kinds of stolen personal information inside a motel room on Finnell Street. Police arrested Mark Anthony, but investigators said they believe he may be part of a larger operative of identity thieves. ...read full article

Adobe Offers Advice on Avoiding New Reader Attack



One day after warning of a new attack on its Reader and Acrobat software, Adobe issued a security advisory Tuesday offering users some advice on how to mitigate the problem. ...read full article

Facebook sues men for allegedly phishing, spamming



Facebook has sued three men, alleging they used phishing techniques to get access to Facebook user accounts and then sent spam from the compromised accounts. ...read full article

Scammers exploit Google Doodle to spread malware



Online scammers are taking advantage of the public's interest in the Google Doodle to spread malware, a security firm warned on Tuesday. ...read full article

SEC Invokes Immunity in Negligence Suit by Madoff Victims



Bernie Madoff became America's poster child for financial scandal one year ago this week, though decades may pass before the mess he made is finally cleaned up. Just in time to mark this Ponzi anniversary, the Securities and Exchange Commission moved Monday to dismiss a suit by two Madoff victims who want to hold the agency accountable for failing to uncover Madoff's scheme more quickly. ...read full article

9/11 Museum Director Says Website Hacked



GREENBELT, Md. (CN) - A Maryland man hacked into the Ground Zero Museum Web site, deleted it and left a link that redirects Web surfers to a page that criticizes the museum, its founder Gary Suson claims in Maryland Federal Court. The museum on West 14th Street in Manhattan showcases artifacts from Ground Zero of the Sept. 11 terrorist attacks. ...read full article

Honeynet research lifts the lid on spam trends



Stats from the one billion spam messages blocked by Project Honey Pot over the last five years provide an insight into junk mail trends and spamming practices. ...read full article

UCSF belatedly announces September data breach



UC San Francisco said late Tuesday it has alerted 600 patients and others that an external hacker may have obtained “temporary access to emails containing their personal information” as a result of a late September phishing scam. ...read full article

Drug data mining ban unlikely in Senate health bill


No vote seen for "prescription mining" proposal


WASHINGTON, Dec 14 (Reuters) - A Democratic proposal to ban the collection of doctors' prescription records for marketing purposes is unlikely to be included as part of the Senate's overall health reform bill, a Senate staff member said on Monday. ...read full article

Colorado Supreme Court rules that immigrants' tax records are private, were illegally searched



DENVER — The Colorado Supreme Court ruled Monday that authorities violated the constitutional and privacy rights of suspected illegal immigrants when they used tax returns to try and build hundreds of identity theft cases against them. ...read full article

Mass. Supreme Court throws out lawsuit against BJs over '04 data breach


Ruling shows difficulty of winning tort actions in data breach cases


Computerworld - The Massachusetts Supreme Judicial Court affirmed a lower court ruling dismissing a lawsuit brought against BJ's Wholesale Clubby dozens of credit unions over a 2004 data breach. ...read full article


December 15, 2009


Feds Arrest Suspects in 3-State Medicare Fraud Crackdown



MIAMI — Federal agents have arrested several suspects in Miami as part of a Medicare fraud crackdown in three states. ...read full article

ID theft gang steals $200,000 in casino cash advances



Seven members of an alleged identity theft gang were arraigned in federal court today. ...read full article

Personal information compromised after Dollar Tree's computer is hacked



NORTH AUGUSTA -- Welcome to the Dollar Tree, where everything's a dollar. But for some customers, the cost of shopping there could have been a lot more. ...read full article

Personal Data At Risk After SQL Flaw Discovered



A SQL injection flaw on a social networking app developer site has compromised the security of users and could lead to identity theft ...read full article

SSL Certificates: Safety, Nuisance or Both?



Online shoppers have become familiar with little logos that indicate a site can be trusted. Obviously, phishers and other scammers can easily place such logos on their own sites without proper authorization. What level of certainty can a consumer have that a site that bears a trusted logo really earned it from a reputable authenticator? What good are these reassurances, really? ...read full article

Woman Wanted In Durham On Identity Theft Charges



DURHAM, N.C. -A Virginia woman is wanted by Durham Police for fraud and theft charges. ...read full article

ID Theft Threats to Watch in 2010


Interview with Jay Foley of the Identity Theft Resource


Financial scams and incidents of medical identity theft are on the rise - and they're among the main threats to business and consumers in 2010. ...read full article

How to Protect Against Medical Identity Theft



Medical identity theft is on the rise. It's a crime that most often originates from within the health care system and the theft can take months or even years to be discovered. ...read full article

RockYou hacked, 32 million account passwords potentially exposed



RockYou has suffered a serious hacker attack that has exposed 32 million of its customer usernames and passwords, leading to possible identity theft. ...read full article

Court Backs Lawyers In ID Theft Rule Fight



A Washington, D.C., judge has issued an opinion giving a further boost to a recent partial victory for attorneys fighting to be exempted from a rule that would force them to root out and stop identity theft. ...read full article

FBI: Computer Pop-Up Security Warnings Pose Threats


The FBI is warning consumers about an ongoing threat involving pop-up security messages that appear while they are on the Internet.


...read full article

Brandon man gets 5 years for ID theft



A Brandon man sentenced on today to five years in prison for a identity theft conviction. ...read full article

Cuban man pleads guilty to mail fraud, ID theft



LOS ANGELES -- A Cuban man has pleaded guilty to posing as an attorney so he could represent detainees in immigration court in San Pedro. ...read full article

Hacker used Twitter to control infected PCs



SAN JOSE, Calif. -- Twitter's been having a rough couple of weeks. A researcher looking into the attacks that knocked Twitter offline last week discovered another, unrelated security problem. ...read full article

Investigators Shut Down Mortgage Fraud Ring



Juan Sopprani, 31, Rancho Cucamonga, California, Karen Sopprani, 28, Rancho Cucamonga, California, Luis Molina, 41, Pomona, California and Earl Gutierrez, 36, Rancho Cucamonga, California, were arrested in connection with a mortgage fraud scheme. ...read full article

Hackers declare war on international forensics tool



Hackers have released software they say sabotages a suite of forensics utilities Microsoft provides for free to hundreds of law enforcement agencies across the globe. ...read full article

Unpatched PDF flaw harnessed to launch targeted attacks



Adobe is investigating reports of unpatched flaws in its Reader and Acrobat software packages. ...read full article

Robbers steal $3.7m from bank in Pakistan



Robbers have stolen at least $3.7m from a bank in Karachi, in what is being called Pakistan's biggest bank heist. ...read full article


December 14, 2009


Balancing Act: Security Vs. Functionality



As the government adds more functionality to its information system and application, the opportunity for attackers to hack federal IT also increases. ...read full article

Warnings issued after possible security breach



St. Paul, Minn. — The state of Minnesota has directed all of its agencies to stop using a Texas company state officials hired to verify the identities of new employees. ...read full article

MoD inquiry after laptop stolen from headquarters



An investigation is under way after a laptop containing secret data was stolen from the Ministry of Defence. ...read full article

US and Russia begin cyberwar limitation talks


It's like SALT for hackers


The US and Russia have begun talks on limiting the the military use of cyberspace. ...read full article

DVLA data powers likely to be abused by foreign officials


Bulgarian traffic wardens know where you live


Personal data belonging to nearly 40 million UK motorists is likely to be abused by foreign officials under new automatic access powers, according to a restricted official report. ...read full article

Pop-Up Security Warnings Pose Threats



The FBI warned consumers today about an ongoing threat involving pop-up security messages that appear while they are on the Internet. ...read full article

Microsoft Warns of Increased Malware in Pirated Software



According to Microsoft, reports about fake computer software that are largely corrupted by malicious programs like viruses have increased twofold during 2007-08, counting some 150,000. ...read full article

Cyber crime poses threat to e-commerce



The past 12 months have been a banner year for cyber crime. And that could be bad news for the future of e-commerce. ...read full article

Man allegedly tries to collect on life insurance, claiming he is dead



A Wrigleyville, Ill., man is under arrest, charged with felony insurance fraud after trying to convince his insurer he was deceased. ...read full article

Attacks on strong authentication factors need new defenses



Fraudsters have started to raid user accounts by beating strong two-factor authentication methods. Gartner analysts said that Trojan-based, man-in-the-browser attacks are circumventing strong two-factor authentication, enabled through one-time password (OTP) tokens. Other strong authentication factors, such as those using chip cards and biometric technology that rely on browser communications, can be similarly defeated. ...read full article

A prescription for snooping


Drug companies defend the practice of mining data from pharmacies and insurers, but others are alarmed.


