Identity Theft News


News Archive


Contact Information

Center for Identity Management
and Information Protection
Dr. Donald Rebovich,
Executive Director
Utica College
1600 Burrstone Road
Utica, NY 13502

January 2010 News Archive

January 29, 2010

All is not OK in Oklahoma: State tax website victim of hack

The website of the Oklahoma Tax Commission was the apparent victim of a hack yesterday, one in which visitors to the website were prompted to accept an Adobe license agreement and download software. The hack could not come a worse time for the Commission, whose site is undoubtedly experiencing an uptick in visitors as tax season approaches. full article

Phishing Scam Targets Users of Adobe PDF Reader

A new phishing scam is trying to fool people into thinking it comes from Adobe, announcing a new version of PDF Reader/Writer. The message is making its way into e-mail boxes today, and the real Adobe urged any recipients to simply delete it. full article

Inside fraudster jailed for stealing from 7/7 victim's account

Former HSBC bank worker Paul Walsh has been jailed for two years after stealing more than £32,000 from a victim of the London suicide bomb attack on 7 July 2005. full article

U.S. House leaders ask for investigation into hackings

IDG News Service - Two lawmakers criticized the Web services company that may have enabled the hacking of almost 50 government Web sites on Wednesday. full article

Mortgage Fraudster Sent Up the River

MANHATTAN (CN) - Manhattan real estate developer Michael Hershkowitz was sentenced Thursday to 4 years in federal prison for his part in a $27 million Ponzi scheme involving fraudulent loans secured by nonexistent mortgages. Hershkowitz persuaded around 100 victims to loan the money to the Kingsland Group, allegedly to renovate 16 apartment buildings in Upper Manhattan. full article

EFF online tool reveals 'fingerprint' browsers leave on the Web

A browser's digital fingerprint reveals a wealth of information and can potentially be used to profile and identify a user full article

Judge Tosses Remaining Broadcom Charges, Finds 'Serious Problems' in SEC Complaint

A federal judge on Thursday dismissed drug charges against former Broadcom Corp. Chief Executive Officer Henry Nicholas and threw out a plea deal reached between prosecutors and a witness in a related stock-options backdating prosecution. full article

Military seeks private sector help to build cyber warfare capability

he military is seeking help from the private sector to build offensive and defensive capabilities for cyber warfare. full article

Data-sharing deal with US could be torpedoed, EU conservatives warn

Brussels - The conservative grouping in the European parliament is set to reject a planned agreement with the US on sharing bank transfer data, one of its senior members warned Thursday. The so-called SWIFT agreement between the European Union and US goes before a crucial committee vote next week. full article

Alberta’s privacy czar must justify delays, court rule

EDMONTON — Alberta’s highest court says the province’s backlogged Information and Privacy Commissioner can no longer take “routine extensions” in privacy cases, a decision that extends to complaints under health and access-to-information laws. full article

EPIC Urges FTC to Protect Users’ Privacy On Cloud Computing and Social Networking Services

EPIC submitted comments to the FTC prior to the agency’s second privacy roundtable. EPIC warned of the ongoing privacy risks associated with cloud computing and social networking privacy, highlighting the Google cloud computing complaint and Facebook privacy complaint filed by EPIC in 2009. The comments note that the FTC has failed to take any meaningful action with respect to either complaint, demonstrating the Commission’s “lack of leadership and technical expertise.” EPIC’s comments also draw attention to the success of international privacy initiatives, in hopes of encouraging the FTC to take meaningful action to protect American consumers. For more information, see EPIC: Cloud Computing and EPIC: Social Networking Privacy. full article

Girl, 16, rejected by mum after leak of medical details

A sixteen-year-old is an outcast from her devout Catholic family who have branded her a ‘murderer’ after a nurse allegedly broke medical confidentiality and told them about her secret abortion. full article

Expert sees security issues with the iPad

Apple's new iPad device looks like it will have some of the same security issues that affect the iPhone, such as weak encryption, a mobile security expert said on Thursday. full article

Google invites attacks on Chrome

Google has launched an experimental programme to encourage external security researchers to find and report vulnerabilities in its browser. Borrowing from the Mozilla Foundation's 2004 Security Bug Bounty Program, $500 will be awarded for each bug found. In special cases, a committee will decide whether to increase the amount to a maximum of $1,337 – however, this reward is only for vulnerabilities which are particularly critical, or particularly smart reports on vulnerabilities and their exploitation. full article

Most companies fail to manage data, study reveals

Less than 77% of organisations have established policies that cover electronics records, according to a report by information services firm Iron Mountain. full article

Advance-fee fraud scams rise dramatically in 2009

IDG News Service - People around the world continue to be duped by advance-fee frauds, with one Dutch private investigation company estimating the highest ever annual losses occurred in 2009. full article

Stolen Twitter accounts can fetch $1,000

IDG News Service - According to researchers at Kaspersky Lab, cybercriminals are trying to sell hacked Twitter user names and passwords on-line for hundreds of dollars. full article

Many voice encryption systems easily crackable

Updated. A vast majority of voice encryption products are seriously flawed, according to controversial tests by an anonymous hacker. full article

January 28, 2010

Cybersecurity Chief Confronts Google Attack, Cloud Security

New to the job, Howard Schmidt's priorities include developing an organized response to attacks on American systems, private-public partnerships, and R&D.

The nation's new cybersecurity coordinator, Howard Schmidt, says the task of overseeing government-wide computer security has been "non-stop" in his first two weeks on the job. full article

Facebook Tool Could Be Exploited By Cyber-Bullies

A recent Facebook feature can be exploited to be a cyber-bullying tool in the wrong hands, a security vendor warns.

