CIMIP - Center for Identity Management and Information Protection

January 2010 News Archive



January 29, 2010


All is not OK in Oklahoma: State tax website victim of hack



The website of the Oklahoma Tax Commission was the apparent victim of a hack yesterday, one in which visitors to the website were prompted to accept an Adobe license agreement and download software. The hack could not come a worse time for the Commission, whose site is undoubtedly experiencing an uptick in visitors as tax season approaches. ...read full article

Phishing Scam Targets Users of Adobe PDF Reader



A new phishing scam is trying to fool people into thinking it comes from Adobe, announcing a new version of PDF Reader/Writer. The message is making its way into e-mail boxes today, and the real Adobe urged any recipients to simply delete it. ...read full article

Inside fraudster jailed for stealing from 7/7 victim's account



Former HSBC bank worker Paul Walsh has been jailed for two years after stealing more than £32,000 from a victim of the London suicide bomb attack on 7 July 2005. ...read full article

U.S. House leaders ask for investigation into hackings



IDG News Service - Two lawmakers criticized the Web services company that may have enabled the hacking of almost 50 government Web sites on Wednesday. ...read full article

Mortgage Fraudster Sent Up the River



MANHATTAN (CN) - Manhattan real estate developer Michael Hershkowitz was sentenced Thursday to 4 years in federal prison for his part in a $27 million Ponzi scheme involving fraudulent loans secured by nonexistent mortgages. Hershkowitz persuaded around 100 victims to loan the money to the Kingsland Group, allegedly to renovate 16 apartment buildings in Upper Manhattan. ...read full article

EFF online tool reveals 'fingerprint' browsers leave on the Web



A browser's digital fingerprint reveals a wealth of information and can potentially be used to profile and identify a user ...read full article

Judge Tosses Remaining Broadcom Charges, Finds 'Serious Problems' in SEC Complaint



A federal judge on Thursday dismissed drug charges against former Broadcom Corp. Chief Executive Officer Henry Nicholas and threw out a plea deal reached between prosecutors and a witness in a related stock-options backdating prosecution. ...read full article

Military seeks private sector help to build cyber warfare capability



he military is seeking help from the private sector to build offensive and defensive capabilities for cyber warfare. ...read full article

Data-sharing deal with US could be torpedoed, EU conservatives warn



Brussels - The conservative grouping in the European parliament is set to reject a planned agreement with the US on sharing bank transfer data, one of its senior members warned Thursday. The so-called SWIFT agreement between the European Union and US goes before a crucial committee vote next week. ...read full article

Alberta’s privacy czar must justify delays, court rule



EDMONTON — Alberta’s highest court says the province’s backlogged Information and Privacy Commissioner can no longer take “routine extensions” in privacy cases, a decision that extends to complaints under health and access-to-information laws. ...read full article

EPIC Urges FTC to Protect Users’ Privacy On Cloud Computing and Social Networking Services



EPIC submitted comments to the FTC prior to the agency’s second privacy roundtable. EPIC warned of the ongoing privacy risks associated with cloud computing and social networking privacy, highlighting the Google cloud computing complaint and Facebook privacy complaint filed by EPIC in 2009. The comments note that the FTC has failed to take any meaningful action with respect to either complaint, demonstrating the Commission’s “lack of leadership and technical expertise.” EPIC’s comments also draw attention to the success of international privacy initiatives, in hopes of encouraging the FTC to take meaningful action to protect American consumers. For more information, see EPIC: Cloud Computing and EPIC: Social Networking Privacy. ...read full article

Girl, 16, rejected by mum after leak of medical details



A sixteen-year-old is an outcast from her devout Catholic family who have branded her a ‘murderer’ after a nurse allegedly broke medical confidentiality and told them about her secret abortion. ...read full article

Expert sees security issues with the iPad



Apple's new iPad device looks like it will have some of the same security issues that affect the iPhone, such as weak encryption, a mobile security expert said on Thursday. ...read full article

Google invites attacks on Chrome



Google has launched an experimental programme to encourage external security researchers to find and report vulnerabilities in its browser. Borrowing from the Mozilla Foundation's 2004 Security Bug Bounty Program, $500 will be awarded for each bug found. In special cases, a committee will decide whether to increase the amount to a maximum of $1,337 – however, this reward is only for vulnerabilities which are particularly critical, or particularly smart reports on vulnerabilities and their exploitation. ...read full article

Most companies fail to manage data, study reveals



Less than 77% of organisations have established policies that cover electronics records, according to a report by information services firm Iron Mountain. ...read full article

Advance-fee fraud scams rise dramatically in 2009



IDG News Service - People around the world continue to be duped by advance-fee frauds, with one Dutch private investigation company estimating the highest ever annual losses occurred in 2009. ...read full article

Stolen Twitter accounts can fetch $1,000



IDG News Service - According to researchers at Kaspersky Lab, cybercriminals are trying to sell hacked Twitter user names and passwords on-line for hundreds of dollars. ...read full article

Many voice encryption systems easily crackable



Updated. A vast majority of voice encryption products are seriously flawed, according to controversial tests by an anonymous hacker. ...read full article


January 28, 2010


Cybersecurity Chief Confronts Google Attack, Cloud Security


New to the job, Howard Schmidt's priorities include developing an organized response to attacks on American systems, private-public partnerships, and R&D.


The nation's new cybersecurity coordinator, Howard Schmidt, says the task of overseeing government-wide computer security has been "non-stop" in his first two weeks on the job. ...read full article

Facebook Tool Could Be Exploited By Cyber-Bullies


A recent Facebook feature can be exploited to be a cyber-bullying tool in the wrong hands, a security vendor warns.


Facebook's new feature – "reply to this e-mail to comment on this status" – gives attackers a way to post messages on other people's Facebook pages, according to a blog by security vendor F-Secure. ...read full article

Prominent tech blog TechCrunch hacked



A leading technology blog, TechCrunch, was temporarily commandeered by a hacker who managed to place a message that linked to a site offering adult material. ...read full article

4 Arrested In Alleged Plot To Wiretap Senator's Office



A conservative activist who posed as a pimp to target the community-organizing group ACORN and the son of a federal prosecutor were among four people arrested by the FBI and accused of trying to interfere with phones at Louisiana Sen. Mary Landrieu's office. ...read full article

Anatomy Of A Targeted, Persistent Attack


New report provides an inside look at real attacks that infiltrated, camped out, and stole intellectual property and proprietary information -- and their links to China


A new report published today sheds light on the steps ultra-sophisticated attackers take to gain a foothold inside governments and company networks and remain entrenched in order to steal intellectual property and other data. The bad news is these attacks -- including the recent ones on Google, Adobe, and other companies -- almost always are successful and undetectable until it's too late. ...read full article

Cost of UK data breaches up 7% in 2009



he cost of UK data breaches has increased 7% in the past year and 36% in the past two years, the latest annual study by the Ponemon Institute has revealed. ...read full article

Congressional Web sites hacked near Obama speech



IDG News Service - More than two dozen Congressional Web sites have been defaced by the Red Eye Crew, a group known for its regular attacks on Web sites. ...read full article

Cyber Terrorists Target U.S. Oil Industry


Three of the world's largest U.S.-based oil and natural gas companies were hoodwinked by an extremely sophisticated malware attack designed to steal key proprietary data related to the whereabouts of new oil reserves.