Reporting from Washington - When your doctor writes you a prescription, that's just between you, your doctor and maybe your health insurance company -- right? ...read full article

Facebook boss caught out by privacy change



SOCIAL NOTWORKING SITE Facebook has revamped its privacy rules, as we reported last week, but it is starting to look like its boss might be regretting the change. Candid snaps of founder Mark Zuckerberg have found their way onto the web. ...read full article

Computer theft being targeted by SFU, police



Simon Fraser University is crediting a new "bait laptop" program for cutting computer thefts on campus by more than 30 per cent. ...read full article

New Swedish law draft for centralized internet and telephony interception



This file presents a draft law for internet and telephony spying from the Swedish department of justice. The document was mentioned, but not released, by Svenska Dagbladet on Dec 12, 2009 ...read full article

Private Colleges Question Kindergarten-to-Career Data Collection



The organization representing private colleges and universities in Tennessee is asking the state to think twice before collecting more data on students. ...read full article

Identity Theft Identity theft can spoil the holidays



Identity theft claimed 10 million victims in 2008, a 22 percent increase over 2007, according to a report from Javelin Strategy and Research. The Better Business Bureau warns that the holiday season provides many new opportunities for identity thieves. ...read full article

Auto Warranty Telescams Continue



(CN) - Telemarketers are still making illegal robocalls to push bogus credit-card interest rate reductions and auto warranty scams, and refuse to pay refunds when customers call them on it, the FTC says in Federal Court. The FTC prohibited such robocalls as of Sept. 1 after a congressman got a pitch for one. ...read full article

Hackers block Microsoft Cofee law enforcement software


Hackers have released software designed to attack a Microsoft tool used by law enforcement agencies.


According to a report on The Register the hack known as Decaf automatically launches countermeasures to Computer Online Forensic Evidence Extractor (Cofee), which provides tools used in the collection of digital evidence. ...read full article

Facebook privacy and security guide



This is a video created by Tom Eston from SocialMediaSecurity walking you through the new Facebook privacy settings. It also covers notifications, Facebook Ads and hiding your Friends list from public searches. ...read full article

World of Warcraft phishing scam



World of Warcraft (WoW) players should be on the lookout for phishing sites trying to get their user info. One still operating at time of writing is worldqfwarcraft.com. ...read full article

Beware of Bogus Tests, Inspections, and Fixes for Damaged Drywall



The Federal Trade Commission warns consumers to be skeptical of anyone trying to sell test kits, inspections, or quick fixes for problems caused by imported drywall that has turned out to be contaminated. ...read full article

Connecticut Clamps Down On Snooping State Employees



HARTFORD, Conn. - Connecticut officials say new measures are in place to deter state employees from browsing people's confidential tax records. ...read full article

Guidelines Aimed at Thwarting ID Theft, Security Breaches Unveiled



Responding to concerns about identity theft and security breaches linked to portable devices, the AICPA and the Canadian Institute of Chartered Accountants have expanded Generally Accepted Privacy Principles to include protocols for securing personal information. ...read full article

Ex-Prosecutor Loses Bid to View Probe Documents



(CN) - A federal prosecutor's emails to his attorney on government computers are privileged, a federal judge in Washington, D.C. ruled, rejecting a motion to compel discovery filed by a former federal prosecutor accused of prosecutorial misconduct in a high-profile terrorism trial in Detroit. ...read full article

The 12 Cons of Christmas


These holiday cons can lead to identity theft or infection of your computer and make the most wonderful time of the year quite woeful


While the risk of being hacked, conned or having sensitive information stolen is possible all through the year, most security experts agree that the holiday season brings a spike in fraudulent activity, both online and off. ...read full article

Lawyer in identity theft case charged with tax fraud



Syracuse, NY - A local lawyer already facing charges she stole her law partner’s husband’s identity to open a fraudulent credit card account was charged today with felony tax fraud as well. ...read full article

Immigrants Sentenced for Thefts of Tax Refunds



WICHITA, Kan. (AP) - The U.S. attorney's office says three illegal immigrants will go to prison for their roles in a scheme to steal tax refund checks from Texas workers and use phony IDs to cash them in Kansas. ...read full article

Court: Immigrants' tax records illegally searched



DENVER (AP) The Colorado Supreme Court says Weld County authorities violated privacy rights of immigrants when sheriff's deputies seized thousands of tax returns to investigate them for identity theft. ...read full article


December 13, 2009


Google Faces a Different World in Italy



PARIS — One morning in January 2008, Peter Fleischer, the chief privacy counsel at Google, was walking to the University of Milan to deliver a speech at a conference when someone shouted his name from behind. Shortly afterward, he was surrounded by five Italian police officers. ...read full article

Cyber crime poses threat to e-commerce



(CNN) -- The past 12 months have been a banner year for cyber crime. And that could be bad news for the future of e-commerce. ...read full article


December 12, 2009


Supreme Court may decide whether workers' text messages are private



WASHINGTON - Workplace rights advocates are closely following a California case now before the Supreme Court in which employees for the first time won a constitutional right to privacy in their text messages, even when the messages were sexually explicit comments to co-workers. ...read full article

District Court Finds Personal E-Mail From Work Still Privileged



A federal prosecutor has won his fight to conceal e-mails he sent to his attorney over the government’s computers, contradicting a popular belief that employees have no expectation of privacy on work computers. ...read full article


December 11, 2009


Patients at risk of identity theft may wait 60 days to find out



Kathy Silver, CEO of University Medical Center, learned three weeks ago that names, birth dates and Social Security numbers for at least 21 patients were leaked from the hospital — a crime being investigated by the FBI. ...read full article

HSBC confirms data theft by former employee



IDG News Service - HSBC confirmed Friday that a former employee stole client data but said the number of records taken was less than 10. ...read full article

Droid Smartphone Hacked


Exploit lets phone users gain administrative root access to Google Android-based phones


First the iPhone, now the Droid: A hacker has unleashed an exploit that lets a user wrest administrative root control of his or her Motorola Droid smartphone. ...read full article

2009 in threats: Fake security software, search engines and social networks



The latest State of the Internet 2009 report by CA states that the most notable 2009 online threats were rogue/fake security software, major search engines, social networks and Web 2.0 threats. The report compiles trends from the first half of 2009. ...read full article

ID theft ring caught in Holton



HOLTON — More than a dozen people accused in an identity theft ring have been charged with fraud and forgery, Attorney General Steve Six said Thursday. ...read full article

Symantec CEO: We don’t employ hackers


Ethical hacking is just another name for quality assurance, the security company’s CEO says


Ethical hacking has a definite role to play in keeping businesses secure, according to the Symantec’s CEO Enrique Salem, but the company will not hire known hackers to carry out the service. ...read full article

Alberta health board cleared in records breach



The Alberta privacy commissioner's office has found that the province's health board had reasonable security measures in place when a virus targeted a computer network in July, potentially affecting the personal health information of thousands of people. ...read full article

Potent malware link infects almost 300,000 webpages



A security researcher has identified a new attack that has infected almost 300,000 webpages with links that direct visitors to a potent cocktail of malicious exploits. ...read full article

Facebook's New Privacy Settings: 5 Things You Should Know



Facebook has begun rolling out its new privacy settings to all of its 350 million users. If you haven't seen it already, you will soon have to go through a wizard that will guide you through the process of confirming your privacy settings. ...read full article

Class Alleges Giant Spyware Scheme



(CN) - Internet service provider WideOpen West installed spyware on its broadband networks that "funneled all users' Internet communications - inbound and outbound, in their entirety - to a third-party Internet advertisement-serving company, NebuAd," a class action claims in Chicago Federal Court. "NebuAd and WOW used the intercepted communications to monitor and profile individual users, inject advertisements into the Web pages users visited, transmit code that caused undeletable tracking cookies to be installed on users' computers, and forge the 'return addresses' of user communications so their tampering would escape the detection of users' privacy and security controls," the class claims. ...read full article

FTC Busts Interest Rate Reduction Scams



CHICAGO (CN) - The FTC says six abusive telemarketing firms conned U.S. and Canadian victims out of thousands of dollars by claiming they could reduce interest rates on credit cards and help them pay off debts faster. The agency says the scammers charged as much as $1,995 up front but failed to deliver and refused to pay refunds. ...read full article

House passes bill to require data breach notifications



The House has passed a bill that would set nationwide rules for notifying potential victims of identify theft when their personal information that’s stored electronically is improperly exposed. ...read full article

AU: Consumers may be told of ID theft



AUSTRALIAN businesses may soon be forced to tell their customers if their personal details have been stolen, under proposed new laws to combat identity theft. ...read full article

Woman Charged With Identity Theft



A woman is in jail after deputies say she stole someone's debit card and then went on a shopping spree. And deputies say it's not the first time she was arrested for it. ...read full article

Warranty Registration Cards May Lead to Identity Theft



Purchasing a new product with a warranty is a smart move. Whether it is a small home appliance or a large gaming system, most pieces of new technology today carry some form of manufacturer's warranty. When making your next technology purchase, before filling out the warranty card for the manufacturer, take a moment to consider how this may place you at-risk for identity theft. ...read full article

Ninth Circuit rejects Patriot Act challenge for lack of standing



[JURIST] The US Court of Appeals for the Ninth Circuit [official website] ruled [opinion, PDF] Thursday that a lawsuit seeking to declare parts of the Patriot Act [JURIST news archive] unconstitutional must be dismissed for lack of standing. Brandon Mayfield [JURIST news archive], an attorney arrested [JURIST report] in 2004 based on FBI error in connection with the 2004 Madrid train bombings [BBC backgrounder; JURIST news archive], had argued that parts of the Patriot Act amending the Foreign Intelligence Surveillance Act (FISA) violated the Fourth Amendment [text]. Specifically, Mayfield alleged that FISA provisions allowing the government use electronic surveillance [50 USC § 1804] and physically search [50 USC § 1823] his home without probable cause violated his Fourth Amendment rights. In reversing a lower court decision [opinion, PDF; JURIST report], the court refused to rule on the merits of the case, finding that Mayfield could not pursue his claim because a settlement [text, PDF; JURIST report] between Mayfield and the Government expressly limited Mayfield's possible relief to a declaratory judgment that the provisions violated the Fourth Amendment. ...read full article