Facebook's new feature – "reply to this e-mail to comment on this status" – gives attackers a way to post messages on other people's Facebook pages, according to a blog by security vendor F-Secure. full article

Prominent tech blog TechCrunch hacked

A leading technology blog, TechCrunch, was temporarily commandeered by a hacker who managed to place a message that linked to a site offering adult material. full article

4 Arrested In Alleged Plot To Wiretap Senator's Office

A conservative activist who posed as a pimp to target the community-organizing group ACORN and the son of a federal prosecutor were among four people arrested by the FBI and accused of trying to interfere with phones at Louisiana Sen. Mary Landrieu's office. full article

Anatomy Of A Targeted, Persistent Attack

New report provides an inside look at real attacks that infiltrated, camped out, and stole intellectual property and proprietary information -- and their links to China

A new report published today sheds light on the steps ultra-sophisticated attackers take to gain a foothold inside governments and company networks and remain entrenched in order to steal intellectual property and other data. The bad news is these attacks -- including the recent ones on Google, Adobe, and other companies -- almost always are successful and undetectable until it's too late. full article

Cost of UK data breaches up 7% in 2009

he cost of UK data breaches has increased 7% in the past year and 36% in the past two years, the latest annual study by the Ponemon Institute has revealed. full article

Congressional Web sites hacked near Obama speech

IDG News Service - More than two dozen Congressional Web sites have been defaced by the Red Eye Crew, a group known for its regular attacks on Web sites. full article

Cyber Terrorists Target U.S. Oil Industry

Three of the world's largest U.S.-based oil and natural gas companies were hoodwinked by an extremely sophisticated malware attack designed to steal key proprietary data related to the whereabouts of new oil reserves.

Senior executives at ExxonMobil, ConocoPhillips and Marathon Oil in 2008 fell victim to a what security experts called "tenacious" and "clever" cyber attacks that exposed some of the oil titans' most critical intellectual property. eSecurity Planet explains who was responsible for the attacks and what implications this new form of corporate espionage has for all U.S. companies. full article

Private data of 8,600 Ont. teachers compromised

Laptops containing sensitive records belonging to thousands of Ontario teachers have been stolen, CBC News has learned. full article

UCSF says laptop with 4,400 patient records stolen, then recovered

UC San Francisco said Wednesday that a laptop containing files with information on 4,400 patients was stolen from a UCSF School of Medicine employee on or about November 30. full article

Medicare cards could pose identity theft risk

Trips to the doctor could be exposing millions of Americans to identity theft because Medicare cards display recipients' full nine-digit social security numbers. full article

Former Linden man accused of identity theft, $270K loan scam

LINDEN -- A former Linden resident was arrested this week and accused of using another man’s identity to secure $270,000 in loans, authorities said. full article

Miami man gets 22 years for Medicare fraud

MIAMI (AP) - A Miami man who authorities say used his chain of clinics in a Medicare fraud case has been sentenced to 22 years in prison. full article

Social Security numbers visible in mail?

The University of Missouri-Columbia has notified students that a recent mailing inadvertently may have revealed Social Security numbers through the envelope window. full article

Canada to probe Facebook privacy

Canada's privacy commissioner has started a second investigation into social networking site Facebook. full article

Hard Driver Thefts Cost Tennessee Insurer $7 Million

BlueCross BlueShield of Tennessee says the theft of computer hard drives containing personal information on hundreds of thousands of members has already cost the insurer more than $7 million. full article

Seattle court worker charged with id theft

A week after her alleged conspirators were charged, federal prosecutors have a Seattle Municipal Court employee with bank fraud and identity theft. full article

You may already be a loser: Text message scams spread

Text this message: Your cell phone could be sending you the latest identity theft scam. full article

10 years in prison for a Twin Cities thief named Steele

Donald Steele Jr. did just that -- steal. full article

Illinois agent, agency lose licenses for impersonating regulators

An Illinois agent and his agency have lost their licenses to do business in the state and must pay a $100,000 fine for distributing fraudulent letters on stationary appearing to be that of the state’s department of insurance. full article

California surgeon faces up to 166 years in jail for bilking insurers

A California physician could be sentenced to 166 years in prison after his conviction for defrauding insurance companies by billing cosmetic work as “medically necessary” procedures. full article

250,000 White House Staffers, Visitors Affected by National Archives Data Breach

A data breach at the National Archives and Records Administration is more serious than previously believed. It involved sensitive personal information of 250,000 Clinton administration staff members, job applicants and White House visitors, as well as the Social Security number of at least one daughter of former Vice President Al Gore. full article

Attempted hacker attacks in healthcare on the rise

ATLANTA – The information security service SecureWorks, which protects 82 healthcare companies in the United States, reported Tuesday that attempted hacker attacks aimed at its clients doubled in the fourth quarter of 2009. full article

Study: Of All Breaches, Those Caused by Hacking Are the Costliest

The cost of data breaches rose slightly last year, but breaches resulting from computer hacking incurred by far the highest losses, according to a new report from privacy and data-security research firm Ponemon Institute LLC. full article

Japanese biometric border check no match for, um, tape

Caught sticky handed

Japan's million-dollar biometric immigration screening systems are still no match for a little ingenuity - and some tape. full article

Identity Thieves Successfully Targeting Wealthy Victims, Study Says

Affluent individuals who live 'the good life' are 43 percent more likely to be victims, according to Experian

If you're a security pro, then you might think the most likely victims of identity fraud are those with the most poorly protected systems and the least knowledge of computer security. Identity thieves are drawn to the easiest targets, right? full article

Phishing attacks account for more than one in two viruses

More than half (55.59 per cent) of all malware sent on email is an attempted phishing attack, according to analysis of malware in January 2010 by Network Box. full article

January 27, 2010

PlayStation 3 hack released online

IDG News Service - Days after announcing he'd managed to hack Sony's PlayStation 3 console to run his own software George Hotz has released the exploit online. full article

