CIMIP - Center for Identity Management and Information Protection

September 2012 News Archive



September 28, 2012


Cyber Attacks on U.S. Banks Expose Tech Vulnerability



Cyber attacks on the biggest U.S. banks, including JPMorgan Chase & Co. (JPM) and Wells Fargo (WFC) & Co., have breached some of the nation’s most advanced computer defenses and exposed the vulnerability of its infrastructure, said cybersecurity specialists tracking the assaults. ...read full article

FTC Sues Hotel Operator Wyndham Worldwide Over Data Breaches



The Federal Trade Commission (FTC) is suing hotel company Wyndham Worldwide and three of its subsidiaries for security failures that resulted in three data breaches in less than two years. ...read full article

Hackers Attack Philippine Central Bank Site to Protest Cyber Law



Hackers attacked websites of the Philippine central bank and at least two other government agencies last night to protest a law against cyber crime set to take effect next week. ...read full article

Justice Department, IRS Seek to Avoid Tax Identity Theft



The U.S. Justice Department and the Internal Revenue Service are working to head off identity theft aimed at stealing people’s tax refunds when the filing season begins in January, the government’s top tax prosecutor said. ...read full article


September 27, 2012


FTC Refunds over 138,000 Victims of “Free” Goods Telemarketing Scam



Good news for the victims of the Sure Touch telemarketing scheme. The US Federal Trade Commission (FTC) has started sending out refund checks to 138,737 individuals who fell for the shady company’s “free” goods and services pitch. ...read full article

California Joins Ban on Employers Demanding Social Media Access



California today joined two other states making it a crime for employers and colleges to ask applicants or workers for their social media login information in order to access their private Web sites. The new laws -- one for companies and one for colleges -- go into effect Jan. 1, 2013. ...read full article

Halifax Bank Phishing Scam: Upward Review of Credit Limit



Emails entitled “Urgent Notification (Protect Your online Banking),” apparently coming from Halifax Bank, urge recipients to click on a link and update their online accounts. ...read full article

New FERC office to focus on cyber security



The Federal Energy Regulatory Commission (FERC) has created a new FERC office — Office of Energy Infrastructure Security (OEIS) — which will help the Commission focus on potential cyber and physical security risks to energy facilities under its jurisdiction ...read full article

Authorities identify Hoover woman charged with identity theft



FAIRFIELD, Alabama - Fairfield police today charged a Hoover woman after authorities say she stole a woman's identity and more than $21,000 over the past two years. ...read full article

Drones Subject to GPS Spoofing, Privacy ‘Abuses,’ GAO Report Warns



The Government Accountability Office is warning Congress that its push for drones to become commonplace in U.S. airspace fails to take into account concerns surrounding privacy, security and even GPS jamming and spoofing. ...read full article

ACLU forces government to reveal skyrocketing surveillance stats


Feds got more peoples' phone call records in last 2 years than previous 10.


Statistics obtained by the American Civil Liberties Union provides additional evidence that government surveillance of Americans has skyrocketed in recent years. The government is legally obligated to release reports about its surveillance activities, but it refused to do so until the ACLU sued to compel the production of the documents. ...read full article

Massive identity theft scheme busted



A Chilliwack woman is facing multiple charges after Mounties uncovered what they say was a complex identitytheft scheme operating out of a Yale Road house. ...read full article

Couple Gets 13 Years for Defrauding BP Oil Spill Trust Fund



MIAMI, Florida, September 26, 2012 (ENS) – A south Florida couple were sentenced today in Miami federal court for perpetrating a series of disaster-related fraud schemes, including the largest case of financial loss arising from claims filed in connection with the 2010 BP Deepwater Horizon oil spill in the Gulf of Mexico. ...read full article


September 26, 2012


Why your next 'Passw0rd' might not be a password



It's been a rough year for passwords. First, 6.5 million LinkedIn passwords were leaked online. Soon after, millions of passwords from eHarmony and Yahoo users were published by hackers. These events exposed untold numbers of accounts to criminals, as many consumers use the same passwords across multiple accounts. ...read full article