Senior executives at ExxonMobil, ConocoPhillips and Marathon Oil in 2008 fell victim to a what security experts called "tenacious" and "clever" cyber attacks that exposed some of the oil titans' most critical intellectual property. eSecurity Planet explains who was responsible for the attacks and what implications this new form of corporate espionage has for all U.S. companies. ...read full article

Private data of 8,600 Ont. teachers compromised



Laptops containing sensitive records belonging to thousands of Ontario teachers have been stolen, CBC News has learned. ...read full article

UCSF says laptop with 4,400 patient records stolen, then recovered



UC San Francisco said Wednesday that a laptop containing files with information on 4,400 patients was stolen from a UCSF School of Medicine employee on or about November 30. ...read full article

Medicare cards could pose identity theft risk



Trips to the doctor could be exposing millions of Americans to identity theft because Medicare cards display recipients' full nine-digit social security numbers. ...read full article

Former Linden man accused of identity theft, $270K loan scam



LINDEN -- A former Linden resident was arrested this week and accused of using another man’s identity to secure $270,000 in loans, authorities said. ...read full article

Miami man gets 22 years for Medicare fraud



MIAMI (AP) - A Miami man who authorities say used his chain of clinics in a Medicare fraud case has been sentenced to 22 years in prison. ...read full article

Social Security numbers visible in mail?



The University of Missouri-Columbia has notified students that a recent mailing inadvertently may have revealed Social Security numbers through the envelope window. ...read full article

Canada to probe Facebook privacy



Canada's privacy commissioner has started a second investigation into social networking site Facebook. ...read full article

Hard Driver Thefts Cost Tennessee Insurer $7 Million



BlueCross BlueShield of Tennessee says the theft of computer hard drives containing personal information on hundreds of thousands of members has already cost the insurer more than $7 million. ...read full article

Seattle court worker charged with id theft



A week after her alleged conspirators were charged, federal prosecutors have a Seattle Municipal Court employee with bank fraud and identity theft. ...read full article

You may already be a loser: Text message scams spread



Text this message: Your cell phone could be sending you the latest identity theft scam. ...read full article

10 years in prison for a Twin Cities thief named Steele



Donald Steele Jr. did just that -- steal. ...read full article

Illinois agent, agency lose licenses for impersonating regulators



An Illinois agent and his agency have lost their licenses to do business in the state and must pay a $100,000 fine for distributing fraudulent letters on stationary appearing to be that of the state’s department of insurance. ...read full article

California surgeon faces up to 166 years in jail for bilking insurers



A California physician could be sentenced to 166 years in prison after his conviction for defrauding insurance companies by billing cosmetic work as “medically necessary” procedures. ...read full article

250,000 White House Staffers, Visitors Affected by National Archives Data Breach



A data breach at the National Archives and Records Administration is more serious than previously believed. It involved sensitive personal information of 250,000 Clinton administration staff members, job applicants and White House visitors, as well as the Social Security number of at least one daughter of former Vice President Al Gore. ...read full article

Attempted hacker attacks in healthcare on the rise



ATLANTA – The information security service SecureWorks, which protects 82 healthcare companies in the United States, reported Tuesday that attempted hacker attacks aimed at its clients doubled in the fourth quarter of 2009. ...read full article

Study: Of All Breaches, Those Caused by Hacking Are the Costliest



The cost of data breaches rose slightly last year, but breaches resulting from computer hacking incurred by far the highest losses, according to a new report from privacy and data-security research firm Ponemon Institute LLC. ...read full article

Japanese biometric border check no match for, um, tape


Caught sticky handed


Japan's million-dollar biometric immigration screening systems are still no match for a little ingenuity - and some tape. ...read full article

Identity Thieves Successfully Targeting Wealthy Victims, Study Says


Affluent individuals who live 'the good life' are 43 percent more likely to be victims, according to Experian


If you're a security pro, then you might think the most likely victims of identity fraud are those with the most poorly protected systems and the least knowledge of computer security. Identity thieves are drawn to the easiest targets, right? ...read full article

Phishing attacks account for more than one in two viruses



More than half (55.59 per cent) of all malware sent on email is an attempted phishing attack, according to analysis of malware in January 2010 by Network Box. ...read full article


January 27, 2010


PlayStation 3 hack released online



IDG News Service - Days after announcing he'd managed to hack Sony's PlayStation 3 console to run his own software George Hotz has released the exploit online. ...read full article

Report data breaches or risk tougher sanctions, warns ICO



The Information Commissioner's Office (ICO) has warned that organisations may face tougher sanctions if they fail to report security breaches that later come to light. ...read full article

TechCrunch hacked twice in 24 hours



Technology website TechCrunch has been hacked for the second time in 24 hours. ...read full article

Study confirms demise of the myth of attacks from within



Last year, network giant Verizon suggested that the 'attack from within' was more of a myth than a serious threat. A study by UK security services provider 7Safe in conjunction with the University of Bedfordshire underpins this suspicion. Of 60 incidents investigated, only 2% could be traced back to internal attackers. ...read full article

New attack against IE could expose all files on a victim's PC



Microsoft's popular Internet Explorer web browser suffers from several minor flaws, which, when combined, can allow an attacker to read all the files on a user's computer, according to researchers at penetration testing vendor Core Security Technologies. ...read full article

Phantom app risk used to bait scareware trap



Scareware scammers are staking advantage of rumours about an "unnamed app" that supposedly poses a security risk to Facebook users in order to trick users into sites slinging rogue security software packages. ...read full article


January 26, 2010


Man to plead guilty in Scientology cyber attacks



Los Angeles, California (CNN) -- A Nebraska man is expected to plead guilty next week to launching a cyber attack that shut down the Church of Scientology's Web sites, federal prosecutors said Monday. ...read full article


January 25, 2010


Beware Johnny Depp death hoax, says security firm Sophos



Bogus reports circulating on the internet, which claim that Johnny Depp has been killed in a drunken car crash in France, could be exploited by cybercriminals, warns security firm Sophos. ...read full article

Cybercriminals use China attacks on Google as lure



Cybercriminals are exploiting the recently announced China-based cyber attacks against Google and more than 20 other companies as a lure for carrying out further targeted attacks. ...read full article

Bank finally gets it right on fingerprints



It may be one of the shortest bills debated in the New Hampshire House of Representatives during this legislative session. The operative section of HB 299 consists of a single line: “(c) Reasonable identification shall not include finger prints.” ...read full article

China rejects accusations on Google hack, Internet freedom



IDG News Service - China on Monday dismissed accusations of any official involvement in hacking attacks on Google and other U.S. companies, adding to tension between the two countries over the issue. ...read full article

MoD staff leak military secrets on Facebook



Staff at the Ministry of Defence and the military leaked secrets on social networking sites and forums 16 times in the past 18 months. ...read full article

Chinese human rights sites hit by DDoS attack



IDG News Service - Five Web sites run by Chinese human rights activists were attacked by hackers over the weekend, as a separate row continued between Google and China over political cyberattacks. ...read full article

Infiltrating the Pushdo Botnet



It's very rare that we researchers get a chance to explore the inner workings of a botnet command and control server. Detailed insight into the botnet server or command component can give us valuable information about the motives of the botnet and possibly the bad guys behind it. But granting access to these command and control servers often depends on the will of the hosting providers. So what happened in this case? ...read full article

Phishing schemes are becoming sneakier in targeting doctors



A new round of e-mail scams looks like legitimate messages from trusted sources. How can physicians avoid becoming victims? ...read full article

Mother, son, plead guilty to ID theft



RIVERHEAD - Tonia Cheeseman, 64, of Ridge, and her son Michael Cheeseman, 42, of Shirley admitted in court that they used the personal information from files of Tonia Cheeseman’s employer to acquire lines of credit. Stolen identities included Suffolk County residents and residents of Florida where the Cheesemans had lived. ...read full article