Report data breaches or risk tougher sanctions, warns ICO

The Information Commissioner's Office (ICO) has warned that organisations may face tougher sanctions if they fail to report security breaches that later come to light. full article

TechCrunch hacked twice in 24 hours

Technology website TechCrunch has been hacked for the second time in 24 hours. full article

Study confirms demise of the myth of attacks from within

Last year, network giant Verizon suggested that the 'attack from within' was more of a myth than a serious threat. A study by UK security services provider 7Safe in conjunction with the University of Bedfordshire underpins this suspicion. Of 60 incidents investigated, only 2% could be traced back to internal attackers. full article

New attack against IE could expose all files on a victim's PC

Microsoft's popular Internet Explorer web browser suffers from several minor flaws, which, when combined, can allow an attacker to read all the files on a user's computer, according to researchers at penetration testing vendor Core Security Technologies. full article

Phantom app risk used to bait scareware trap

Scareware scammers are staking advantage of rumours about an "unnamed app" that supposedly poses a security risk to Facebook users in order to trick users into sites slinging rogue security software packages. full article

January 26, 2010

Man to plead guilty in Scientology cyber attacks

Los Angeles, California (CNN) -- A Nebraska man is expected to plead guilty next week to launching a cyber attack that shut down the Church of Scientology's Web sites, federal prosecutors said Monday. full article

January 25, 2010

Beware Johnny Depp death hoax, says security firm Sophos

Bogus reports circulating on the internet, which claim that Johnny Depp has been killed in a drunken car crash in France, could be exploited by cybercriminals, warns security firm Sophos. full article

Cybercriminals use China attacks on Google as lure

Cybercriminals are exploiting the recently announced China-based cyber attacks against Google and more than 20 other companies as a lure for carrying out further targeted attacks. full article

Bank finally gets it right on fingerprints

It may be one of the shortest bills debated in the New Hampshire House of Representatives during this legislative session. The operative section of HB 299 consists of a single line: “(c) Reasonable identification shall not include finger prints.” full article

China rejects accusations on Google hack, Internet freedom

IDG News Service - China on Monday dismissed accusations of any official involvement in hacking attacks on Google and other U.S. companies, adding to tension between the two countries over the issue. full article

MoD staff leak military secrets on Facebook

Staff at the Ministry of Defence and the military leaked secrets on social networking sites and forums 16 times in the past 18 months. full article

Chinese human rights sites hit by DDoS attack

IDG News Service - Five Web sites run by Chinese human rights activists were attacked by hackers over the weekend, as a separate row continued between Google and China over political cyberattacks. full article

Infiltrating the Pushdo Botnet

It's very rare that we researchers get a chance to explore the inner workings of a botnet command and control server. Detailed insight into the botnet server or command component can give us valuable information about the motives of the botnet and possibly the bad guys behind it. But granting access to these command and control servers often depends on the will of the hosting providers. So what happened in this case? full article

Phishing schemes are becoming sneakier in targeting doctors

A new round of e-mail scams looks like legitimate messages from trusted sources. How can physicians avoid becoming victims? full article

Mother, son, plead guilty to ID theft

RIVERHEAD - Tonia Cheeseman, 64, of Ridge, and her son Michael Cheeseman, 42, of Shirley admitted in court that they used the personal information from files of Tonia Cheeseman’s employer to acquire lines of credit. Stolen identities included Suffolk County residents and residents of Florida where the Cheesemans had lived. full article

SQL injections attacks exacerbated by work of ‘gray hat’ researchers

In this LastWatchdog guest blog post Phil Neray, Vice President of Security Strategy at database security vendor Guardium (which was acquired by IBM last November) focuses attention on SQL injection vulnerabilities and attacks — and why they remain a substantive threat. full article

Ladbrokes, police probe data breach

Ladbrokes is investigating the loss of thousands of customer details from one of its databases, but is reassuring gamblers that the information did not include bank details or passwords. full article

Slovak biker spat linked to rare destructive worm

Hi-tech equivalent of tyre-slashing spreads globally

A rare example of a destructive computer worm has been spotted on the web. full article

Whirlpool allows old stains to linger on site

Warnings put through spin cycle

Domestic appliance manufacturer Whirlpool has come under fire for failing to clean up a malware infection on one of its sites, months after it was notified of a problem by UK anti-virus firm Sophos. full article

Too much info on social media aids ID thieves

More than half of adults 45 and older who are on social networks like Facebook could be in danger of becoming victims of identity theft or other crimes because they share too much private information, according to a study released today. full article

Survey: Data breaches from malicious attacks doubled last year

Data breaches at U.S. companies attributed to malicious attacks and botnets doubled from 2008 to 2009 and cost substantially more than breaches caused by human negligence or system glitches, according to a new Ponemon survey to be released on Monday. full article

Coldblooded Scam Targeted Mexicans

SAN ANTONIO (CN) - A 56-year-old Texan was sentenced to 65 months in federal prison for posing as an immigration agent to steal $95,000 from 80 unsuspecting victims by selling them phony documents. Several of his victims were ill and sought temporary visas to get medical treatment. One traveled from the interior of Mexico to Nuevo Laredo only to be denied admission and die on her way home, prosecutors said. full article

January 22, 2010

China hacks used as lure for more targeted attacks

Spoofed e-mails detailing recent events spotted in targeted attacks, says F-Secure

Computerworld - Malicious hackers have begun using the recent cyberattacks against Google and more than 30 other companies as lures for launching even more targeted attacks, security firm F-Secure said in a blog post today. full article

Music and film industry to fund 75% of anti-piracy campaign

The UK government says music and film producers will have to bear of the cost of clamping down on illegal file sharers on the internet. full article

Baidu claims withheld support after hack

Chinese search engine says its domain registrar was slow to answer pleas for help after its site was hacked

Chinese search engine was stranded without technical support from its U.S. domain registrar immediately after being hacked last week, Baidu has alleged in its lawsuit against the registrar. full article