Energy Giant Telvent Claims Chinese Hackers Installed Malware on Its Systems



Telvent Canada Ltd, an organization that’s actively involved in providing software and services for the remote administration of energy industry systems, claims that a group of hackers breached its systems, planted malicious software, and stole trade secrets. ...read full article

FTC: Software used by rent-to-own stores spied on customers


The stores used software to capture screenshots, log keystrokes and take webcam pictures, the FTC alleges


IDG News Service - The U.S. Federal Trade Commission has reached proposed settlements with a software vendor and seven rent-to-own stores after the agency accused them of installing spyware on rented computers that captured screenshots of personal information, logged keystrokes and, in some cases, took webcam pictures of people in their homes. ...read full article

Tiny Evil Maid CHKDSK Utility Can Steal Passwords



Stealthy malware that can sneak onto machines during the boot process and remain undetected indefinitely is one of the brass rings of security research. There have been a number of tools developed over the years that aimed to accomplish this goal, with Joanna Rutkowska's Evil Maid attack being perhaps the most famous. Now a developer in Canada has produced a similar tool that impersonates the CHKDSK utility and can grab a user's password and then exit without the user's knowledge. ...read full article

Researcher Finds 100k IEEE.org Passwords Stored in Plain-Text on Public FTP Server



A Romanian computer scientist discovered that the Institute of Electrical and Electronics Engineers (IEEE) was storing its members' usernames and passwords in plaint-text on a publically accessible file transfer protocol (FTP) server. ...read full article

AvMed data breach case opens door for ID theft claims



A recent federal appeals court ruling may narrow the burden for plaintiffs to prove that they are victims of identity theft as result of a data breach. ...read full article

Wells Fargo recovers after site outage


The banks appears to be the latest victim in a string of cyberattacks on U.S. financial instiutions


September 26, 2012 — IDG News Service — Wells Fargo's website experience intermittent outages on Tuesday, while the hacker group claiming responsibility threatened to hit U.S. Bancorp and PNC Financial Services Group over the next two days. ...read full article

Four Miami-area residents indicted by federal grand jury in Birmingham on bank fraud charges



BIRMINGHAM - Four Miami, Fla., area residents were indicted by a federal grand jury in Birmingham today for conspiracy, bank fraud, access-device fraud and aggravated identity theft, federal authorities announced. ...read full article


September 25, 2012


Two men admit to $10 million hacking spree on Subway sandwich shops


The Romanians admitted their role in ring that compromised some 146,000 cards.


Two Romanian men have admitted to participating in an international conspiracy that hacked into credit-card payment terminals at more than 150 Subway restaurant franchises and stole data for more than 146,000 accounts. The heist, which spanned the years 2009 to 2011, racked up more than $10 million in losses, federal prosecutors said. ...read full article

Police warn of ID theft


Man had info on hundreds


The Wichita Falls Police Department has sent letters to potential identity theft victims, urging them to check their credit for any recent unknown activity, a department spokesperson said Monday. ...read full article

Warrants served at local banks, house in identity theft probe



Search warrants were served Monday at two banks and a residence in Lafayette as part of an 18-month, statewide investigation into fraudulent and stolen Social Security numbers. ...read full article

New NIST publication provides guidance for computer security risk assessments



The National Institute of Standards and Technology (NIST) has released a final version of its risk assessment guidelines which can provide senior leaders and executives with the information they need to understand and make decisions about their organization’s current information security risks and information technology infrastructures ...read full article

Cyber espionage campaign targets energy companies


Signs suggest remote access trojan by group that attacked RSA


Computerworld - Hackers using a Remote Access Trojan (RAT) named Mirage have been engaged in a systematic cyber espionage campaign against a Canadian energy company, a large oil firm in the Philippines and several other entities since at least this April, Dell's SecureWorks Counter Threat Unit says. ...read full article

Social Engineering Still a Major Factor in Corporate Compromise



Businesses today cannot function at full capacity without Email. Criminals know this, and despite billions spent to protect corporate email, it’s the easiest way for an attacker to get inside a company. With that said, FireEye has published a report on the top Spear Phishing campaigns so far this year, which they say have shot up more than 50% compared to levels in 2011. ...read full article