Preston Man Arrested on ID Theft, Fraud Charges



PRESTON, Md.- A Preston man is facing charges in three counties in connection with a check and check card fraud case. ...read full article

FTC Report Finds Sexually and Violently Explicit Content in Online Virtual Worlds Accessed by Minors


Recommends Best Practices to Shield Children and Teens


The Federal Trade Commission today issued a report that examines the incidence of sexually and violently explicit content in online virtual worlds. The congressionally mandated report, “Virtual Worlds and Kids: Mapping the Risks,” urges operators of virtual worlds to take a number of steps to keep explicit content away from children and teens, and recommends that parents familiarize themselves with the virtual worlds their kids visit. ...read full article

Government plans to launch cloud next year



The Government is creating a blueprint for its private cloud infrastructure and expects to launch across the public sector next year. ...read full article


December 10, 2009


Sexting - education, research, and multidisciplinary prevention and response



Earlier this week, I participated in a Summit organized by the National District Attorneys Association and the National Center for the Prevention of Child Abuse with a variety of professionals in the child protection arena. While other attendees focused in on the problem of child sex trafficking, my small group concentrated on the phenomenon of sexting and self-exploitation. ...read full article

Facebook Christmas Worm Spreads Holiday Infection


Koobface, the worm that has plagued Facebook, Twitter and other social sites, is back.


The latest version of the infamous Koobface worm carries a Christmas greeting that can render victims' computers inoperable. ...read full article

Novel Claim Against Insurer in Madoff Fiasco



(CN) - In a novel claim involving Bernard Madoff's Ponzi scheme, a woman claims that Fireman's Fund Insurance owes her more than $75,000. Sharon Lissauer claims that because Madoff did not buy securities with her money, Fireman's cannot limit her claim to $5,000 for "theft of securities." ...read full article

Hackers find a home in Amazon's EC2 cloud



IDG News Service - Security researchers have spotted the Zeus botnet running an unauthorized command and control center on Amazon's EC2 cloud computing infrastructure. ...read full article

TSA Officials Put on Administrative Leave After Security Lapse



The Department of Homeland Security has placed several employees on administrative leave for their role in the exposure of a document containing detailed information on passenger screening procedures used at U.S. airports. ...read full article

Can the CFAA Protect Your Business Data?



The economic issues facing many companies have resulted in large numbers of employee terminations and resignations. This job reshuffling has brought a variety of employment issues to the forefront for management. One such issue is how best to safeguard business data once employees are asked to leave or elect to resign. ...read full article

Windows Users Targeted in Anti-Malware Scam



A rogue anti-malware product called DefenceLab redirects infected PCs to Microsoft's Support portal, but modifies the HTML content as it returns so as to appear as if Microsoft is endorsing the worthless software. ...read full article

Top 10 botnets and their impact



Every day, approximately 89.5 billion unsolicited messages (i.e. spam) are sent by computers that have been compromised and are part of a botnet. ...read full article

SQL injection attack claims 132,000+



A large scale SQL injection attack has injected a malicious iframe on tens of thousands of susceptible websites. ScanSafe reports that the injected iframe loads malicious content from 318x.com, which eventually leads to the installation of a rootkit-enabled variant of the Buzus backdoor trojan. A Google search on the iframe resulted in over 132,000 hits as of December 10, 2009. ...read full article

The security nightmare formula



According to the Cisco 2009 Annual Security Report, small errors on the part of computer users or their IT departments may not wreak havoc on their own, but in combination, they dramatically increase security challenges. ...read full article

School clerk accused of stealing more than $10,000



BATON ROUGE, La. (AP) - Authorities say an East Baton Rouge Parish school system payroll specialist has been arrested in the theft of more than $10,000 from the school district. ...read full article

Report names top threats to campus networks


Data show that only 17 percent of college campuses employ effective measures for keeping networks safe


Eight out of 10 colleges included in a recent study were deemed vulnerable to cyber attacks that could cost IT departments thousands of dollars, highlighting the security downfalls of decentralized campus networks with little interconnectedness. ...read full article

Student information compromised: Intact records found


Bushland views gaffe as a way to 'get better'


A Potter County school district has improved security protecting its student records after paperwork containing Social Security numbers, family incomes and student addresses was discovered at a recycling site in Canyon. ...read full article

Former B of A employee pleads guilty to providing false VOD's



A former Bank of America employee was convicted of wire fraud today in federal court for creating false documents to secure approval of mortgage loan applications. ...read full article

Kazakh President Signs 'Privacy' Law



ASTANA -- Kazakh President Nursultan Nazarbaev has signed a controversial law on privacy protection, RFE/RL's Kazakh Service reports. ...read full article

Court Upholds BofA's ID Policy for Foreigners



(CN) - A Bank of America policy requiring U.S. citizens to provide a Social Security number to open a credit card while letting foreign nationals use other forms of identification does not discriminate against U.S. citizens, a California appeals court ruled. ...read full article

Goverments must unite to head off cyber-terrorism threat, says Kaspersky



Governments have begun working to combat cyber threats, but many are working on national initiatives to tackle a global problem, says Russian security firm Kaspersky Lab. ...read full article

Hacker McKinnon appeals to courts again



UFO hacker Gary McKinnon has asked the High Court to review the extradition order made against him. ...read full article

HomeOwnership Center: Loan scams hitting home



UTICA, N.Y. (WKTV) - Dozens of people throughout the Mohawk Valley have been scammed or nearly scammed by Loan Modification scammers. ...read full article


December 9, 2009


Yahoo, Go Daddy hosted websites targeted in two-stage phishing attack



If you control a blog or any small website, beware. Phishers are trying to lure owners of smaller websites who use hosting services from Yahoo, GoDaddy and MediaFire into divulging their administrator logons. ...read full article

New Data Show Most Breaches Come From External Sources



New data compiled by Verizon in an addendum to its Data Breach Investigations Report shows that the vast majority of reported and investigated data breaches are the result of external incidents, not insider threats. ...read full article

La. firm sues Capital One after losing thousands in online bank fraud



An electronics testing firm in Louisiana is suing its bank, Capital One, alleging that the financial institution was negligent when it failed to stop hackers from transferring nearly $100,000 out of its account earlier this year. ...read full article

T-Mobile data scam detected a year ago


Customers in the dark


The Information Commissioner's Office (ICO) has been investigating the theft and sale of T-Mobile customers' personal data for almost a year, it has emerged. ...read full article

EPIC Supports Privacy Safeguards for Genetic Information Recommends Robust Techniques for Deidentification



EPIC filed comments with the Department of Health and Human Services, advising the federal agency to strengthen the requirements for classifying data as “de-identified” under the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule. ...read full article

Data stolen from HSBC in Switzerland: Bank



GENEVA: Data related to less than 10 clients was stolen from HSBC's Swiss branch, the bank said on Wednesday, amid media reports that some names of alleged French tax evaders was obtained by France through theft. ...read full article

24,000 employees affected by data breach


Personal information exposed on the Internet, University working to minimize future threats


Important personal information, such as social security numbers, names and zip codes, of many Notre Dame employees was exposed to the Internet after the University accidentally placed the information in a publicly accessible location. ...read full article

Attorney General Says Health Net Security Breach Concerns Worsen After Report Reveals Breach Was Likely Theft



The Connecticut Attorney General, Richard Blumenthal, has issued a statement about his intensified concerns about the Health Net breach: Attorney General Richard Blumenthal said he is deeply troubled by an investigative report on the Health Net security breach that acknowledges a missing disk drive containing private financial and health information on hundreds of thousands of citizens was likely stolen. ...read full article

Hacker Exposes Unfixed Security Flaws In Pentagon Website


Romanian hacker posts proof-of-concept attacks for Pentagon's public Website


A Romanian hacker has posted a proof-of-concept attack exploiting vulnerabilities on the Pentagon's public Website that were first exposed several months ago and remain unfixed. ...read full article

Scammers scrape RAM for bank card data


Malware sidesteps encryption


Forget keyloggers and packet sniffers. In the wake of industry rules requiring credit card data to be encrypted, malware that siphons clear-text information from computer memory is all the rage among scammers, security researchers say. ...read full article

US air screening procedures leaked online



The US Transportation Security Administration (TSA) has revealed industry secrets about airport passenger screening practices by accidentally publishing an in-house manual online. ...read full article

Verizon: Data Breaches Getting More Sophisticated



Methods of stealing data are becoming increasingly sophisticated, but attackers are still gaining initial access to networks through known, preventable vulnerabilities, according to a report released by Verizon Business on Wednesday. ...read full article

Fired for Refusing To Let Bosses Use Son's Social Security Number, Waitress Says



WHITE PLAINS, N.Y. (CN) - A waitress says her managers fired her because she refused to take a bribe to let an undocumented kitchen worker use her son's Social Security number. Sheila Everly sued Legal Sea Foods in Westchester County Court. ...read full article

Two Data Security Breaches Give State Attorneys General a Chance to Exercise Their New HIPAA Powers



In a sign that state attorneys general may be flexing the HIPAA enforcement muscle granted by the HITECH Act provisions in the Recovery Act, the Connecticut and Arizona attorneys general are investigating health plans that recently experienced data breaches that they failed to disclose for several months. ...read full article

Police pledge on desal privacy breach


Victoria Police say privacy laws prevent them from releasing private information about opponents of Victoria's desalination plant.