January 21, 2010

UPDATE: State DMV Database Used for Marketing, Private Data Accessed, Suit Says

TEXARKANA - A federal lawsuit filed in the Texarkana Division of the Western District of Arkansas claims the Arkansas Department of Motor Vehicle database has been illegally used for marketing and it could affect anyone who has had an Arkansas driver's license since 2000. full article

FBI Broke Privacy Laws, Says Justice Department Probe

The FBI repeatedly broke the law between April 2003 and November 2006 in its efforts to monitor telecommunications in line with counterterrorism objectives, a Justice Department investigation has found. A report released Wednesday by the Department's Inspector General, Glenn Fine, reveals that three major telecom companies — whose identities remain classified — contracted out six of their employees to the FBI, and provided the government with unchecked access to phone records without legal authority. Those employees worked in FBI office space with government investigators, and responded to more than 700 informal requests for information from the FBI, sometimes passed on verbally or on post-its. The employees gave agents access to some 3,500 telephone numbers, including call records from reporters, "calling circles" of individual suspects and others, the report says. full article

UN issues call for international privacy agreement

Countering counter-terror powers

A UN watchdog has called for a new international agreement on privacy following a review of the expanding global array of surveillance measures and databases advanced by governments in the cause of counter-terrorism. full article

Cough Up Or Go to Jail, Judge Says

MIAMI (CN) - A federal judge found Jamie Solow in contempt for refusing to disgorge more than $3.4 million in a securities fraud judgment after soaking elderly investors. The judge said Solow transferred millions of dollars in assets to his wife; he ordered his arrest if Solow does not cough up the money by Monday. full article

Mortgage Broker Who Dumped Consumer Records Settles FTC Charges

A mortgage broker who discarded consumers’ personal financial records in a publicly- accessible dumpster paid a $35,000 civil penalty to settle Federal Trade Commission charges. full article

New Twist On Counterfeit Check Scheme Targeting U.S. Law Firms

The FBI continues to receive reports of counterfeit check scheme targeting U.S. law firms. As previously reported, scammers send e-mails to lawyers, claiming to be overseas and seeking legal representation to collect delinquent payments from third parties in the U.S. The law firm receives a retainer agreement, invoices reflecting the amount owed, and a check payable to the law firm. The firm is instructed to extract the retainer fee, including any other fees associated with the transaction, and wire the remaining funds to banks in Korea, China, Ireland, or Canada. By the time the check is determined to be counterfeit, the funds have already been wired overseas. full article

Controversial App Provides Background Checks On the Go

Online privacy is a constant and growing concern as the evolving landscape of Web sites and services erode the traditional expectations of privacy. A new app from BeenVerified is adding even more controversy to the privacy dilemma by enabling users to conduct background checks on anyone in a matter of seconds from their iPhone. full article

Heartland Moves to Encrypted Payment System

Responding to its widely reported and massive data breach that took place a year ago, Heartland Payment Systems will be moving to an end-to-end encryption system for payment transactions, according to Chairman and CEO Robert Carr. full article

UK: Confidential hospital records found at Norwich supermarket

Hospital records containing highly confidential information about vulnerable patients have been found outside a city supermarket by a member of the public. full article

More Answers About Law Amending HIPAA Rules

This is the second part of a two-part article providing an introductory overview of the new HITECH law. The first part appeared in the January 1 issue and addressed HITECH in detail. Interpretation of this law is still evolving, and there are currently many unanswered questions. Nothing in this article should be construed as legal advice. full article

FAQs About HIPAA and HITECH: What Physicians Need to Know

This is the first of a two-part article on the new HITECH law. Interpretation of this law is still evolving, and there are many unanswered questions. full article

UK: Patient notes sent to wrong address

A FARMER was left "horrified" when personal and intimate details of a potentially fatal pregnancy complication for another woman were dropped through her letterbox. full article

Man pleads guilty to fraud, identity theft

Salvatore Richard Caccavallo pleaded guilty in federal court in Missoula on Monday to wire fraud, aggravated identity theft and possession of stolen firearms, according to the U.S. Attorney’s Office. full article

UK: Manchester police arrest 3 suspects in check counterfeiting, identity theft scheme

(KMOV)—Manchester police have arrested 3 suspects after a multi state check counterfeiting and identity theft scheme. full article

Hospitals asked to report problems with e-health records

Some software is producing improper medication dosages, Grassley says

Computerworld - The ranking member of the U.S. Senate Finance Committee this week asked 31 hospitals and health-care systems to provide feedback on problems with computer systems associated with the government's efforts to incent the rollout of electronic health records (EHR). full article

RockYou hack reveals easy-to-crack passwords

Analysis of the 32 million passwords recently exposed in the breach of social media application developer RockYou last month provides further proof that consumers routinely use easy to guess login credentials. full article

80% of gov't Web sites miss DNS security deadline

Network World - Most U.S. federal agencies -- including the Department of Homeland Security -- have failed meet a Dec. 31, 2009, deadline to deploy new authentication mechanisms on their Web sites that would prevent hackers from hijacking Web traffic and redirecting it to bogus sites. full article

January 20, 2010

Hundreds of Network Solutions Sites Hacked

Web site domain registrar and hosting provider Network Solutions acknowledged Tuesday that hackers had broken into its servers and defaced hundreds of customer Web sites. full article

Mystery/Secret Shopper Schemes

The IC3 has been alerted to an increase in employment schemes pertaining to mystery/secret shopper positions. Many retail and service corporations hire evaluators to perform secret or random checks on themselves or their competitors, and fraudsters are capitalizing on this employment opportunity. full article

Military contractors targeted in Chinese attacks, says F-Secure

Attacks followed apparent China-based hacks targeting Google, other tech firms

Computerworld - The targeted cyberattacks apparently originating in China that hit Google and more than 30 other companies late last year are now targeting some U.S. defense contractors, according to security vendor F-Secure. full article