SQL injections attacks exacerbated by work of ‘gray hat’ researchers



In this LastWatchdog guest blog post Phil Neray, Vice President of Security Strategy at database security vendor Guardium (which was acquired by IBM last November) focuses attention on SQL injection vulnerabilities and attacks — and why they remain a substantive threat. ...read full article

Ladbrokes, police probe data breach



Ladbrokes is investigating the loss of thousands of customer details from one of its databases, but is reassuring gamblers that the information did not include bank details or passwords. ...read full article

Slovak biker spat linked to rare destructive worm


Hi-tech equivalent of tyre-slashing spreads globally


A rare example of a destructive computer worm has been spotted on the web. ...read full article

Whirlpool allows old stains to linger on Kitchenaid.com site


Warnings put through spin cycle


Domestic appliance manufacturer Whirlpool has come under fire for failing to clean up a malware infection on one of its sites, months after it was notified of a problem by UK anti-virus firm Sophos. ...read full article

Too much info on social media aids ID thieves



More than half of adults 45 and older who are on social networks like Facebook could be in danger of becoming victims of identity theft or other crimes because they share too much private information, according to a study released today. ...read full article

Survey: Data breaches from malicious attacks doubled last year



Data breaches at U.S. companies attributed to malicious attacks and botnets doubled from 2008 to 2009 and cost substantially more than breaches caused by human negligence or system glitches, according to a new Ponemon survey to be released on Monday. ...read full article

Coldblooded Scam Targeted Mexicans



SAN ANTONIO (CN) - A 56-year-old Texan was sentenced to 65 months in federal prison for posing as an immigration agent to steal $95,000 from 80 unsuspecting victims by selling them phony documents. Several of his victims were ill and sought temporary visas to get medical treatment. One traveled from the interior of Mexico to Nuevo Laredo only to be denied admission and die on her way home, prosecutors said. ...read full article


January 22, 2010


China hacks used as lure for more targeted attacks


Spoofed e-mails detailing recent events spotted in targeted attacks, says F-Secure


Computerworld - Malicious hackers have begun using the recent cyberattacks against Google and more than 30 other companies as lures for launching even more targeted attacks, security firm F-Secure said in a blog post today. ...read full article

Music and film industry to fund 75% of anti-piracy campaign



The UK government says music and film producers will have to bear of the cost of clamping down on illegal file sharers on the internet. ...read full article

Baidu claims Register.com withheld support after hack


Chinese search engine says its domain registrar was slow to answer pleas for help after its site was hacked


Chinese search engine Baidu.com was stranded without technical support from its U.S. domain registrar immediately after being hacked last week, Baidu has alleged in its lawsuit against the registrar. ...read full article


January 21, 2010


UPDATE: State DMV Database Used for Marketing, Private Data Accessed, Suit Says



TEXARKANA - A federal lawsuit filed in the Texarkana Division of the Western District of Arkansas claims the Arkansas Department of Motor Vehicle database has been illegally used for marketing and it could affect anyone who has had an Arkansas driver's license since 2000. ...read full article

FBI Broke Privacy Laws, Says Justice Department Probe



The FBI repeatedly broke the law between April 2003 and November 2006 in its efforts to monitor telecommunications in line with counterterrorism objectives, a Justice Department investigation has found. A report released Wednesday by the Department's Inspector General, Glenn Fine, reveals that three major telecom companies — whose identities remain classified — contracted out six of their employees to the FBI, and provided the government with unchecked access to phone records without legal authority. Those employees worked in FBI office space with government investigators, and responded to more than 700 informal requests for information from the FBI, sometimes passed on verbally or on post-its. The employees gave agents access to some 3,500 telephone numbers, including call records from reporters, "calling circles" of individual suspects and others, the report says. ...read full article

UN issues call for international privacy agreement


Countering counter-terror powers


A UN watchdog has called for a new international agreement on privacy following a review of the expanding global array of surveillance measures and databases advanced by governments in the cause of counter-terrorism. ...read full article

Cough Up Or Go to Jail, Judge Says



MIAMI (CN) - A federal judge found Jamie Solow in contempt for refusing to disgorge more than $3.4 million in a securities fraud judgment after soaking elderly investors. The judge said Solow transferred millions of dollars in assets to his wife; he ordered his arrest if Solow does not cough up the money by Monday. ...read full article

Mortgage Broker Who Dumped Consumer Records Settles FTC Charges



A mortgage broker who discarded consumers’ personal financial records in a publicly- accessible dumpster paid a $35,000 civil penalty to settle Federal Trade Commission charges. ...read full article

New Twist On Counterfeit Check Scheme Targeting U.S. Law Firms



The FBI continues to receive reports of counterfeit check scheme targeting U.S. law firms. As previously reported, scammers send e-mails to lawyers, claiming to be overseas and seeking legal representation to collect delinquent payments from third parties in the U.S. The law firm receives a retainer agreement, invoices reflecting the amount owed, and a check payable to the law firm. The firm is instructed to extract the retainer fee, including any other fees associated with the transaction, and wire the remaining funds to banks in Korea, China, Ireland, or Canada. By the time the check is determined to be counterfeit, the funds have already been wired overseas. ...read full article

Controversial App Provides Background Checks On the Go



Online privacy is a constant and growing concern as the evolving landscape of Web sites and services erode the traditional expectations of privacy. A new app from BeenVerified is adding even more controversy to the privacy dilemma by enabling users to conduct background checks on anyone in a matter of seconds from their iPhone. ...read full article

Heartland Moves to Encrypted Payment System



Responding to its widely reported and massive data breach that took place a year ago, Heartland Payment Systems will be moving to an end-to-end encryption system for payment transactions, according to Chairman and CEO Robert Carr. ...read full article

UK: Confidential hospital records found at Norwich supermarket



Hospital records containing highly confidential information about vulnerable patients have been found outside a city supermarket by a member of the public. ...read full article

More Answers About Law Amending HIPAA Rules



This is the second part of a two-part article providing an introductory overview of the new HITECH law. The first part appeared in the January 1 issue and addressed HITECH in detail. Interpretation of this law is still evolving, and there are currently many unanswered questions. Nothing in this article should be construed as legal advice. ...read full article

FAQs About HIPAA and HITECH: What Physicians Need to Know



This is the first of a two-part article on the new HITECH law. Interpretation of this law is still evolving, and there are many unanswered questions. ...read full article

UK: Patient notes sent to wrong address



A FARMER was left "horrified" when personal and intimate details of a potentially fatal pregnancy complication for another woman were dropped through her letterbox. ...read full article

Man pleads guilty to fraud, identity theft



Salvatore Richard Caccavallo pleaded guilty in federal court in Missoula on Monday to wire fraud, aggravated identity theft and possession of stolen firearms, according to the U.S. Attorney’s Office. ...read full article

UK: Manchester police arrest 3 suspects in check counterfeiting, identity theft scheme



(KMOV)—Manchester police have arrested 3 suspects after a multi state check counterfeiting and identity theft scheme. ...read full article

Hospitals asked to report problems with e-health records


Some software is producing improper medication dosages, Grassley says


Computerworld - The ranking member of the U.S. Senate Finance Committee this week asked 31 hospitals and health-care systems to provide feedback on problems with computer systems associated with the government's efforts to incent the rollout of electronic health records (EHR). ...read full article

RockYou hack reveals easy-to-crack passwords



Analysis of the 32 million passwords recently exposed in the breach of social media application developer RockYou last month provides further proof that consumers routinely use easy to guess login credentials. ...read full article