New Twitter-Based Malware Uses Direct Messaging to Spread



Sophos is warning of a new trick to get Twitter users to open direct messages from trusted users that ultimately infect their machines with malware. ...read full article

Fake Microsoft Emails Designed to Phish Out AOL, Yahoo!, Gmail Credentials



Fake Microsoft emails inform recipients that their “installation records are out of date.” The messages attempt to trick users into handing over their Windows Live, Yahoo!, Gmail, AOL or other credentials. ...read full article

Threat from hacking of city of Tulsa's website extends beyond city limits



TULSA - The city of Tulsa's website was hacked recently, but it's not just Tulsans whose personal information is at risk. ...read full article

JPMorgan Chase Bank Servers Hacked, Tiffany Employee Details Exposed



Computer servers owned by JPMorgan Chase Bank have been breached. The financial institution alerted high-end jewelry company Tiffany & Co because the affected machines contained the personal details of some employees. ...read full article


September 24, 2012


Latricia Williams, Shelton Tanner sentenced in identity theft and tax credit fraud scheme



PHOENIX - Buckeye resident Latricia Williams was sentenced to three years in prison Friday after pleading guilty in March 2012 as one of three individuals involved in an identity theft and tax credit scam. ...read full article

Discover will refund $200 million to settle charges it tricked customers



Discover Bank will refund $200 million to more than 3.5 million cardholders to settle charges that its telemarketers used deceptive tactics to sell credit card “add-on” products, such as credit score tracking and identity theft protection. ...read full article

Massachusetts Hospital Agrees to Pay $1.5m After Stolen Laptop HIPAA Violation



Massachusetts Eye and Ear Infirmary, a Boston-based hospital, agreed to pay $1.5 million to the U.S. Department of Health and Human Services (HSS) earlier this week, settling a HIPAA violation stemming from a 2010 incident. ...read full article

Co-operative Bank Scam: Checking for Inactive Customers



A new variant of an old scam is making the rounds, landing in the inboxes of unsuspecting Co-operative Bank customers. The phishing emails attempt to convince recipients that the financial institution is checking for inactive customers and incorrect email addresses. ...read full article

Breach Exposes POS Vulnerabilities


Hackers Sentenced; Court Docs Reveal Attack Details


Two Romanian hackers pleaded guilty to roles they played in the point-of-sale attacks that hit 100 Subway sandwich shops and other U.S. retailers. And details revealed in court expose common POS security vulnerabilities that remain a concern for smaller merchants and their banking institutions. ...read full article

Chinese hacktivists launch cyber attack on Japan


Government sites sink in dispute over islands


Chinese hackers have taken up cyber arms and followed up widespread anti-Japan protests in the People’s Republic over a set of disputed islands by attacking at least 19 Japanese government and other web sites. ...read full article

Cyber espionage campaign targets energy companies


Signs suggest remote access trojan by group that attacked RSA


Computerworld - Hackers using a Remote Access Trojan (RAT) named Mirage have been engaged in a systematic cyber espionage campaign against a Canadian energy company, a large oil firm in the Philippines and several other entities since at least this April, Dell's SecureWorks Counter Threat Unit says. ...read full article


Silicon Valley Mercury News , September 20, 2012


Three arrested at Fremont motel accused of running an identity theft ring



Three people, two caught hiding in a motel bathroom, were arrested in Fremont, California Tuesday in connection with an identity theft ring after police say they found them with stolen personal checks and other personal information that did not belong to them. ...read full article

2,500 involved in Kentucky data breach



The Kentucky-based Cabinet for Health and Family Services notified approximately 2,500 clients Tuesday that a possible employee e-mail account breach may have resulted in the unintentional release of personally identifiable information. ...read full article

Former NFL and College Players Enter Pleas in Federal Court



Several former NFL and college football players have been charged in federal court with crimes such as tax fraud and aggravated identity theft. ...read full article


September 19, 2012


Many steps recommended to stay safe from identity theft



Kim Dauplaise has never had her identity stolen, but the New Bedford woman nonetheless worries that she's not doing enough to prevent it from happening. ...read full article