Security researcher IDs China link in Google hack

The code behind the attack, called Aurora, was written in 2006

IDG News Service - The malicious software used to steal information from companies such as Google contains code that links it to China, a security researcher said Tuesday. full article

How to secure Internet Explorer: four tips to protect web browsing

With some governments warning people to stop using Internet Explorer (IE) until Microsoft patches the latest vulnerability in the software, here are four ways to protect web browsing in IE. full article

EPIC, Privacy Groups Oppose Facebook “Beacon” Settlement

EPIC and other privacy groups sent a letter to the federal judge overseeing a class-action settlement against Facebook in California, opposing the settlement as unfair and unreasonable. As proposed, the settlement does not provide any benefit for Facebook users whose private data was illegally exposed by Facebook “Beacon.” full article

Ca: Privacy complaint filed against youth-oriented social networking site Nexopia

Canada’s privacy commissioner should investigate how a youth-oriented social networking site uses the personal information of its members, an Ottawa-based consumer advocacy group said Tuesday. full article

German DPA Fines Drugstore Chain €137,500 for Illegal Collection of Health Data

On January 11, 2010, the data protection authority of the German federal state of Baden-Wurtemberg issued a press release stating that it had fined the Müller Group €137,500 for illegal retention of health-related data and failure to appoint a Data Protection Officer. full article

Classmates Says It Will Prostitute Your Info To Other Sites

Pete forwarded us an email from the social networking site Classmates, which apparently is attempting to stay relevant by spreading your information around the internet to sites people actually visit. At least users can opt out. full article

Three charged in Miami area mortgage fraud allegations

In the following press release Jeffrey H. Sloman, United States Attorney for the Southern District of Florida, Michael K. Fithen, Special Agent in Charge, U.S. Secret Service, Miami Field Office, and Al Lamberti, Sheriff, Broward County Sheriff’s Office, announced that Jerry Arthur Riggs, Jacqueline Lopez, and Novelette “Faye” Hanse, all of Broward County, Florida, were charged in a nine count Indictment in connection with their participation in a mortgage fraud scheme. The case has been assigned to U.S. District Court Judge Kenneth A. Marra in West Palm Beach, Florida. The defendants made their initial appearances this morning before U.S. Magistrate Linnea R. Johnson. full article

FBI Director to chronicle the evolution of cyber threats at RSA Conference 2010

Robert Mueller, Director of the Federal Bureau of Investigation, will deliver a keynote address at RSA Conference 2010 RSA Conference 2010. Mueller’s keynote will detail cyber threats through the years – from criminal threats like computer intrusions and identity theft to the use of the Internet by extremists and hostile foreign powers. full article

Virus attack hits Vista machines, cripples university network

A massive virus attack has hit the University of Exeter resulting in the entire network being shut down both by the virus and the network staff in an attempt to protect the infrastructure. full article

Windows hole discovered after 17 years - Update

Microsoft isn't having an easy time of it these days. In addition to the unpatched hole in Internet Explorer, a now published hole in Windows allows users with restricted access to escalate their privileges to system level – and this is believed to be possible on all 32-bit versions of Windows from Windows NT 3.1 up to, and including Windows 7. While the vulnerability is likely to affect home users in only a minor way, the administrators of corporate networks will probably have their hands full this week. full article

Beach nurse gets 2 years for identity theft

Calling the crime "very disturbing," a federal judge sentenced a nurse to two years in prison after she admitted stealing the identities of several patients, some suffering from dementia, and going on a $14,000 shopping spree. full article

Cardiff 'is identity theft capital'

Cardiff is the UK's card fraud capital, new research has revealed. full article

Taken to the Cleaners

A study from Credant Technologies finds clothes dropped off at the dry cleaners are often filled with forgotten USB sticks. full article

January 19, 2010

National Center for Disaster Fraud to Coordinate Haitian Fraud Complaints

The FBI and the National Center for Disaster Fraud (NCDF) have established a telephone hotline to report suspected Haitian earthquake relief fraud. The number is (866) 720-5721. The phone line is staffed by a live operator 24 hours a day, seven days a week. You can also e-mail information directly to full article

3rd Circuit Panel Mulls if Teen 'Sexting' Is Child Pornography

As the nation's first case involving criminal prosecutions of teenagers for "sexting" made its way to a federal appeals court in Philadelphia, all three judges seemed skeptical of the prosecutor's claim that child pornography laws are violated when a teen transmits a nude image of herself. full article

France, Germany Say Stop Using Internet Explorer 6

December's "Operation Aurora" cyber attack from China, which Google disclosed last week, has prompted French and German information security organizations to recommend against the use of Internet Explorer 6, at least until a patch is released to address the vulnerability. full article

Google Hack Leaked to Internet; Security Experts Urge Vigilance

The code that was used to hack Gmail accounts in China is now publicly available on the Internet, and security experts are urging computer users throughout the world to be highly vigilant until a patch can be developed. full article

Gmail of foreign journalists in China hijacked

Google says cyberattacks have also recently targeted the Gmail accounts of Chinese human rights activists

he Gmail accounts of foreign reporters in at least two news bureaus in Beijing have been hijacked, a journalists' group in China said Monday. full article

Government personal data handling has improved, says report

Measures put in place by the Government to better protect individuals' personal data have been successful but more work is needed, according to the first annual internal report due under the new regime. full article

ContactPoint database suffers 'serious' security breaches during trial phase

The controversial database containing personal details of all 11 million children in England has suffered at least four security breaches even before its nationwide launch. full article

Theft of Goodwill safe raises identity theft concerns

In Kent County, the investigation continues into the theft of a safe from a Goodwill location in Kent County. full article