80% of gov't Web sites miss DNS security deadline



Network World - Most U.S. federal agencies -- including the Department of Homeland Security -- have failed meet a Dec. 31, 2009, deadline to deploy new authentication mechanisms on their Web sites that would prevent hackers from hijacking Web traffic and redirecting it to bogus sites. ...read full article


January 20, 2010


Hundreds of Network Solutions Sites Hacked



Web site domain registrar and hosting provider Network Solutions acknowledged Tuesday that hackers had broken into its servers and defaced hundreds of customer Web sites. ...read full article

Mystery/Secret Shopper Schemes



The IC3 has been alerted to an increase in employment schemes pertaining to mystery/secret shopper positions. Many retail and service corporations hire evaluators to perform secret or random checks on themselves or their competitors, and fraudsters are capitalizing on this employment opportunity. ...read full article

Military contractors targeted in Chinese attacks, says F-Secure


Attacks followed apparent China-based hacks targeting Google, other tech firms


Computerworld - The targeted cyberattacks apparently originating in China that hit Google and more than 30 other companies late last year are now targeting some U.S. defense contractors, according to security vendor F-Secure. ...read full article

Security researcher IDs China link in Google hack


The code behind the attack, called Aurora, was written in 2006


IDG News Service - The malicious software used to steal information from companies such as Google contains code that links it to China, a security researcher said Tuesday. ...read full article

How to secure Internet Explorer: four tips to protect web browsing



With some governments warning people to stop using Internet Explorer (IE) until Microsoft patches the latest vulnerability in the software, here are four ways to protect web browsing in IE. ...read full article

EPIC, Privacy Groups Oppose Facebook “Beacon” Settlement



EPIC and other privacy groups sent a letter to the federal judge overseeing a class-action settlement against Facebook in California, opposing the settlement as unfair and unreasonable. As proposed, the settlement does not provide any benefit for Facebook users whose private data was illegally exposed by Facebook “Beacon.” ...read full article

Ca: Privacy complaint filed against youth-oriented social networking site Nexopia



Canada’s privacy commissioner should investigate how a youth-oriented social networking site uses the personal information of its members, an Ottawa-based consumer advocacy group said Tuesday. ...read full article

German DPA Fines Drugstore Chain €137,500 for Illegal Collection of Health Data



On January 11, 2010, the data protection authority of the German federal state of Baden-Wurtemberg issued a press release stating that it had fined the Müller Group €137,500 for illegal retention of health-related data and failure to appoint a Data Protection Officer. ...read full article

Classmates Says It Will Prostitute Your Info To Other Sites



Pete forwarded us an email from the social networking site Classmates, which apparently is attempting to stay relevant by spreading your information around the internet to sites people actually visit. At least users can opt out. ...read full article

Three charged in Miami area mortgage fraud allegations



In the following press release Jeffrey H. Sloman, United States Attorney for the Southern District of Florida, Michael K. Fithen, Special Agent in Charge, U.S. Secret Service, Miami Field Office, and Al Lamberti, Sheriff, Broward County Sheriff’s Office, announced that Jerry Arthur Riggs, Jacqueline Lopez, and Novelette “Faye” Hanse, all of Broward County, Florida, were charged in a nine count Indictment in connection with their participation in a mortgage fraud scheme. The case has been assigned to U.S. District Court Judge Kenneth A. Marra in West Palm Beach, Florida. The defendants made their initial appearances this morning before U.S. Magistrate Linnea R. Johnson. ...read full article

FBI Director to chronicle the evolution of cyber threats at RSA Conference 2010



Robert Mueller, Director of the Federal Bureau of Investigation, will deliver a keynote address at RSA Conference 2010 RSA Conference 2010. Mueller’s keynote will detail cyber threats through the years – from criminal threats like computer intrusions and identity theft to the use of the Internet by extremists and hostile foreign powers. ...read full article

Virus attack hits Vista machines, cripples university network



A massive virus attack has hit the University of Exeter resulting in the entire network being shut down both by the virus and the network staff in an attempt to protect the infrastructure. ...read full article

Windows hole discovered after 17 years - Update



Microsoft isn't having an easy time of it these days. In addition to the unpatched hole in Internet Explorer, a now published hole in Windows allows users with restricted access to escalate their privileges to system level – and this is believed to be possible on all 32-bit versions of Windows from Windows NT 3.1 up to, and including Windows 7. While the vulnerability is likely to affect home users in only a minor way, the administrators of corporate networks will probably have their hands full this week. ...read full article

Beach nurse gets 2 years for identity theft



Calling the crime "very disturbing," a federal judge sentenced a nurse to two years in prison after she admitted stealing the identities of several patients, some suffering from dementia, and going on a $14,000 shopping spree. ...read full article

Cardiff 'is identity theft capital'



Cardiff is the UK's card fraud capital, new research has revealed. ...read full article

Taken to the Cleaners



A study from Credant Technologies finds clothes dropped off at the dry cleaners are often filled with forgotten USB sticks. ...read full article


January 19, 2010


National Center for Disaster Fraud to Coordinate Haitian Fraud Complaints



The FBI and the National Center for Disaster Fraud (NCDF) have established a telephone hotline to report suspected Haitian earthquake relief fraud. The number is (866) 720-5721. The phone line is staffed by a live operator 24 hours a day, seven days a week. You can also e-mail information directly to disaster@leo.gov. ...read full article

3rd Circuit Panel Mulls if Teen 'Sexting' Is Child Pornography



As the nation's first case involving criminal prosecutions of teenagers for "sexting" made its way to a federal appeals court in Philadelphia, all three judges seemed skeptical of the prosecutor's claim that child pornography laws are violated when a teen transmits a nude image of herself. ...read full article

France, Germany Say Stop Using Internet Explorer 6



December's "Operation Aurora" cyber attack from China, which Google disclosed last week, has prompted French and German information security organizations to recommend against the use of Internet Explorer 6, at least until a patch is released to address the vulnerability. ...read full article

Google Hack Leaked to Internet; Security Experts Urge Vigilance



The code that was used to hack Gmail accounts in China is now publicly available on the Internet, and security experts are urging computer users throughout the world to be highly vigilant until a patch can be developed. ...read full article

Gmail of foreign journalists in China hijacked


Google says cyberattacks have also recently targeted the Gmail accounts of Chinese human rights activists


he Gmail accounts of foreign reporters in at least two news bureaus in Beijing have been hijacked, a journalists' group in China said Monday. ...read full article

Government personal data handling has improved, says report



Measures put in place by the Government to better protect individuals' personal data have been successful but more work is needed, according to the first annual internal report due under the new regime. ...read full article

ContactPoint database suffers 'serious' security breaches during trial phase



The controversial database containing personal details of all 11 million children in England has suffered at least four security breaches even before its nationwide launch. ...read full article

Theft of Goodwill safe raises identity theft concerns



In Kent County, the investigation continues into the theft of a safe from a Goodwill location in Kent County. ...read full article

Video: Clickjacking exploit used to hijack Facebook accounts



A security researcher has discovered a vulnerability in Facebook that could allow a hacker to hijack a user's account. ...read full article

Fixing Flores: Assuring Adequate Penalties for Identity Theft and Fraud



This Backgrounder proposes statutory language fixes to federal identity theft and aggravated felony language in 18 U.S.C. §§ 1028 and 1028A to reverse the practical implications of the May 2009 Supreme Court ruling in Flores-Figueroa v. United States.1 Flores crippled prosecutors’ longstanding practice of using the aggravated identity theft statute by requiring that prosecutors now also prove that a defendant knew he was using a real person’s identity information, as opposed to counterfeit information not connected to an actual person. The statute is an important tool for immigration enforcement. Proving a defendant’s knowledge about his crime is always difficult, and impossible in some cases, even where there is substantial harm and clear victims. This is especially the situation with illegal aliens who buy identity information from third parties. The inevitable result of the Flores decision is to enable perpetrators an easy defense and to tie prosecutors’ hands. The defendant in the case was an illegal alien working at a steel plant in Illinois. ...read full article