They are reviewing an agreement that appears to allow police to give details about protesters to the company AquaSure, which is building the $3 billion plant at Wonthaggi, in the state's east. ...read full article

Men Accused of File-Sharing Scam



SAN DIEGO (CN) - Two San Diegans stole $20,000 by stealing identities of people who use peer-to-peer file-sharing software, federal prosecutors said. Jeffrey Steven Girandola, 32, and Kajohn Phommavong, 25, are charged with conspiracy, computer fraud, access device fraud and aggravated identity theft, the U.S. Attorney's Office said. ...read full article

Nevada agent fraudulently collects $27, faces four years in prison



A former Nevada insurance agent pleaded guilty to insurance fraud and could face up to four years in prison for writing fake insurance policies for friends and relatives without their knowledge. ...read full article

Germany plans Internet virus phonecall alerts



German officials are planning to step up the fight against online viruses by phoning Internet users to warn them their computers are infected, an industry summit was told Tuesday. ...read full article

Vulnerability in DISA security scripts could leave systems at risk


DISA warns government users not to run Unix Readiness Review Scripts until it is fixed


The Defense Information Systems Agency (DISA) is warning government administrators not to use its Security Readiness Review (SRR) scripts to evaluate Unix computers because of a vulnerability that could allow applications to install malicious software. ...read full article

Over 40 percent of Facebook users invite identity theft by blindly accepting friend requests



In the shocking, yet not really unexpected, results of an investigative study by Sophos, 41% of Facebook users blindly accept friend requests from unknown contacts. ...read full article

4 Santa Rosa residents arrested in identity-theft ring



Santa Rosa police on Tuesday arrested four Santa Rosa residents in connection with an identify-theft operation. ...read full article

2001 city council candidate Knapp sought on ID theft charges



Mark Knapp, an environmental activist who once ran as a Green Party-endorsed candidate for a seat on the Minneapolis City Council, is being sought by authorities on a federal arrest warrant after he skipped a court date in Oregon. ...read full article

28 Home Affairs officials arrested for identity theft



Addressing a media briefing in Pretoria yesterday, Home Affairs Minister Nkosazana Dlamini-Zuma said the officials were suspended last month. ...read full article

Man pleads guilty to fraud, identity theft



STOCKTON - A 39-year-old Stockton man pleaded guilty in federal court Tuesday to fraud, identity theft and possession of stolen mail in a two-year fraud scheme. ...read full article

New Study Indicates Consumers May Be Misinformed Regarding Identity Theft Risks



Consumers may have incorrect perceptions regarding identity theft while shopping for the holidays, according to a study commissioned by ProtectMyID.com, the multilayered identity theft detection, protection and fraud resolution product. ...read full article

Kennewick police arrest suspect in ID theft



KENNEWICK -- Kennewick police say they arrested one of two people sought in a week-old identity theft case and found someone wanted on unrelated warrants while tracking down suspects Monday. ...read full article

7 of 8 suspects arrested, charged in fraud case



SURFSIDE BEACH, SC (WMBF) - Surfside Beach Police have arrested seven people in connection with a fraud investigation, and are looking for an eighth suspect. ...read full article

Facebook gives users more privacy controls


Users will be able to select a privacy setting for each piece of content


NEW YORK - Facebook is changing its privacy settings to give users control over who sees the information they post on their personal pages. ...read full article

Surprise! Merchants say Web fraud is down



Times are tough -- even for cybercriminals. Online merchants in the U.S. and Canada report a dramatic 18 percent drop in fraud, down from $4 billion in 2008 to $3.3 billion this year, according to a survey by the security firm CyberSource. ...read full article

State Department Employee Sentenced for Illegally Accessing Confidential Passport Files



A State Department employee was sentenced today to 12 months of probation for illegally accessing more than 125 confidential passport application files. Kevin M. Young, 42, of Temple Hills, MD, was also ordered by U.S. Magistrate Judge Alan Kay in the District of Columbia to perform 100 hours of community service. Young pleaded guilty on Aug. 17, 2009, to a one-count criminal information charging him with unauthorized computer access. ...read full article

Computer of Alleged Sarah Palin Hacker had Spyware



The 21 year-old college student charged with hacking former Alaska Governor Sarah Palin's Yahoo e-mail account was using a compromised computer that was secretly logging and reporting information without his knowledge, his lawyers say. ...read full article


December 8, 2009


Student ordered to destroy downloaded music files


Student ordered to destroy downloaded music files


A graduate student who must pay four record labels a combined $675,000 in damages for downloading and sharing songs online has been ordered to destroy his illegal music files--but a judge declined to force him to stop promoting the activity that got him in trouble. ...read full article

Seattle man sentenced to two years in prison for 35 years of ID theft



Clark Mower, 58, of Seattle, Washington was sentenced on Friday in U.S. District Court in Seattle to two years in prison and one year of supervised release for Aggravated Identity Theft. Mower had used the personally identifying information of a family acquaintance for more than 30 years to avoid prosecution for drug and alcohol charges. He then used the stolen identity to obtain government benefits and declare bankruptcy, creating years of difficulties for the victim. The victim, a resident of Oregon, has struggled for years to clear his credit and get Mower to stop using his identity. ...read full article

Russian's Sneaky E-Filing Scam Netted $136K



SAN DIEGO (CN) - A Russian man was sentenced on Monday to 18 months in federal prison for a sneaky scheme in which he diverted federal tax returns to his own accounts. Maxim Maltsev, 23, of Novosibirsk and San Diego swiped $136,000 by setting up Web sites that claimed to be affiliated with the IRS "Free File" electronic filing program and taking the money from people who thought they were actually filing their returns with the IRS. ...read full article

District Court Explains Ruling that Red Flags Rule Doesn't Apply to Lawyers, Implies Limitation of Applicability to Banking, Lending, & Finance Sectors



On December 1, Judge Reggie Walton of the U.S. District Court for the District of Columbia issued a memorandum opinion in a lawsuit by the American Bar Association against the Federal Trade Commission, explaining his October 29 ruling from the bench that the FTC's Red Flags Rule does not apply to lawyers. Holding that "[e]ven a cursory review of the language of [the Fair and Accurate Transactions Act (FACT Act), through which Congress authorized the creation of the Red Flags Rule, and other legislation defining relevant terms] and the purposes underlying their enactment leads the Court to the conclusion that it was not 'the unambiguously expressed intent of Congress' to bring attorneys within the purview of the FACT Act and thus subject them to regulation by the Commission's Red Flags Rule," Judge Walton rejected almost every argument put forth by the FTC and indicated that the court would similarly condemn any FTC attempt to apply the Rule to other professionals outside of the banking, lending, and financial sectors who bill periodically for services previously rendered. ...read full article

uTest discovers cross-site scripting vulnerability on major retailer’s site



U-Test has just completed a substantive, independent review of three major e-tailing sites — and found a gaping security hole in one of them. ...read full article

The end of paralysing DDoS attacks?


Denial of service attacks - hacker attacks that paralyse high-profile websites - could be a thing of the past, say UK academics.


Distributed denial of service (DDoS) attacks are increasingly popular with cybercriminals, security firm McAfee warned in a November report. ...read full article

Google sues over work-at-home schemes



DG News Service - Google filed a lawsuit Monday against a U.S. company it alleges runs work-at-home scams that unnecessarily charge people's credit cards and spoof Google's brand name. ...read full article

The Turducken Approach to Privacy Law



In June, the metaphor of the turducken made its first appearance in American jurisprudence. ...read full article

ID Analytics Reveals New Address Discrepancy Research Findings



Organizations across a wide array of industries struggle to effectively identify fraudulent address changes and new Federal regulations are placing more stringent responsibilities on creditors to resolve address discrepancies. ...read full article

Criminals outwit Captcha website security systems



Criminal gangs are using sophisticated software to outwit the Captcha systems used by webmail, microblogging and social networking services to protect their sites against hackers and spammers. ...read full article

Groups Far Apart on Online Privacy Oversight



IF online privacy was once an obscure policy subject, it has come front and center. That much was apparent at the standing-room-only roundtable on privacy and technology that the Federal Trade Commission held here on Monday. ...read full article

Cisco 2009 Annual Security Report



Cisco Security Intelligence Operations announces the Cisco 2009 Annual Security Report. The updated report includes information about 2009 global threats and trends, as well as security recommendations for 2010. ...read full article