Video: Clickjacking exploit used to hijack Facebook accounts

A security researcher has discovered a vulnerability in Facebook that could allow a hacker to hijack a user's account. full article

Fixing Flores: Assuring Adequate Penalties for Identity Theft and Fraud

This Backgrounder proposes statutory language fixes to federal identity theft and aggravated felony language in 18 U.S.C. §§ 1028 and 1028A to reverse the practical implications of the May 2009 Supreme Court ruling in Flores-Figueroa v. United States.1 Flores crippled prosecutors’ longstanding practice of using the aggravated identity theft statute by requiring that prosecutors now also prove that a defendant knew he was using a real person’s identity information, as opposed to counterfeit information not connected to an actual person. The statute is an important tool for immigration enforcement. Proving a defendant’s knowledge about his crime is always difficult, and impossible in some cases, even where there is substantial harm and clear victims. This is especially the situation with illegal aliens who buy identity information from third parties. The inevitable result of the Flores decision is to enable perpetrators an easy defense and to tie prosecutors’ hands. The defendant in the case was an illegal alien working at a steel plant in Illinois. full article

FBI broke law for years in phone record searches

The FBI illegally collected more than 2,000 U.S. telephone call records between 2002 and 2006 by invoking terrorism emergencies that did not exist or simply persuading phone companies to provide records, according to internal bureau memos and interviews. FBI officials issued approvals after the fact to justify their actions. full article

City staff's private info sent out with water bills

A list of the names and Social Security numbers of employees of the City of Oakridge was sent out with monthly water bills in this town of about 1,400 households. full article

Three lessons for businesses from the Google attack

Companies need to reevaluate security to handle advanced cyberattacks

The cyberattacks against Google and more than 30 other technology companies by adversaries operating out of China highlights what some call the Advanced Persistent Threat (APT) confronting a growing number of U.S commercial entities. full article

Hackers are defeating tough authentication, Gartner warns

Security measures such as the use of one-time passwords and phone-based user authentication -- considered among the most robust forms of IT defenses -- are no longer enough to protect online banking systems against fraud, a Gartner Inc. report warns. full article

Health Net's missing drive could cost it millions

Connecticut HIPAA lawsuit over lost records

US healthcare corporation Health Net kept quiet for 6 months about a lost disk drive, exposing 1.5 million of its members to identity theft. It is now being sued. full article

Convicted identity thief arrested on new fraud charges

A rural Streator woman, who previously served prison time for identity theft, has been arrested by Livingston County Sheriff authorities on new criminal charges. full article

Poisoned PDF pill used to attack US military contractors

Yet more cyber-espionage shenanigans

Unidentified hackers are running an ongoing cyber-espionage attack targeting US military contractors full article

HMRC fraud warning emails baited by phishers

Spotting scams doesn't have to be taxing

UK taxpayers were targeted by a tax fraud scam mail run late last week. full article

Palestinian hackers deface Jewish Chronicle

Hacktivists protest Gaza blockade

The Jewish Chronicle website was defaced over the weekend by hackers calling themselves the "Palestinian Mujaheeds" who posted a rant against Israel's blockade of the Gaza Strip. full article

Search warrant nets fraud charge, pot bust for California couple

A California husband and wife were arrested recently during an auto insurance fraud bust at two of their residences that also turned up 131 pounds of suspected marijuana. full article

Florida officials searching for fake GEICO agent

Officials in three Florida counties are searching for a 21-year-old man who falsely claimed to work for GEICO, selling fictitious insurance documents. full article

Man masquerading as fashion model bilks wealthy men

The police sought a person who claimed to be Bree Condon and who had bilked thousands out of men in an online scam. They were surprised to meet Justin Brown. full article

More than 60 people arrested in connection with fraudulent check ring

More than 60 people have been arrested in connection with a fraudulent check ring that stole almost $500,000 from area banks and business, authorities said. full article

Zain Seeks Help in War On Mobile, Internet Fraudsters

Mobile service provider Zain has issued a global appeal for more information on fraudsters who are using its brand name in order to obtain money full article

January 15, 2010

Google Hack Attack Was Ultra Sophisticated, New Details Show

Hackers seeking source code from Google, Adobe and dozens of other high-profile companies used unprecedented tactics that combined encryption, stealth programming and an unknown hole in Internet Explorer, according to new details released by researchers at anti-virus firm McAfee. full article

Pizza delivery man cops to life in DarkMarket

Ran 'eBay for criminals' from net cafe

A former London pizza delivery man faces a 10-year prison sentence after admitting he helped found the notorious DarkMarket forum for computer crime, several news sites reported. full article

False Moscow CCTV feed scam leads to fraud charges

The discovery that some CCTV cameras around Moscow streamed prerecorded images, instead of live pictures, has resulted in criminal charges against StroyMontageService, the firm that maintained the network. full article

Iraqi weapons inspector accused in online sex sting

Facing seven years

A former head of UN weapons inspections in Iraq has been charged with child sex offences after being caught in an online sting. full article

Oaklyn man gets 27-month term for identity theft

An Oaklyn man was sentenced yesterday to 27 months in federal prison for stealing identities to swindle nine banks. full article

More charges, suspects in ID theft ring

An identity theft ring uncovered in Oswego last year involved more than just thefts in Kendall County full article

Eastern students may be victims of identity theft

Many students report damage done to credit

Eastern is not immune to identity theft. Jackie See, financial health coordinator for the Health Education Resource Center, said she has spoken to students with thousands of dollars of damage done to their credit caused by identity theft. full article

Former Thief Says Identity Theft is Easier Than You Think

News Channel 13Wham recently interviewed former identity thief convict, Dan DeFelippi, who testified to the fact that identity theft is a lot easier than you might think. full article

Connecticut AG sues Health Net over security breach

Connecticut Attorney General Richard Blumenthal filed a lawsuit against Health Net of Connecticut, alleging the company failed to secure patient medical records and financial information prior to a security breach. full article