FBI broke law for years in phone record searches



The FBI illegally collected more than 2,000 U.S. telephone call records between 2002 and 2006 by invoking terrorism emergencies that did not exist or simply persuading phone companies to provide records, according to internal bureau memos and interviews. FBI officials issued approvals after the fact to justify their actions. ...read full article

City staff's private info sent out with water bills



A list of the names and Social Security numbers of employees of the City of Oakridge was sent out with monthly water bills in this town of about 1,400 households. ...read full article

Three lessons for businesses from the Google attack


Companies need to reevaluate security to handle advanced cyberattacks


The cyberattacks against Google and more than 30 other technology companies by adversaries operating out of China highlights what some call the Advanced Persistent Threat (APT) confronting a growing number of U.S commercial entities. ...read full article

Hackers are defeating tough authentication, Gartner warns



Security measures such as the use of one-time passwords and phone-based user authentication -- considered among the most robust forms of IT defenses -- are no longer enough to protect online banking systems against fraud, a Gartner Inc. report warns. ...read full article

Health Net's missing drive could cost it millions


Connecticut HIPAA lawsuit over lost records


US healthcare corporation Health Net kept quiet for 6 months about a lost disk drive, exposing 1.5 million of its members to identity theft. It is now being sued. ...read full article

Convicted identity thief arrested on new fraud charges



A rural Streator woman, who previously served prison time for identity theft, has been arrested by Livingston County Sheriff authorities on new criminal charges. ...read full article

Poisoned PDF pill used to attack US military contractors


Yet more cyber-espionage shenanigans


Unidentified hackers are running an ongoing cyber-espionage attack targeting US military contractors ...read full article

HMRC fraud warning emails baited by phishers


Spotting scams doesn't have to be taxing


UK taxpayers were targeted by a tax fraud scam mail run late last week. ...read full article

Palestinian hackers deface Jewish Chronicle


Hacktivists protest Gaza blockade


The Jewish Chronicle website was defaced over the weekend by hackers calling themselves the "Palestinian Mujaheeds" who posted a rant against Israel's blockade of the Gaza Strip. ...read full article

Search warrant nets fraud charge, pot bust for California couple



A California husband and wife were arrested recently during an auto insurance fraud bust at two of their residences that also turned up 131 pounds of suspected marijuana. ...read full article

Florida officials searching for fake GEICO agent



Officials in three Florida counties are searching for a 21-year-old man who falsely claimed to work for GEICO, selling fictitious insurance documents. ...read full article

Man masquerading as fashion model bilks wealthy men



The police sought a person who claimed to be Bree Condon and who had bilked thousands out of men in an online scam. They were surprised to meet Justin Brown. ...read full article

More than 60 people arrested in connection with fraudulent check ring



More than 60 people have been arrested in connection with a fraudulent check ring that stole almost $500,000 from area banks and business, authorities said. ...read full article

Zain Seeks Help in War On Mobile, Internet Fraudsters



Mobile service provider Zain has issued a global appeal for more information on fraudsters who are using its brand name in order to obtain money ...read full article


January 15, 2010


Google Hack Attack Was Ultra Sophisticated, New Details Show



Hackers seeking source code from Google, Adobe and dozens of other high-profile companies used unprecedented tactics that combined encryption, stealth programming and an unknown hole in Internet Explorer, according to new details released by researchers at anti-virus firm McAfee. ...read full article

Pizza delivery man cops to life in DarkMarket


Ran 'eBay for criminals' from net cafe


A former London pizza delivery man faces a 10-year prison sentence after admitting he helped found the notorious DarkMarket forum for computer crime, several news sites reported. ...read full article

False Moscow CCTV feed scam leads to fraud charges



The discovery that some CCTV cameras around Moscow streamed prerecorded images, instead of live pictures, has resulted in criminal charges against StroyMontageService, the firm that maintained the network. ...read full article

Iraqi weapons inspector accused in online sex sting


Facing seven years


A former head of UN weapons inspections in Iraq has been charged with child sex offences after being caught in an online sting. ...read full article

Oaklyn man gets 27-month term for identity theft



An Oaklyn man was sentenced yesterday to 27 months in federal prison for stealing identities to swindle nine banks. ...read full article

More charges, suspects in ID theft ring



An identity theft ring uncovered in Oswego last year involved more than just thefts in Kendall County ...read full article

Eastern students may be victims of identity theft


Many students report damage done to credit


Eastern is not immune to identity theft. Jackie See, financial health coordinator for the Health Education Resource Center, said she has spoken to students with thousands of dollars of damage done to their credit caused by identity theft. ...read full article

Former Thief Says Identity Theft is Easier Than You Think



News Channel 13Wham recently interviewed former identity thief convict, Dan DeFelippi, who testified to the fact that identity theft is a lot easier than you might think. ...read full article

Connecticut AG sues Health Net over security breach



Connecticut Attorney General Richard Blumenthal filed a lawsuit against Health Net of Connecticut, alleging the company failed to secure patient medical records and financial information prior to a security breach. ...read full article

Lincoln National Discloses Breach Of 1.2 Million Customers


Shared-password vulnerability may have exposed personal information in online account management system


...read full article

NY Bank Suffers Online Breach


8300+ Customers Compromised by Hack


A Long Island, NY bank announced this week that more than 8,300 of its online banking customers had their log-in credentials stolen in a data breach that occurred last November. ...read full article

Credit-card thieves sought in connection with Target shopping spreee



Avondale police need the public's help finding two burglars who went on a post-Christmas shopping spree using stolen credit cards. ...read full article

Tax season brings more sophisticated scams



It's tax season, and that means IRS-related phishing scams are ramping up. ...read full article

Soon, security system for touch screens to ward off shoulder surfers



New touch screen phones may soon be equipped with a system to stop 'shoulder surfers' from spying your secret pass codes, thanks to computer scientist who developed the technology. ...read full article

Houston woman gets prison for $1M computer fraud



A Houston woman who worked for a New Orleans mortgage lender has been sentenced to 30 months in federal prison for stealing more than $1 million from the company. ...read full article

Conficker worm still spreading, Akamai says


Russia and Brazil replaced China and the U.S. as the top two sources of attack traffic, according to Akamai's State of the Internet report


...read full article

Haiti earthquake themed blackhat SEO campaigns serving scareware



Cybercriminals quickly mobilized following the news of a massive earthquake that hit Haiti on Tuesday, by introducing several hundred compromised domains embedded with bogus blackhat seo (search engine optimization) content related to Red Cross donations and general Haiti earthquake relief information. ...read full article

Woman reports identity theft



WINNECONNE – A 57-year-old Winneconne woman reported to police on Jan. 6 that someone had used her identity to purchase energy from a Texas company. ...read full article

Romanian faces five years in prison for phishing scheme



A Romanian national pleaded guilty on Thursday to a charge related to a phishing operation that sought to defraud customers of banks such as Citibank and Wells Fargo, and of Web sites such as eBay. ...read full article

UK defendants await sentencing in carding scheme


Part of DarkMarket fraud ring that bought and sold stolen credit cards online


...read full article

Cybercriminals revive old scams to target smartphones



As mobile phones get more sophisticated, hi-tech criminals are dusting off some old tricks. ...read full article