Unisys Predicts Biometrics Boom To Protect Data In 2010


Identifies seven security trends that will emerge in 2010


BLUE BELL, Pa., December 8, 2009 " Slashed budgets and reduced staffing numbers delayed many security initiatives in 2009, but the vulnerabilities didn't retreat and will only intensify in 2010, Unisys security experts predict. ...read full article

Ruggedised botnets pushing out even more spam



Cybercrooks have adapted to the takedown of rogue ISPs by building more resilient botnets. An annual security survey by MessageLabs found that the already high level of spam reached 87.7 per cent of email traffic during 2009, with highs and lows of 90.4 percent in May and 73.3 percent in February respectively. Junk volumes increased still further compared to the 81.2 per cent spam rate recorded by MessageLabs in 2008. ...read full article

Microsoft downplays Windows BitLocker attack threat



Microsoft says research spelling out multiple attack scenarios to access files protected by BitLocker presents a relatively low security risk to users. ...read full article

Consumers Are Advised to Beware of Credit Card Theft



The season of giving is a time of taking for some. The Lewis County Sheriff’s Office reported three cases of identity and credit card theft over the past weekend. ...read full article

Pleasant Grove woman charged in identity theft case



PROVO — A Pleasant Grove woman accused of working with her boyfriend to steal his adopted daughter's identity faces criminal charges. ...read full article

New Springville woman hit with identity theft charges



STATEN ISLAND, N.Y. -- Undeterred by her initial failure, an alleged identity thief from New Springville tried four more times to obtain credit cards in the name of a former friend’s wife. ...read full article

FTC Warns World Cup Soccer Fans: Watch Out for Ticket Scams



In conjunction with the organizers of the World Cup, the Federal Trade Commission is warning soccer fans that they could become victims of scams. In some cases, Web sites that offer tickets for sale are run by con artists who don't really have tickets. In other cases, consumers buy "tickets" and travel to the World Soccer Cup site only to learn that the tickets they purchased are counterfeit. Other Web sites may offer packages that provide hotels, transportation and tickets - but they don't actually have the tickets, at all. ...read full article

FTC Sues to Stop Robocalls With Deceptive Credit Card Interest-Rate Reduction Claims


Commission Also Issues National Do Not Call Registry Data Book for 2009


The Federal Trade Commission today announced its second major law enforcement effort this year targeting telemarketers who violated the Do Not Call Rule and other laws by making hundreds of thousands or even millions of pre-recorded robocalls to consumers. The cases announced today target three groups that allegedly made robocalls to sell worthless credit-card interest-rate reduction programs for hefty up-front fees of as much as $1,495. At the FTC’s request, in each case, the court has issued an order temporarily halting the robocalls pending trial. ...read full article

Germany to set up centre to coordinate fight against botnets



In 2010 the German government is planning to pick up the fight against infected home computers. In the first half of next year it plans to set up an advisory centre which will help users purge their computers of viruses and bots. The idea, jointly developed by the Federal Office for Information Security (BSI) and the Association of the German Internet Industry (eco), is based on the premise that internet service providers (ISPs) have long had the technical capability to identify infected computers by analysing network traffic. The project was officially announced by BSI and eco at today's fourth national IT summit in Stuttgart. ...read full article


December 7, 2009


HSBC exposed sensitive bankruptcy data



IDG News Service - HSBC Bank says a bug in its imaging software inadvertently exposed sensitive data about some of its customers going through bankruptcy proceedings. ...read full article

Medicare Fraud Busted in Dallas



DALLAS (CN) - Beltline Medical Supplies submitted more than $1 million in false Medicare claims, and its owner pleaded guilty to federal charges of aggravated identity theft. Rafayel Movsesyan, 38, of Los Angeles, opened Beltline in Dallas in 2007. ...read full article

Phishing losses add up



It's a numbers game – although the number of banking customers who fall victim to phishing attacks is small, it all adds up to a lucrative business for cyber criminals, according to a study by security services provider Trusteer. According to the Trusteer report, in any one phishing attack on a US banking institute, around 13 out of every million customers visit a phishing website, as a result of actions such as clicking on a link in an email, and of these almost half enter their login details on the phishing website. ...read full article

HIPAA's role in liability cases tested in Mich.


Courts have split over whether the federal privacy statute prevents informal discovery of certain patient information.


Michigan's Supreme Court is set to decide whether the Health Insurance Portability and Accountability Act preempts a state law allowing defendants in medical liability lawsuits to informally interview plaintiffs' other treating physicians -- a move that doctors say could put them at a disadvantage in defending such cases. ...read full article

Feds Challenged in Bid to Dismiss Wiretapping Suit



(CN) - The government can't use national security to justify its illegal wiretapping program, class-action attorneys argued in their bid to block the government from using the state secrets privilege to have the case dismissed. ...read full article

CBS 6 Exclusive: Confidential UAlbany documents part of Climategate leak



t least two confidential documents that SUNY lawyers refused to release earlier this year were leaked as part of thousands hacked from a top climate research center last month. ...read full article

New System Swaps the Cash Register for an iPhone


Some experts doubt that startup Square can succeed.


Square, a new startup based in San Francisco and headed by Twitter cofounder Jack Dorsey, opened its doors amid much hype and fanfare last week. But some experts are already questioning whether the company will be able to sustain itself. ...read full article

China Warns of Skype Phishing, Shuts Offending Domain



China's cyberthreat response group Monday warned local Skype users about phishing scams being carried out through the chat program, in a show of ongoing efforts to counter phishing in the country. ...read full article

Viruses infect Admissions server



An Office of Admissions server containing personal information of current, prospective and former undergraduate students was infected with a number of viruses on Nov. 11. ...read full article

Police: Greenport woman's social security number stolen in '88, ID thief found



An investigation that began when a Greenport, Columbia County woman had trouble applying for a mortgage has been traced back to an identity theft transaction that occurred 21 years ago, State Police say. ...read full article

Woman pleads guilty to identity theft



A Fort Drum woman could be sentenced to up to three years in state prison for illegally using another woman's debit card. ...read full article

New charge in children's program embezzlement



RICHMOND, Va. (AP) - A Richmond woman accused of embezzling from a state-run children's program is facing a new charge of extortion. ...read full article

Supreme Court Audit Board Case Could Reopen Sarbanes-Oxley Debate



The Supreme Court hears a case on Monday that could alter how corporate America is audited and overhaul the Sarbanes-Oxley corporate reform act. ...read full article

The hidden costs of identity theft



(CNN) -- Debra Guenterberg doesn't have to go to a horror movie to get spooked. She says she's been living a nightmare for the past 13 years. ...read full article

Hacker scalps NASA-run websites



Miscreants took advantage of weak security to hack into two NASA-run websites over the weekend. ...read full article

AU: Contractors should not have access to police files



On Saturday The Age revealed that Victoria Police had agreed to hand over to Aquasure, the international consortium building a desalination plant near Wonthaggi, information about people involved in protests against the plant. In a 20-page memorandum of understanding, signed in August by Assistant Commissioner Paul Evans and the secretary of the Department of Sustainability and Environment, Peter Harris, the police agreed to release to Aquasure ”law-enforcement data” in the form of ”any text, images, audio and video … and includes (but is not limited to) data related to individuals, aggregated data, written reports and correspondence, memoranda, police diaries, official notebooks, running sheets and other data repositories”. In other words, anything at all. ...read full article

Facebook users fall for rubber duck's friend request


People still haven't learned that social sites are criminal gold mines, says security firm


Computerworld - Facebook users haven't learned to keep their personal information private, a security researcher said today after his company conducted a test that sent randomly-selected people a friend request from bogus accounts. ...read full article


December 6, 2009


Kids' Social Security numbers on school postcards



RALEIGH -- The Wake County school system accidentally sent out about 5,000 postcards with students' Social Security numbers printed on the front, a mistake that angered parents and will cost the district nearly $100,000 to remedy. ...read full article


December 5, 2009


Beware of online ‘Breaking Dawn’ casting scam


Bogus ads appear on ‘Twilight’ fan sites, but movie isn’t even in production


Fraudulent e-mails announcing casting calls for “The Twilight Saga: Breaking Dawn,” have been flooding the inboxes of fanpires across the country, according to The Casting Scoop. ...read full article

Ca: Bank not responsible after new account was opened using stolen identity



A fraudster used forged identification of an individual to open a bank account in the individual’s name. When the fraud was discovered, the individual realized that the fraudster had also used an invalid address and telephone number when applying for the account. The victim claimed the bank could have avoided the fraud and the resulting impact on his credit rating by verifying this personal information before opening the account. ...read full article

Phishers angling for Web site administrators



Scam e-mail artists have launched a massive campaign to trick webmasters into giving up the credentials needed to administer their Web sites, targeting site owners at more than 90 online hosting providers. Experts say the attackers are attempting to build a distributed network of hacked sites through which to distribute their malicious software. ...read full article

Mail carrier suspected in theft of passport forms



Charges were pending against a Canada Post worker in Gatineau, Que., on Friday after about 70 Ontario passport applications full of personal information vanished in the mail. ...read full article

Identity Theft Charges Against Former UAlbany Student



Prosecutors in the Albany County District Attorney's Office say 22-year-old Jessica Erazo was able to get her hands on $19,000 by using stolen identities to co-sign for loans. ...read full article


December 4, 2009


FTC To Host Privacy Roundtable



The Federal Trade Commission will host the first of three public Roundtables to explore the privacy challenges posed by technology and business practices that collect and use consumer data. This first roundtable will focus on the benefits and risks of information-sharing practices, consumer expectations regarding such practices, behavioral advertising, information brokers, and the adequacy of existing legal and self-regulatory frameworks. ...read full article

Teen sues over ID in online arrest log



MADISON — In what may be the first lawsuit of its kind in the state, a Rhode Island man is suing the town because he was listed in an online arrest log when he was 17 years old, which is not permitted by law. ...read full article

New study calls for cybersecurity overhaul in U.S.