Lincoln National Discloses Breach Of 1.2 Million Customers

Shared-password vulnerability may have exposed personal information in online account management system full article

NY Bank Suffers Online Breach

8300+ Customers Compromised by Hack

A Long Island, NY bank announced this week that more than 8,300 of its online banking customers had their log-in credentials stolen in a data breach that occurred last November. full article

Credit-card thieves sought in connection with Target shopping spreee

Avondale police need the public's help finding two burglars who went on a post-Christmas shopping spree using stolen credit cards. full article

Tax season brings more sophisticated scams

It's tax season, and that means IRS-related phishing scams are ramping up. full article

Soon, security system for touch screens to ward off shoulder surfers

New touch screen phones may soon be equipped with a system to stop 'shoulder surfers' from spying your secret pass codes, thanks to computer scientist who developed the technology. full article

Houston woman gets prison for $1M computer fraud

A Houston woman who worked for a New Orleans mortgage lender has been sentenced to 30 months in federal prison for stealing more than $1 million from the company. full article

Conficker worm still spreading, Akamai says

Russia and Brazil replaced China and the U.S. as the top two sources of attack traffic, according to Akamai's State of the Internet report full article

Haiti earthquake themed blackhat SEO campaigns serving scareware

Cybercriminals quickly mobilized following the news of a massive earthquake that hit Haiti on Tuesday, by introducing several hundred compromised domains embedded with bogus blackhat seo (search engine optimization) content related to Red Cross donations and general Haiti earthquake relief information. full article

Woman reports identity theft

WINNECONNE – A 57-year-old Winneconne woman reported to police on Jan. 6 that someone had used her identity to purchase energy from a Texas company. full article

Romanian faces five years in prison for phishing scheme

A Romanian national pleaded guilty on Thursday to a charge related to a phishing operation that sought to defraud customers of banks such as Citibank and Wells Fargo, and of Web sites such as eBay. full article

UK defendants await sentencing in carding scheme

Part of DarkMarket fraud ring that bought and sold stolen credit cards online full article

Cybercriminals revive old scams to target smartphones

As mobile phones get more sophisticated, hi-tech criminals are dusting off some old tricks. full article

Microsoft admits Explorer used in Google China hack

Microsoft has admitted that its Internet Explorer was a weak link in the recent attacks on Google's systems that originated in China. full article

January 14, 2010

McKinnon wins review of extradition for hacking

Self-confessed hacker Gary McKinnon has been granted a reprieve from extradition to the US where he faces up to 70 years in jail for hacking federal and Pentagon computers. full article

Perinton Mail Theft Leads to Identity Theft

Perinton, N.Y. -- Thieves used information stolen from a Post Office to create and cash forged checks to the tune of $75,000. full article

Man gets 8 to 16 years for drugs, ID theft

John McManus, 37, of 103 Persimmon Drive, Delaware Township pled guilty to various drug and identity theft charges on January 11 at the Pike County Courthouse in Milford. full article

Four women held in San Jose identity-theft scheme, DA's office says

A team of South Bay authorities said they arrested four women suspected of stealing the identities of at least 100 victims in a ring headquartered at a Days Inn in San Jose. full article

Dodgy Haiti earthquake-themed domains point to scams

With sad inevitability, fraudsters have rushed to register the Haiti earthquake-themed scam URLs in the wake of Tuesday's natural disaster in the impoverished Caribbean country full article

Viruses may target social networks

Social networkers of the world, it's time to amp up your security software and put on your cynical cap before clicking on friend requests and links to "funny videos." Facebook and Twitter will be the top targets for cyber attacks in 2010, according to several security firms. full article

BlueCross data theft exposes more than 220,000 customers

Just calling BlueCross BlueShield of Tennessee for claim or policy information could have exposed 220,000 customers to a breach of their most-sensitive data, company officials said Wednesday. full article

Phoenix business owner gets 6 months in fraud case

An Anthem man who was arrested as part of an employer-sanctions investigation was sentenced to six months in jail. full article

China affirms control over Internet

BEIJING: China told companies to cooperate with state control of the Internet on Thursday, showing no sign of giving ground on censorship after U.S. Internet giant Google threatened to quit the country. full article

Law firm in Green Dam suit targeted with cyberattack

The law firm representing a U.S. company involved in a legal dispute over China's Green Dam censorship software says it was targeted with a sophisticated online attack this week, similar to the one reported by Google Tuesday. full article

IRS: Watch out for online identity theft during tax time

The Internal Revenue Service is urging consumers to protect themselves against online identity theft and other scams this tax-filing season. full article

18,000 pay statements sent to wrong addresses

Pay statements containing names and sensitive information about the finances of about 18,000 recipients of a special pay for disabled retirees were sent to wrong addressees last week, the Defense Finance and Accounting Service said Jan. 14. full article

January 13, 2010

Health care: A 'goldmine' for fraudsters

There's a group of people who really love the U.S. health care system -- the fraudsters, scammers and organized criminal gangs who are bilking the system of as much as $100 billion a year. full article

Indianapolis man 1st to be prosecuted under computer-extortion law

A 28-year-old Indianapolis man was sentenced today to two years in state prison for trying to extort $208,00 from an insurance company after stealing a computer server. full article

Lethic botnet knocked out by security researchers

Zombie network taken down

The command-and-control servers of the Lethic botnet have been taken out following a spam-busting collaboration between security firm Neustar and ISPs. full article

Google may quit China over cyber-attacks

Firm vows to stop censoring search results after Gmail accounts are hacked

Google Inc. will stop censoring its search results in China and may pull out of the country completely after discovering that computer hackers had tricked human-rights activists into exposing their e-mail accounts to outsiders. full article

'Sandwich attack' busts new cellphone crypto

Kasumi cipher cracked (in theory)