Microsoft admits Explorer used in Google China hack



Microsoft has admitted that its Internet Explorer was a weak link in the recent attacks on Google's systems that originated in China. ...read full article


January 14, 2010


McKinnon wins review of extradition for hacking



Self-confessed hacker Gary McKinnon has been granted a reprieve from extradition to the US where he faces up to 70 years in jail for hacking federal and Pentagon computers. ...read full article

Perinton Mail Theft Leads to Identity Theft



Perinton, N.Y. -- Thieves used information stolen from a Post Office to create and cash forged checks to the tune of $75,000. ...read full article

Man gets 8 to 16 years for drugs, ID theft



John McManus, 37, of 103 Persimmon Drive, Delaware Township pled guilty to various drug and identity theft charges on January 11 at the Pike County Courthouse in Milford. ...read full article

Four women held in San Jose identity-theft scheme, DA's office says



A team of South Bay authorities said they arrested four women suspected of stealing the identities of at least 100 victims in a ring headquartered at a Days Inn in San Jose. ...read full article

Dodgy Haiti earthquake-themed domains point to scams



With sad inevitability, fraudsters have rushed to register the Haiti earthquake-themed scam URLs in the wake of Tuesday's natural disaster in the impoverished Caribbean country ...read full article

Viruses may target social networks



Social networkers of the world, it's time to amp up your security software and put on your cynical cap before clicking on friend requests and links to "funny videos." Facebook and Twitter will be the top targets for cyber attacks in 2010, according to several security firms. ...read full article

BlueCross data theft exposes more than 220,000 customers



Just calling BlueCross BlueShield of Tennessee for claim or policy information could have exposed 220,000 customers to a breach of their most-sensitive data, company officials said Wednesday. ...read full article

Phoenix business owner gets 6 months in fraud case



An Anthem man who was arrested as part of an employer-sanctions investigation was sentenced to six months in jail. ...read full article

China affirms control over Internet



BEIJING: China told companies to cooperate with state control of the Internet on Thursday, showing no sign of giving ground on censorship after U.S. Internet giant Google threatened to quit the country. ...read full article

Law firm in Green Dam suit targeted with cyberattack



The law firm representing a U.S. company involved in a legal dispute over China's Green Dam censorship software says it was targeted with a sophisticated online attack this week, similar to the one reported by Google Tuesday. ...read full article

IRS: Watch out for online identity theft during tax time



The Internal Revenue Service is urging consumers to protect themselves against online identity theft and other scams this tax-filing season. ...read full article

18,000 pay statements sent to wrong addresses



Pay statements containing names and sensitive information about the finances of about 18,000 recipients of a special pay for disabled retirees were sent to wrong addressees last week, the Defense Finance and Accounting Service said Jan. 14. ...read full article


January 13, 2010


Health care: A 'goldmine' for fraudsters



There's a group of people who really love the U.S. health care system -- the fraudsters, scammers and organized criminal gangs who are bilking the system of as much as $100 billion a year. ...read full article

Indianapolis man 1st to be prosecuted under computer-extortion law



A 28-year-old Indianapolis man was sentenced today to two years in state prison for trying to extort $208,00 from an insurance company after stealing a computer server. ...read full article

Lethic botnet knocked out by security researchers


Zombie network taken down


The command-and-control servers of the Lethic botnet have been taken out following a spam-busting collaboration between security firm Neustar and ISPs. ...read full article

Google may quit China over cyber-attacks


Firm vows to stop censoring search results after Gmail accounts are hacked


Google Inc. will stop censoring its search results in China and may pull out of the country completely after discovering that computer hackers had tricked human-rights activists into exposing their e-mail accounts to outsiders. ...read full article

'Sandwich attack' busts new cellphone crypto


Kasumi cipher cracked (in theory)


A new encryption scheme for protecting 3G phone networks hasn't even gone into commercial use and already cryptographers have cracked it - at least theoretically. ...read full article

The Legal Thicket of Federated Identity Management



With the Obama Administration, FTC, GSA, and many industry groups all making online identity management a top priority, it is also time to consider the legal risks -- particularly with respect to federated identity management, a system in which third parties take over the time-consuming and expensive task of identifying, verifying and authenticating users. ...read full article

Sidestepping Swindlers in the New M-Commerce Frontier



With the growing popularity of smartphones, mobile commerce is taking off, but consumers need to play closer attention to mobile safety. ...read full article

Report reveals hacking to be top cause of data breaches in 2009



Although the total number of reported data breach incidents fell year over year in 2009, the number of compromised records was still estimated at over 222 million. ...read full article

New York bank admits intruder accessed online banking



More than 8,000 online customers at New York bank Suffolk Bankcorp were impacted by an intruder getting into its IT system, the bank admitted yesterday. ...read full article

30% of workers sending confidential data



Nearly a third (30 per cent) of employees send confidential and/or sensitive data as a normal email attachment or unsecured in the body of an message, a study has indicated. ...read full article

Kaiser patient data swiped from employee's car



Kaiser Permanente this week began sending letters of apology notifying 15,500 members in Northern California that an electronic data storage device containing their health information was stolen from an employee's car early last month. ...read full article

UK: ICO to fine firms up to £500,000 for data breaches



Firms that incur serious data breaches could be fined up to £500,000 when new statutory guidelines come into force on 6 April. ...read full article

California agent loses license after forgery, grand theft charges



The California Department of Insurance has revoked the license of an agent accused of fraud, forgery and grand theft involving senior citizens. ...read full article

Adobe Confirms 'Coordinated, Sophisticated' Cyber Attack



In an attack described as “sophisticated” and “coordinated,” Adobe said its corporate network systems were breached by hackers. ...read full article

Missouri's Sex Offender Laws Unconstitutional



JEFFERSON CITY, Mo. (CN) - A split Missouri Supreme Court found unconstitutional two laws governing where convicted sex offenders can live and what they can do on Halloween night. The 4-3 ruling addressed laws enacted in 2004 and 2008. ...read full article


January 12, 2010


Group behind Twitter hack takes down Baidu.com



IDG News Service - The group that took down Twitter.com last month has apparently claimed another victim: China's largest search engine Baidu.com. ...read full article

Fake Amazon email ships malware



The image of an open Amazon delivery box has a prominent place in the latest spam campaign that aims to trick users into downloading an alleged order update coming from the dot com giant. ...read full article

Google yanks suspect banking apps from Android Marketplace



A programmer who calls himself 09Droid has illuminated security concerns sure to come into sharper focus as the tech giants and the financial services industry make their move to extend Internet banking to mobile devices. ...read full article

Missing Copier Led to $14M, Company Says



HOUSTON (CN) - When a copy machine went missing, an oil services company says, it hunted it down to a property owned by the son of one of its accountants. After firing her and sifting through her computer records, Davis-Lynch claims, it found that the family had embezzled more than $14 million. ...read full article

Google blames 'human error' for data leak



Google is apologizing after it mistakenly e-mailed potentially sensitive business data last week to other users of its business listings service. ...read full article

Nebraska bill would let stores scan driver's licenses



ow the only state that doesn't allow information to be scanned from drivers' licenses, Nebraska may soon let store clerks do more than just look at them when selling alcohol, tobacco and lottery tickets. ...read full article

Au: Vinnies 'misused' donor data



THE St Vincent de Paul Society has been accused of breaching public trust and aspects of the Privacy Act after entering into an agreement that allowed one of the world's largest data companies to gather information through a Christmas mail-out from the charity. ...read full article