Government needs to focus on offering businesses incentives to fix security problems and educating corporate leaders about the benefits of enhanced cybersecurity


The U.S. government and private businesses need to overhaul the way they look at cybersecurity, with the government offering businesses new incentives to fix security problems, the Internet Security Alliance said. ...read full article

Thanksgiving Webcam promo leads to malware



IDG News Service - The $10 Webcam that Anna Giesman bought her daughter at Office Depot over the Thanksgiving weekend sounds like one of those deals that's too good to be true. And for her, it was. ...read full article

No harm, no foul, says judge in Express Script data breach case


Plaintiffs failed to show how breach affected them directly, judge rules


Computerworld - A federal court in Missouri has thrown out a consumer class-action lawsuit that was brought against pharmacy benefits company Express Scripts over a 2008 data breach in which millions of customer records were believed to have been illegally accessed. ...read full article

Seychelles & Barclays Called Financial Pirates



(CN) - The owner of a solar energy company says Barclays Bank and the African Republic of Seychelles are conspiring to "commandeer the world's financial system." Along the way, they plundered his corporate bank account, illegally seizing $8.5 million from it, LXE Solar claims in Manhattan Federal Court. ...read full article

New FTC website educates kids about privacy and fraud



The Federal Trade Commission has opened new areas of a “virtual mall” with content that will help kids learn to protect their privacy, spot frauds and scams, and avoid identity theft. The FTC Web site, www.ftc.gov/YouAreHere, introduces key consumer and business concepts and helps youngsters understand their role in the marketplace. The FTC is the nation’s consumer protection agency. ...read full article

Health Net’s notification to New Hampshire



Health Net’s notification to the New Hampshire Attorney General’s Office is now available online (pdf). Dated November 23, the letter states that although the files on the lost portable hard drive were not encrypted as they should have been, because they were image-only format files of scanned documents, they would be difficult to view. The files contained names, addresses, phone numbers, Social Security numbers, and possibly protected health information and financial information of 504 New Hampshire residents. ...read full article

Healthcare Data Breaches Slow To Surface



Doug Pollack, Chief Marketing Officer for ID Experts, wrote the following article, questioning why we’re not yet seeing any reports of breaches affecting 500 or more posted to HHS’s website under the provisions of HITECH that went into effect September 23. Keeping in mind that not all breaches involving healthcare organizations involve unsecured protected health information, that it takes time to figure out a breach and report it, that HHS gave entities an “out” by inserting a “harm threshold” that Congress did not want or legislate, and that HHS may not have anyone dedicated to updating their web site, I’m not particularly surprised that we’re not seeing anything on HHS’s web site yet. But like Doug, I keep watching their site, too. ...read full article

DOD to miss deadline for removing Social Security numbers from IDs



The Defense Department will not meet its end-of-the-year deadline for removing Social Security numbers from military ID cards as they are issued or renewed, the Pentagon has confirmed. ...read full article

PayPal mistakes own email for phishing attack



Banks and financial institutions are fond of lecturing customers about the perils of phishing emails, the bogus messages that attempt to trick marks into handing over their login credentials to fraudulent sites. Yet many undo this good work by sending out emails themselves that invite users to click on a link and log into their account rather than going a safer route and telling users to use bookmarked versions of their site. ...read full article

Two charged with trafficking counterfeit computer hardware



Federal prosecutors have charged two Johnson County men with trafficking counterfeit computer hardware they got from China and Hong Kong. ...read full article

Responding To The Red Flags Of Identity Theft



Today's high-profile breaches and increased media coverage guarantee that we're all familiar with identity theft. But the most rapidly growing segment – and one of the most damaging – is medical identity theft, which grew 400 percent in 2008 and accounts for close to five percent of all identity theft cases according to a Federal Trade Commission (FTC) survey. ...read full article

Woman told she is dead



An elderly Durban woman has become the latest victim of a Home Affairs bungle resulting in her being declared dead. ...read full article

ICBC camera led police to government files breach


Facial-recognition software found photos of same person, two names


New computer technology designed to protect B.C. driver's licences from fraud and identity theft red-flagged a civil servant last February and led to the discovery of a serious government privacy breach, court documents show. ...read full article

Supreme Court provides broad view of Internet luring



OTTAWA — The Supreme Court of Canada moved Thursday to "close the cyberspace door" on Internet predators in a unanimous ruling that is expected to make it easier to enforce Canada's criminal ban against luring children online. ...read full article

Know the traps before applying for a store credit card



NEW YORK | The offer could tempt anyone buying holiday gifts: Open a store credit card and save 20 percent on your purchase. ...read full article

Financial Agencies Release Safe Harbor Form



WASHINGTON (CN) - Financial institutions regulated under the Gramm-Leach-Bliley Act will issue new privacy statements to their account holders detailing the privacy policies of the institution and the rights of account holders under those policies. ...read full article

Gumblar Continues to Spread, Thousands of Sites Infected



Months after it first appeared on the scene, the Gumblar malware continues to infect thousands of servers across the Internet and is closing in on nearly 80,000 servers pointing to the hosts that are serving the malware. ...read full article

N.J. Supreme Court Weighs Travelers' Right of Privacy in Baggage They Don't Claim



A case heard by the New Jersey Supreme Court on Tuesday may clarify whether a passenger who doesn't claim his luggage can assert a Fourth Amendment right against search and seizure of its contents. ...read full article

New SpyPhone iPhone App Can Harvest Personal Data



A Swiss iPhone developer has released a new application that is capable of harvesting huge amounts of personal data from iPhones, including geolocation data, passwords, address book entries and email account information, all using just the public API. ...read full article

Attack on Windows BitLocker



Fraunhofer SIT has presented a method for discovering the BitLocker drive encryption PIN under Windows. The method even works where TPM is used to protect the boot process. The trick? An attacker with access to the target computer simply boots from a USB flash drive and replaces the BitLocker bootloader with a substitute bootloader which mimics the BitLocker PIN query process but saves the PINs entered by the user to disk in unencrypted form. ...read full article

Attack exploits just-patched Mac security bug



If you haven't installed the latest security update for Mac OS X, now would be a good time. A security researcher has released a proof-of-concept attack that exploits critical vulnerabilities that Apple patched on Thursday. The vulns stem from bugs in the Java runtime environment that allow attackers to remotely execute malicious code. Sun Microsystems patched the flaws early last month. ...read full article

Web Site Aims to Uncover Fakers in Fatigues



Military impostors, beware: A Web site has been launched to root out fraudulent veterans and fakers in fatigues. ...read full article

Security breach compromises information on 1,400 District 86 grads



A security breach discovered last month at the University of Nebraska involved the names, addresses and Social Security numbers of 1,400 Hinsdale High School District 86 graduates. ...read full article

EIU warns of student data security breach



CHARLESTON, Ill. (AP) - Eastern Illinois University says someone outside the school may have broken into files containing personal information from about 9,000 current and former students and applicants. ...read full article

Lost Textron Financial hard drive held employee, customer data



Textron Financial has notified the New Hampshire Attorney General’s Office that an external hard drive lost in mid-October contained personal information on 54 former and current employees as well as customers. ...read full article

DoD nixes vendor of online monitoring software over privacy concerns


Echometrix suspended from selling products via military's shopping portal


Computerworld - Echometrix Inc., a vendor of parental control software that is already under fire for alleged violations of an online children's privacy law, has been suspended from selling its products on a Department of Defense shopping portal because of privacy concerns. ...read full article


December 3, 2009


Morton loses confidential papers


Brief case stolen from friend's car eventually recovered


Sustainable Resources Minister Ted Morton told CBC News on Wednesday he felt really "stupid" after his brief case, containing confidential government documents, was stolen from a friend's car and found in a downtown apartment building. ...read full article

Memory stick given to Bristol boy sparks school data law row



A school has been accused of breaching data laws after it sent a 10-year-old boy home with a computer memory stick which contained sensitive information about his fellow pupils. ...read full article

Malware derails Indian business school admission tests


Politician wade in as exams for 8,000 applicants postponed


A malware infection has screwed up plans for Indian business schools to run admission tests online for the first time. ...read full article

Wanted: A Smokey Bear for cybersecurity



Cybersecurity has become more than a homeland security issue; it has become a national lifestyle issue that hinges on raising education at the individual level, a panel of information security experts said today. ...read full article

Fake websites shut down by police



More than 1,200 websites that claim to sell cut-price designer goods have been shut down in the biggest police operation of its kind in the UK. ...read full article

Men arrested in burglary, ID theft



Two men were in custody in the Wichita County Jail on Wednesday after being arrested in Iowa Park for vehicle burglary and identity theft-related charges, records show. ...read full article

Marion man arrested in identity theft case



A Marion man accused of taking a Florence man’s Social Security number, stealing from his bank account twice and getting a Verizon phone in his name has been arrested — but only after the victim said he contacted the U.S. Secret Service himself. ...read full article

Grand Jury Indicts Man Accused of Using Stolen ID Since 2001



PHOENIX (AP) — Maricopa County authorities say a man has been indicted on charges of identity theft and forgery. ...read full article

Spamwatch: Personal vaccination profiles



Hugh Williams over at the Identity Theft unit of the state attorney general's office sent me a tip about a new form of spam e-mail floating around the Internet, this time preying on swine flu fears. ...read full article

Sprint Denies 'Massive Disclosure' Of Sensitive Information


A privacy expert's claims vastly overstate the case, the company says.