Fourteen arrested in U.S. tax fraud, identity theft ring



(Reuters) - Fourteen people were arrested on Wednesday and charged with operating a long-running U.S. identity theft ring that filed thousands of fraudulent federal income tax returns to claim $65 million in illegal refunds, according to the U.S. Attorney's office in New Jersey. ...read full article

U.S. Justice Department speeding arrests of tax refund thieves


Federal prosecutors gain new authority for criminal tax cases


(Reuters) - The U.S. Justice Department launched a new effort on Tuesday to combat identity theft used to steal income tax refunds, granting federal prosecutors authority to quickly arrest suspects. ...read full article

String of I.D. thefts strikes FL subdivision


Toll from fraud case nears $100K for 14 victims in Summerfield development


The Forest Lake Police Department last week used its Code Red system to alert residents in a Forest Lake subdivision of a lengthy string of identity thefts. ...read full article

Fake doctor with stolen ID saw 500 patients in South Carolina



Austell - A Ghanaian man living in Austell, Ga., stole the identity of his physician friend, opening credit cards in his name. He took the identity theft one step further by assuming the identity of the doctor and seeing hundreds of patients in South Carolina. ...read full article

Eleventh Circuit Rules “Damages” Properly Alleged in Data Breach-Identity Theft Lawsuit



In a case of first impression in the Eleventh Circuit, the Court ruled in a 2-1 opinion that the plaintiffs in a putative class action had sufficiently alleged liability against a health plan provider for a data breach involving actual identity theft. The Court’s opinion, decided under Florida law, gives crucial guidance to plaintiffs seeking damages for identity theft caused by a data breach and to defendants seeking to defend against such claims. See Curry v. AvMed, Inc., No. 11-13694, 2012 WL 2012 WL 3833035, — F.3d —- (11th Cir. Sep. 5, 2012). ...read full article

Ex-Assemblyman Carl Washington arrested by FBI



Carl Edward Washington, who was a Democrat in the Assembly from the 52nd district, was arrested Monday on federal charges that he defrauded Farmers and Merchants Bank, First City Credit Union, and LA Financial Credit Union out of thousands of dollars by falsely claiming to be the victim of identity theft. Washington, 47, works for the Los Angeles County Probation Department. ...read full article


September 14, 2012


BUCKS; ID Numbers And Medicare



Images of a woman waving her Medicare card on television at the Democratic convention last week in Charlotte, N.C., prompted the folks at Credit.com and others to ask: Why do Medicare cards still have Social Security numbers on them anyway, when access to the numbers can post a risk of identity theft? ...read full article

Old, Trusting and Tricked Out of Life Savings



GRACE, an 81-year-old widow in Colorado, lost her life savings recently to identity thieves who had stolen her personal and financial information. She has hard-earned advice for anyone who gets a call from a stranger. ...read full article

College students need to study up on ID theft



(Reuters) - Two months before Shundra Jackson was due to graduate from the University of Georgia in 2008, she received a letter at her campus job warning that her wages were about to be garnished if her credit card bills remained unpaid. The problem was: Jackson did not have any credit cards. ...read full article

Local financial planner sentenced for identity theft



A former financial planner at the Indianapolis offices of Northwestern Mutual and One America-American United Life was sentenced Tuesday to two years in federal prison after pleading guilty to identity theft. ...read full article

McAfee identifies new malware threats



The second quarter 2012 (Q2 2012) McAfee Threat Report was released on Sept. 4 and has brought attention to new malware threats. The report identified threats such as mobile "drive-by downloads," the use of Twitter for control of mobile botnets, and the appearance of mobile "ransomware." This report covered the largest number of malware samples ever collected. The malware sample discovery rate accelerated to nearly 100,000 per day during 2012. ...read full article

Despite warnings, most states slow to confront corporate ID theft



September 12, 2012 — IDG News Service — How easy is it to steal the identity of a business? Just ask Roger Lee Shoss and Nicolette Loisel, two Houston-based attorneys who turned hijacking the identities of publicly traded companies into a cottage industry. ...read full article


 

Contact Information

Center for Identity Management and
Information Protection
Dr. Donald Rebovich,
Executive Director
315.792.3231
drebovich@utica.edu
Utica College
1600 Burrstone Road
Utica, NY 13502