False Facebook charge group used to spread malware



A false rumour suggesting that Facebook is to start charging is being used to bait malware traps. ...read full article

Philippines Investigates Hacks Of Multiple Government Sites


Political motives suspected in defacement of high-profile sites


Officials in the Philippines are investigating a series of incidents in which five different government Websites were hacked in less than a month. ...read full article

Identity Thieves Target Big Banks



PHOENIX -- If you have an account at a major bank, chances are you may have been put at risk for identity theft, according to members of the Merchants Identity Theft Advisory Board. ...read full article

N.Ky. Legal Secretary Sentenced 2 Years For Identity Theft



COVINGTON, Ky. — Lisa Michaele Matz, 40, of Villa Hills, Ky., was sentenced Monday by United States District Court Judge Danny C. Reeves to two years in prison for committing aggravated identity theft. ...read full article

ID theft protection among new laws for 2010



A law expected to make it more difficult for identity thieves to strike and one that will allow independent cab drivers to gain workers' compensation benefits are among the new state laws going into effect this year. ...read full article

Suspects jailed in $30,000 Novato identity theft case



Two San Rafael residents appeared in court Monday on charges they used a Novato couple's personal information to buy $30,000 in merchandise and travel, authorities said. ...read full article

Man accused of forging 172 checks



GLOVERSVILLE - A city man was arrested after police said he forged checks and stole nearly $200,000 from an elderly woman living in a nursing home. ...read full article


January 11, 2010


2009 Data Breaches: Identity Theft Continues



The Identity Theft Resource Center® Breach Report recorded 498 breaches, less than the 657 in 2008, more than the 446 in 2007. Are data breaches increasing or decreasing? That is the question no one can answer. This fact will not change until there is a single data breach list requiring mandatory public reporting. With some breaches not being reported publicly, and some state Attorneys General not allowing public access to reported breaches, we doubt that anyone is in a position to answer the question above. When we allow laws to be created requiring breach reporting but not disclosure, and provide minimal enforcement or penalty for non-compliance, we can expect a lack of public disclosure. Counting breaches becomes an exercise in insanity. ...read full article

Two to be sentenced in identity theft scheme that hit N.J. banks



NEWARK -- Two men who admitted participating in an international identity theft scheme targeting home equity lines of credit at banks in New Jersey and several other states are scheduled to be sentenced today in federal court. ...read full article

S. Ill. woman gets 4 years for identity theft



January 10, 2010 (EAST ST. LOUIS, Ill.) -- A southwestern Illinois woman charged with stealing identities while working as a restaurant manager has been sentenced to four years in prison. ...read full article

Nineteen Indicted in Massive Cybercrime Conspiracy



DALLAS—A federal grand jury in Dallas returned a superseding indictment this week charging 19 defendants in a massive cybercrime conspiracy, announced U.S. Attorney James T. Jacks of the Northern District of Texas. This indictment supersedes a September 2, 2009, indictment that charged nine of the defendants in the conspiracy. ...read full article

E-statements plugged as solution to mail fraud



Mail fraud and identity theft like that clamped down on by NSW Police this week could be eliminated if bank customers opt for electronic-statements, according to a security analyst. ...read full article

Customers alerted to BlueCross data breach


Chattanooga Times Free Press, Tenn.


(Chattanooga Times (TN) Via Acquire Media NewsEdge) Jan. 10--Customers of Chattanooga-based insurer BlueCross BlueShield of Tennessee slowly are being notified by mail of a potential breach of their personal information. ...read full article

Ex-UCLA researcher pleads guilty to record breach



A former UCLA School of Medicine researcher pleaded guilty to reading confidential medical records of celebrities, high-profile patients and his co-workers in federal court on Friday. ...read full article

Rogue anti-virus software targets Google Groups



Google discussion groups are being hit by messages linking to rogue anti-virus software, security firm Webroot has warned. ...read full article


January 8, 2010


TSA Nominee Runs Into Flak Over Improper Database Access



The improper use of a federal database two decades ago by Erroll Southers, the White House nominee to be administrator of the Transportation Security Administration (TSA), has caught the attention of GOP lawmakers. ...read full article

768-bit RSA cracked



Researchers have decomposed a 768-bit number with 232 decimal places into its two prime factors and published a paper with their results. The number is the string released as "RSA-768" under the now defunct RSA Challenge. As a result, RSA encryptions with 768-bit keys must, from now on, be considered cracked. ...read full article

OH: Ninety-Month Sentence for Man Who E-Mailed Threats to a Columbus Company, Florida Legislator



Kyle Jeffrey Tschiegg, 39, of Sarasota, Florida was sentenced in United States District Court here today to 90 months’ imprisonment for e-mailing threats, including threats to cause a candidate to drop out of a race for statewide office in Florida; hacking into e-mail accounts of individuals and companies; and using stolen identity information to commit computer crimes. ...read full article

Hackers crack security on Eugene school employee info



EUGENE, Ore. -- Hackers breached the security a computer server containing the names, phone numbers and employee ID numbers of current and former Eugene School District employees, the district said Tuesday. ...read full article

UMC lacks way to log patients’ records


Health Division probe follows reported leaks of private data


University Medical Center has no system to track patient records, leading to numerous instances in which hospital paperwork containing Social Security numbers, birth dates and other private information goes missing, a state investigation has found. ...read full article

Heartland To Pay Up To $60 Million In Breach Settlement With Visa


A year after the big breach, Heartland is still paying for hack


Heartland Payment Systems and Visa today announced a settlement agreement that will allow issuers of Visa-branded credit and debit cards to recover some of the money they lost a year ago, when the payment processor was breached for approximately 130 million records. ...read full article

Springfield Man Pleads Guilty to Identity Theft



A Springfield man could spend 50 years in federal prison for passing bogus bills and identity theft. ...read full article


January 7, 2010


Cyber Attack Simulation Planned Next Month


A financial sector group aims to help organizations learn how to respond when hit with a cyber attack.


A financial services industry group is planning to simulate a series of cyber attacks to test how well banks, payment processors and retailers deal with online threats. ...read full article

National ID card linked to NI numbers, goverment says


The national identity card is linked to people's national insurance number, the government hasconfirmed.


Home secretary Alan Johnson said NI numbers are one of several data items that are part of the national ID card database but not the passport database. ...read full article

Michael Jackson fans hack Iranian president's website



Hackers attacked the website of Iranian president Mahmoud Ahmadinejad on Tuesday, redirecting visitors to a plea to God from a Michael Jackson fan. ...read full article

China Helped State-Backed Companies Steal Computer Code, U.S. Firm Says



LOS ANGELES (CN) - In "one of the largest cases of software piracy in history," the Chinese government helped two state-backed companies steal encrypted data from an Internet content-filtering program developed by a family-owned U.S. company and made more than $2 billion selling it with the help of manufacturing giants such as Sony and Toshiba, who "chose to turn a blind eye," Santa Barbara-based Solid Oak Software claims in Federal Court. China uses the program to spy on its people, according to the complaint. ...read full article

Hacker pilfers browser GPS location via router attack



If you're surfing the web from a wireless router supplied by some of the biggest device makers, there's a chance Samy Kamkar can identify your geographic location. ...read full article

Nevada and New Hampshire Data Security and Privacy Laws Take Effect



On January 1, 2010, two important state data security and privacy laws took effect in Nevada and New Hampshire. The laws create new obligations for most companies that do business in Nevada and for health care providers and business associates in New Hampshire. ...read full article


January 6, 2010


FTC Examining Cloud Computing


The agency wants its findings to be considered as the FCC formulates a National Broadband Plan.