Responding to Indiana University doctoral student and privacy researcher Christopher Soghoian's claim that Sprint Nextel (NYSE: S) provided law enforcement agencies with customer GPS location data over 8 million times in just over a year, Sprint said the information was "inaccurate" and has been "grossly misinterpreted." ...read full article

Government Surveillance Of Social Networks Challenged


Policies governing the usage of social network data remain unclear at many government agencies.


The U.S. government's use of social networks as an investigatory tool is being challenged by two legal advocacy organizations. ...read full article

Cameroon, China riskiest country domains, McAfee finds



Websites registered in the African nation of Cameroon are the most likely domains to infect users' computers with malware, according to McAfee's annual study on the web's riskiest recesses. ...read full article

Breached restaurateurs suing point-of-sale provider



Seven restaurant chains that suffered data breaches are suing the maker and distributor of a bank card processing system, which they say was vulnerable and allowed hackers to steal customer information. ...read full article

Bronx woman faces identity theft, forgery charges in New Rochelle



NEW ROCHELLE — A 45-year-old Bronx woman was arrested after, police said, she tried to use an altered Staten Island resident's driver's license as identification to withdraw $4,500 from Chase bank in New Rochelle. ...read full article

Fed chair's ID theft linked to woman charged in Colorado



DENVER - A woman busted for stealing the identity of Federal Reserve Chairman Ben Bernanke's wife now faces identity theft charges in Denver after cashing stolen checks at banks in Cherry Creek. ...read full article

Top Experts Examine Causes Of Breaches In Spy Museum Forensics Panel


Enterprises should rethink their approach to IT security, panelists say


WASHINGTON, D.C. -- Cyber Forensics: Digital CSI Event -- Here at the U.S. Spy Museum, breaches are taken seriously. And in a panel held here last night, four top security experts had some serious advice for enterprises and security professionals. ...read full article

Many More Government Records Compromised in 2009 than Year Ago, Report Claims



If you're bummed about the data in your department that just got breached, you have some cold comfort. Although the combined number of reported data breaches in the government and the military has dropped in 2009 compared to last year, many more records were compromised in those breaches, according to recent figures compiled by a California nonprofit. ...read full article

Tax Documents Found in Atlanta Dumpster



ATLANTA (MyFOX ATLANTA) - Private personal information was found in a dumpster Tuesday. Everything from tax returns to mortgage applications from a midtown accountant's office were found and state investigators said the documents should have been shredded. ...read full article

MS honeypot research sheds light on brute-force hacks



Microsoft's honeypot-based research has highlighted common password mistakes, as well as shedding light on automated hacking techniques. ...read full article

The FBI Says You've Won the Lottery



A Fight Identity Theft visitor forwarded this email to us today and it was so creative I just had to post it here. ...read full article

Birmingham Man Sentenced to Prison for False Tax Refund Scheme



Cardale Leon Bates of Birmingham, Ala., was sentenced to 57 months in prison today by U.S. District Court Judge L. Scott Coogler, the Justice Department and Internal Revenue Service (IRS) announced. ...read full article

John Deere purchase unraveled alleged identity theft scam for James Jett, of Byron Township



KENT COUNTY -- When James Jett purchased a $10,000 John Deere Gator two years ago, his credit was so good he qualified for a loan with no down payment and no interest for six months. ...read full article

Identity theft and homeowners insurance



If you have a bank account, credit card, social security number or driver's license, pay close attention: you're at risk for identity theft. ...read full article

AG Van Hollen: Milwaukee countyman sentenced in identity theft case



MILWAUKEE - Attorney General J.B. Van Hollen announced that a MilwaukeeCounty man was sentenced today for identity theft. ...read full article

Two sentenced to prison for online money laundering



IDG News Service - Two Bulgarians have been sentenced for their roles in an online money-laundering scheme that collected about $1.2 million from U.S. residents and sent it to a criminal group in Eastern Europe, the U.S. Department of Justice said. ...read full article

Black Screen Of Death Hits 50,000 PCs


Thousands of Microsoft Windows users download tool in hopes of fixing critical bug.


A security firm that's developed a fix for the so-called "black screen of death" affecting Windows PCs said more than 50,000 users have downloaded the utility in just five days—an indication that the problem is widespread. ...read full article


December 2, 2009


Navy to investigate security breach



Royal Navy investigators flew to Belfast last week after a memory stick containing "restricted" information on naval manoeuvres and personnel around the UK was reported missing. ...read full article

Wichita Student Private Information Online



Many Wichita parents are angry after learning their children's names, ages, addresses and phone numbers are listed on an internet web site. ...read full article

Civilization's High Stakes Cyber-Struggle: Q&A With Gen. Wesley Clark (ret.)



As wrenching as traditional warfare is, there is a new kind of threat brewing that ultimately could cause even greater harm to the planet, retired general Wesley Clark told TechNewsWorld. " ...read full article

Personal Documents Discovered in Dumpster



(Battlefield, MO) -- A shocking discovery made inside a Battlefield, Missouri dumpster. ...read full article

Cameroon leapfrogs Hong Kong in malware hosting blocklist


One in three .cm domains booby-trapped, warns McAfee


...read full article

UK mulls extension of McKinnon judicial review period


Refusal to step in branded 'spineless'


...read full article

Russian ransomware blocks net access


New social engineering wheeze appears in east


...read full article

Foodies sue providers of hacked payment system


Breaches R Us


...read full article

Malicious PDFs can commandeer BlackBerries, RIM warns


Patch available


Attackers can commandeer your BlackBerry servers by attaching maliciously formed PDF files to emails, Research in Motion warned Tuesday. ...read full article

FreeBSD bug gives untrusted root access


'Unbelievably simple' exploit


...read full article

Federal Judge Releases Written Opinion on 'Red Flags Rule'



The judge who ruled that lawyers can't be forced to comply with new federal rules meant to prevent identity theft released his written opinion Tuesday. ...read full article

Keep an eye on temps, and other holiday season security tips for retailers


Deck the halls, but watch the data logs, say security experts


...read full article

Social Security Numbers On County Website



Thousands of social security numbers posted on-line, has a Virginia watchdog group labeling a Shelby County office holder "the king of stupid." ...read full article

Hancock Fabrics: 4th State Linked to Possible Breach



A fourth state has been linked to the recent fraud associated with national retailer Hancock Fabrics. ...read full article

‘Mastermind’ of $1 million N.Y. Medicaid scheme sent to prison



David Williams, who authorities call “the mastermind” of a Long Island Medicaid scheme responsible for stealing more than $1 million, was sentenced to three years to nine years in prison. ...read full article

Ohio broker sanctioned for stealing two sisters’ $90,000 inheritance



A Miamisburg, Ohio, securities broker was barred by FINRA for misappropriating a $90,000 inheritance two sisters received from their deceased aunt. ...read full article

Trusteer Reports that Half of Online Banking Users Who Click on Phishing E-mails Lose their Login Credentials


Annual Phishing Related Losses Estimated to be as High as $9.4M per Million Customers


...read full article

Hackers spread virus with swine flu vaccine offer



Hackers are spreading a vicious computer virus through spam email messages that urge recipients to visit a bogus website offering vaccinations to protect them against another virus -- the one that causes swine flu. ...read full article

Gurnee man accused of ID theft



A 34-year-old Gurnee man was arrested last by Lincolnshire police as a suspect in an identity theft case. ...read full article

Data Breach Can Lead to Identity Theft



A recently released report reinforces the strong link between fraud and identity theft and warns consumers that they should be more proactive when it comes to protecting their personal information from ID thieves. ...read full article

'Tis the season for purse snatchings, car break-ins, identity theft


Officials aim to keep shoppers safe


...read full article

Duo indicted on multiple counts of credit card theft



WINCHESTER -- A local man and woman stole credit cards and used them to buy items in the city, according to indictments handed down by a Winchester Circuit Court grand jury in November. ...read full article

SC woman faces ID theft charges in Denver



DENVER (AP) — A woman awaiting sentencing in a Washington, D.C.-area identity theft case whose victims included Federal Reserve Chairman Ben Bernanke's wife also faces charges in Denver. ...read full article