In response to a Federal Communication Commission (FCC) Notice of Inquiry into how broadband and data portability issues relate to cloud computing, identity and privacy -- part of the FCC's effort to formulate a National Broadband Plan -- the Federal Trade Commission (FTC) said last month that it is examining the privacy and data security implications of cloud computing for consumers. ...read full article

HHS wants contractor to test privacy of 'anonymous' data


The challenge is to see whether "de-identified" data can be "re-identified"


Can personal medical data that has been stripped of its identifiers to protect privacy later be used to identify a specific person? That is the question that the Health and Human Services Department is hoping a research contractor can answer. ...read full article

Florida men charged with running multistate identity theft operation with victims in N.J.



BENSALEM, Pa. — Four Florida men have been charged with running a multistate identity theft operation out of a suburban Philadelphia motel room. ...read full article

New Attack Locates Web Users Via XSS, Google Data



The security researcher who created the MySpace XSS worm in 2005 has developed a technique that enables an attacker to accurately locate a Web user with GPS coordinates, without using IP-based geolocation. ...read full article

Kingston flash drives suffer password flaw



Kingston Technology has asked customers to return certain models of its DataTraveler secure flash drives for an update, following the discovery of a flaw in the memory sticks. ...read full article

Willimantic Resident Who Created Fake Identity is Sentenced



Nora R. Dannehy, United States Attorney for the District of Connecticut, announced that AMJAD IQBAL, also known as “Asif Ali,” 38, a citizen of Pakistan lawfully residing in the United States in Willimantic, Connecticut, was sentenced today by Senior United States District Judge Peter C. Dorsey in New Haven to two years of probation. On September 15, 2009, IQBAL pleaded guilty to one count of Social Security fraud. ...read full article

Hacker Hits Eastern Washington University


Colleges continue to be popular targets for hackers, with another 130,000 student records exposed.


Eastern Washington University this week is notifying more than 130,000 current and former students that their personal information -- including Social Security numbers and birth dates -- may have been accessed by a hacker sometime in the past year. ...read full article

FBI Investigating Online School District Theft



A New York school district has reverted to using paper checks after cybercriminals tried to steal about US$3.8 million from its online accounts just before Christmas, prompting an FBI investigation. ...read full article

Exclusive: Documents found in mall parking lot



PALISADES (WABC) -- Hundreds of documents with personal information like social security numbers were found in the parking lot of a popular mall. ...read full article

Atlanta man indicted on ID Theft and Short Sale fraud allegations



In the following press release from Sally Quillian Yates, Acting United States Attorney for the Northern District of Georgia it was announced that Brent Merriell, 37, of Atlanta, Georgia has been indicted by a federal grand jury on charges of aggravated identity theft and false statements to the FDIC, today waived his detention hearing today before United States Magistrate Judge Russell G. Vineyard, and has been immediately detained. The indictment charging Merriell was filed on December 15, 2009, and unsealed yesterday with his arrest. ...read full article

Internet pirates find 'bulletproof' havens for illegal file sharing



Internet pirates are moving away from safe havens such as Sweden to new territories that include China and Ukraine, as they try to avoid prosecution for illegal file sharing, according to experts. ...read full article


January 5, 2010


Man gets jail, fine in U.S. for identity theft



OTTAWA — An Ottawa man has been sentenced to jail in the U.S. and a fine of $5,000 for identity theft after he tried to cross the border with eight counterfeit credit cards and a counterfeit Quebec driver’s licence. ...read full article

Skimming Scams – Identity Theft Gets Sophisticated



Rochester, N.Y. – Identity thieves have been using more sophisticated devices, but now, a new state law targets thieves who use skimming devices, which are small and hard to spot. ...read full article

Man sentenced for identity theft, forgery



A man from Mexico will spend 81 days in jail for using another man's identity to gain employment in Orange City and Hospers, Iowa. ...read full article

Hackers switch Spanish PM for Mr Bean


kers have used a common website security weakness to deface awebsiteset up to mark Spain's six-month presidency of the EU.


An unidentified hacker succeeded in briefly replacing an image of Spain's leader Jose Luis Rodriguez Zapatero with one of fictional comic character Mr Bean. ...read full article

Thirteen people accused in forgery operation


As many as 100 people may be involved, police say


Thirteen people with ties to Salem have been arrested for their alleged involvement in a massive check forgery operation, and police said as many as 100 more people could face related charges. ...read full article

Does reasonable expection of privacy extend to your car’s wiring system?



Over on FourthAmendment.com, John Wesley Hall Jr. alerts us to an Ohio case involving GPS and the Fourth Amendment. In State v. Dalton, 2009 Ohio 6910, the court remanded the case because the lower court had not addressed Dalton’s claim that he had a reasonable expectation of privacy in his car’s wiring system and that the placement of a GPS device in his car’s wiring system by police was unconstitutional. ...read full article

Top 10 security nightmares of the decade


Remember when we didn't worry about cyberwar, botnets or phishing?


Blame the Internet for the latest decade of security lessons. Without it, you probably wouldn't even recognize the terms phishing, cybercrime, data breach, or botnet. Let's revisit the top security horrors of the past ten years, and try to remember what we learned from each. ...read full article

How to Tell the Difference Between a US Census Worker and a Con Artist



The 2010 Census is getting underway. The government is making every effort to get folks signed up. The forms will arrive in the mail and if you don't send it back in, expect someone to be knocking at your door - but be aware, you could fall for a scam. ...read full article

Fresno businessman sentenced to 70 months for identity theft



Alfred Ford of Fresno has been sentenced to five years and 10 months in prison and ordered to pay $91,721 in restitution for conspiracy to commit identity theft and access device fraud and aggravated identity theft. ...read full article


January 4, 2010


Kingston flash drives suffer password flaw



Kingston Technology has asked customers to return certain models of its DataTraveler secure flash drives for an update, following the discovery of a flaw in the memory sticks. ...read full article

DHS releases 2009 Data Mining Report



This report describes DHS programs, both operational and in development, that involve data mining as defined by the Federal Agency Data Mining Reporting Act of 2007. The report provides the detailed information required by the Act and includes updates on program modifications and other developments since the Department issued its 2008 Data Mining Report in December 2008. ...read full article


January 3, 2010


TSA turbulence grips Logan, nation


Lynn couple accused in airport ID theft case


A recent data breach at Logan International Airport involving a TSA contract worker, coming amid other high-profile Transportation Security Administration lapses, casts another cloud over a federal agency engulfed in turmoil. ...read full article

Data breaches affect million state residents



One million Massachusetts residents - or 1 in 6 people - have had their credit card numbers, medical records, or other personal information leaked or stolen over the past two years, according to records provided to the Globe by state officials. ...read full article


January 1, 2010


U.S. security rules would break privacy laws, Canadian airlines contend



Canada's major airlines say they will be forced either to break privacy laws or to ignore new American air security rules unless the federal government comes up with a response to U.S. demands for passenger information. ...read full article

'Monster' German employee database goes online



Under controversial new legislation, German employers must now submit data on their workers to a central information storage hub, affecting as many as 40 million employees throughout the country. ...read full article

Personnel files for Larch workers stolen


Records were in briefcase taken from manager’s car


The Washington Department of Corrections is investigating an incident in which a briefcase full of sensitive personnel records was stolen from the vehicle of a Larch Corrections Center manager early Monday morning. ...read full article


 

Contact Information

Center for Identity Management and
Information Protection
Dr. Donald Rebovich,
Executive Director
315.792.3231
drebovich@utica.edu
Utica College
1600 Burrstone Road
Utica, NY 13502