Koobface botnet enters the Xmas season



The Koobface botnet, one of the most efficient social engineering driven botnets, is entering the Xmas season with a newly introduced template spoofing a YouTube video page, in between enticing the visitor into installing a bogus Adobe Flash Player Update.... ...read full article

5 security threats to watch in 2010



SINGAPORE--Everyday Internet users will be a key target for cybercriminals looking to get people to download their malware, while the proliferation of social sites such as Facebook and Twitter will lead to an increase of possible fraud cases, reported Symantec. ...read full article

Globalized domains to up phishing attacks



The upcoming launch of internationalized domain names (IDNs) is unlikely to have a significant impact on spam levels but may deliver a spike in phishing, security experts warned. ...read full article

Microsoft: November security updates are fine



Microsoft said Tuesday that its investigation has turned up no evidence that anything in its November security updates should be causing users to encounter a so-called "black screen of death." ...read full article

India blocks service to millions of handsets



India has blocked service to all mobile phones without a valid identity code, as part of antiterrorist measures being implemented by the Indian government. ...read full article

Issuing fake uni degrees should be a crime - expert



An American authority on university degrees wants New Zealand to make it a crime to issue or purchase unapproved educational qualifications, after putting New Zealand on its list of countries that churns out "fake" degrees. ...read full article

Facebook to overhaul privacy structure



Facebook is about to begin a major overhaul of its privacy structure, the company said in an announcement posted on the service Tuesday night. ...read full article

Holiday shopping season and cyber-criminals



UTICA, N.Y. (WKTV) - As the holiday shopping season is in full-swing, the chances of getting scammed or losing personal information through identity theft looms large. ...read full article


December 1, 2009


Court orders spam mastermind to pay $15.15 million



At the request of the Federal Trade Commission, a federal judge has ordered the mastermind of a vast international spam network to pay $15.15 million in a default judgment for his role in what was identified by the anti-spam organization Spamhaus as the largest “spam gang” in the world. The spam gang deceptively marketed products such as male-enhancement pills, prescription drugs, and weight-loss pills. Ringleader Lance Atkinson, a New Zealand citizen and Australian resident, last December admitted his involvement in the spam network to New Zealand authorities and has already paid more than $80,000 (nearly $108,000 New Zealand dollars). Atkinson’s accomplice, U.S. resident Jody Smith, agreed to an order requiring him to turn over nearly all of his assets to the FTC, to settle FTC charges. ...read full article

Hospital laptop stolen, data may be breached



A Children's Hospital of Philadelphia laptop computer containing Social Security numbers and other personal information for 943 people was stolen from a car outside an employee's home on Oct. 20. ...read full article

Laptop Theft Debated by Councillors



A FOUR-day lapse between council staff realising a laptop containing nearly 15,000 postal voter details was missing and reporting it to police was called into question last week. ...read full article

Breach Of Privacy Information At Kern Medical Center



BAKERSFIELD, Calif. -- On Oct. 31, a theft occurred at Kern Medical Center outside the Information Services Department located at 1700 Mount Vernon Ave. ...read full article

Navy Finds Lessons In Stolen Laptops, Storage Drives


The theft of computer equipment from a Naval office turned out to be less serious than feared, but served as a reminder on the importance of securing external hard drives and encrypting data.


...read full article

British minister denies McKinnon extradition appeal



Accused U.S. government hacker Gary McKinnon must be extradited to the United States to stand trial, a top British official has decided. ...read full article

A rather bland breach notification sparks questions



Alpha Software Inc., a business that focuses on development tools for businesses wishing to create AJAX-based platforms, recently announced a data breach in a manner so casual, some actually questioned if it was real. ...read full article

UK: Information Commissioner’s Office demystifies data protection



The Information Commissioner’s Office (ICO) has produced a new plain English Guide to Data Protection to provide businesses and organizations with practical advice about the Data Protection Act and dispel myths. The guide will help organizations safeguard personal data and comply with the law. The guide takes a straight-forward look at the principles of the Data Protection Act and uses practical, business-based examples. ...read full article

'Iqbal' Derails Tubercular Attorney's Privacy Complaint



Andrew H. Speaker, the lawyer who made headlines when he took a trans-Atlantic commercial flight while infected with a rare strain of tuberculosis, probably lost his bid to hold the Centers for Disease Control and Prevention liable for federal privacy act violations because of relatively new case law that changed the standard for dismissal on the eve of Speaker's filing. ...read full article

Privacy fears prompt Fry to quit Plaxo



Stephen Fry has quit Plaxo after he became annoyed that the social networking site was revealing what he sees as too many personal details with anyone visiting the site - as opposed to designated contacts ...read full article

Extra spam and malware security for bit.ly



Bit.ly has partnered with security firms to bolt improved anti-spam and malware protection onto the URL shortening service. ...read full article

Low Tech Data Security Measures Essential To Hitech Compliance


With the February 17 deadline looming, Kroll Fraud Solutions releases white paper outlining key steps to HITECH compliance.


...read full article

Growth of EHRs Could Lead to Rise in Medical Identity Theft



Although some people have touted electronic health records as a strategy to improve health care efficiency, others are expressing concern that EHRs could make patients more vulnerable to medical identity theft, the Wall Street Journal reports ...read full article

NICB sets up texting capability to report insurance fraud



As a way to increase the reporting of insurance fraud from the more than 246 million cell phone users in the U.S., the National Insurance Crime Bureau (NICB) is adding a text feature to its reporting system. ...read full article

Six Individuals Sentenced for Multi-Million Dollar E-Mail Stock Fraud Scheme



WASHINGTON – Six individuals were sentenced today in federal court in Detroit fortheir roles in a wide-ranging international stock fraud scheme involving the illegal use of bulkcommercial e-mails, or “spamming.” ...read full article

Court to decide what time, trouble are worth in Hannaford breach



PORTLAND, Maine — Whether Hannaford Bros. customers may recover damages for the time and trouble it took them to straighten out their bank or credit card accounts after the Scarborough-based firm’s computer system was breached in late 2007 and early 2008 now is up to the Maine Supreme Judicial Court. ...read full article

Identity theft equipment, cocaine found at apartment, Alameda police say



ALAMEDA — Equipment linked to identity theft, including a machine for embossing names and numbers on blank credit cards, was seized when investigators searched an apartment in the city's West End. ...read full article

Teacher charged with breach of computer security



A Southwest Austin middle school teacher was arrested last week and charged with breach of computer security, according to school district police. ...read full article

Scammers get more powerful tools for tapping social networks


Potential attackers are able to build detailed profiles that can then be used in highly targeted phishing scams against individuals and enterprises


New tools capable of quickly finding, gathering, and correlating information about individuals from social networking sites and other public sources are giving online scammers a powerful new weapon, say security researchers. ...read full article

Identity thieves prey on careless holiday shoppers



December may be the peak of the holiday shopping season, but it’s also the time of year when customers are most at risk for identity theft. ...read full article

Iwallet Corp launches iWallet to help prevent identity theft


iWallet helps to avoid identity theft, as it could be opened only if it recognizes your finger print.


...read full article

I.D. Theft Suspects Arrested in Madera County



MADERA COUNTY, Calif. (KFSN) -- A traffic stop has led to four arrests in Madera County; all of them are suspects in an alleged identity theft operation with victims across the country. ...read full article

Despite warnings, plenty still falling for scams



The letter offered the deal of a lifetime - the chance to split at least $16.5 million. ...read full article

Abu Dhabi Commercial Bank Partners with Cyveillance to Increase Customers' Online Security


Partnership enables Bank added customer protection from online threats and improved online protection of its brand


...read full article

Identity theft equipment, cocaine found at apartment, Alameda police say



ALAMEDA — Equipment linked to identity theft, including a machine for embossing names and numbers on blank credit cards, was seized when investigators searched an apartment in the city's West End. ...read full article

New ransomware attack blocks Internet access



Security researchers have stumbled upon a new piece of ransomware that blocks an infected computer from accessing the Internet until a fee is paid via SMS (text message). ...read full article

Tiger Woods car accident leads to malicious sites created and detected



The car accident involving golfer Tiger Woods has led to Google trends being dominated by the event. ...read full article

New Ransomware Blocks Internet Access



Security researchers have stumbled upon a new piece of ransomware that blocks an infected computer from accessing the Internet until a fee is paid via SMS (text message). ...read full article

WA Police leveraged in PayPal email scam



The Western Australia Police banner, badge and logo are being used by scammers in a fake email requesting recipients to hand over PayPal details. ...read full article

Northrop Grumman launches cybersecurity research group



IDG News Service - Government security contractor Northrop Grumman has joined with three leading cybersecurity research universities to launch a research consortium focused on fixing the most vexing problems in information security. ...read full article

Court to decide what time, trouble are worth in Hannaford breach



PORTLAND, Maine — Whether Hannaford Bros. customers may recover damages for the time and trouble it took them to straighten out their bank or credit card accounts after the Scarborough-based firm’s computer system was breached in late 2007 and early 2008 now is up to the Maine Supreme Judicial Court. ...read full article


 

Contact Information

Center for Identity Management and
Information Protection
Dr. Donald Rebovich,
Executive Director
315.792.3231
drebovich@utica.edu
Utica College
1600 Burrstone Road
Utica, NY 13502