A new encryption scheme for protecting 3G phone networks hasn't even gone into commercial use and already cryptographers have cracked it - at least theoretically. full article

The Legal Thicket of Federated Identity Management

With the Obama Administration, FTC, GSA, and many industry groups all making online identity management a top priority, it is also time to consider the legal risks -- particularly with respect to federated identity management, a system in which third parties take over the time-consuming and expensive task of identifying, verifying and authenticating users. full article

Sidestepping Swindlers in the New M-Commerce Frontier

With the growing popularity of smartphones, mobile commerce is taking off, but consumers need to play closer attention to mobile safety. full article

Report reveals hacking to be top cause of data breaches in 2009

Although the total number of reported data breach incidents fell year over year in 2009, the number of compromised records was still estimated at over 222 million. full article

New York bank admits intruder accessed online banking

More than 8,000 online customers at New York bank Suffolk Bankcorp were impacted by an intruder getting into its IT system, the bank admitted yesterday. full article

30% of workers sending confidential data

Nearly a third (30 per cent) of employees send confidential and/or sensitive data as a normal email attachment or unsecured in the body of an message, a study has indicated. full article

Kaiser patient data swiped from employee's car

Kaiser Permanente this week began sending letters of apology notifying 15,500 members in Northern California that an electronic data storage device containing their health information was stolen from an employee's car early last month. full article

UK: ICO to fine firms up to £500,000 for data breaches

Firms that incur serious data breaches could be fined up to £500,000 when new statutory guidelines come into force on 6 April. full article

California agent loses license after forgery, grand theft charges

The California Department of Insurance has revoked the license of an agent accused of fraud, forgery and grand theft involving senior citizens. full article

Adobe Confirms 'Coordinated, Sophisticated' Cyber Attack

In an attack described as “sophisticated” and “coordinated,” Adobe said its corporate network systems were breached by hackers. full article

Missouri's Sex Offender Laws Unconstitutional

JEFFERSON CITY, Mo. (CN) - A split Missouri Supreme Court found unconstitutional two laws governing where convicted sex offenders can live and what they can do on Halloween night. The 4-3 ruling addressed laws enacted in 2004 and 2008. full article

January 12, 2010

Group behind Twitter hack takes down

IDG News Service - The group that took down last month has apparently claimed another victim: China's largest search engine full article

Fake Amazon email ships malware

The image of an open Amazon delivery box has a prominent place in the latest spam campaign that aims to trick users into downloading an alleged order update coming from the dot com giant. full article

Google yanks suspect banking apps from Android Marketplace

A programmer who calls himself 09Droid has illuminated security concerns sure to come into sharper focus as the tech giants and the financial services industry make their move to extend Internet banking to mobile devices. full article

Missing Copier Led to $14M, Company Says

HOUSTON (CN) - When a copy machine went missing, an oil services company says, it hunted it down to a property owned by the son of one of its accountants. After firing her and sifting through her computer records, Davis-Lynch claims, it found that the family had embezzled more than $14 million. full article

Google blames 'human error' for data leak

Google is apologizing after it mistakenly e-mailed potentially sensitive business data last week to other users of its business listings service. full article

Nebraska bill would let stores scan driver's licenses

ow the only state that doesn't allow information to be scanned from drivers' licenses, Nebraska may soon let store clerks do more than just look at them when selling alcohol, tobacco and lottery tickets. full article

Au: Vinnies 'misused' donor data

THE St Vincent de Paul Society has been accused of breaching public trust and aspects of the Privacy Act after entering into an agreement that allowed one of the world's largest data companies to gather information through a Christmas mail-out from the charity. full article

False Facebook charge group used to spread malware

A false rumour suggesting that Facebook is to start charging is being used to bait malware traps. full article

Philippines Investigates Hacks Of Multiple Government Sites

Political motives suspected in defacement of high-profile sites

Officials in the Philippines are investigating a series of incidents in which five different government Websites were hacked in less than a month. full article

Identity Thieves Target Big Banks

PHOENIX -- If you have an account at a major bank, chances are you may have been put at risk for identity theft, according to members of the Merchants Identity Theft Advisory Board. full article

N.Ky. Legal Secretary Sentenced 2 Years For Identity Theft

COVINGTON, Ky. — Lisa Michaele Matz, 40, of Villa Hills, Ky., was sentenced Monday by United States District Court Judge Danny C. Reeves to two years in prison for committing aggravated identity theft. full article

ID theft protection among new laws for 2010

A law expected to make it more difficult for identity thieves to strike and one that will allow independent cab drivers to gain workers' compensation benefits are among the new state laws going into effect this year. full article

Suspects jailed in $30,000 Novato identity theft case

Two San Rafael residents appeared in court Monday on charges they used a Novato couple's personal information to buy $30,000 in merchandise and travel, authorities said. full article

Man accused of forging 172 checks

GLOVERSVILLE - A city man was arrested after police said he forged checks and stole nearly $200,000 from an elderly woman living in a nursing home. full article

January 11, 2010

2009 Data Breaches: Identity Theft Continues

The Identity Theft Resource Center® Breach Report recorded 498 breaches, less than the 657 in 2008, more than the 446 in 2007. Are data breaches increasing or decreasing? That is the question no one can answer. This fact will not change until there is a single data breach list requiring mandatory public reporting. With some breaches not being reported publicly, and some state Attorneys General not allowing public access to reported breaches, we doubt that anyone is in a position to answer the question above. When we allow laws to be created requiring breach reporting but not disclosure, and provide minimal enforcement or penalty for non-compliance, we can expect a lack of public disclosure. Counting breaches becomes an exercise in insanity. full article

Two to be sentenced in identity theft scheme that hit N.J. banks

NEWARK -- Two men who admitted participating in an international identity theft scheme targeting home equity lines of credit at banks in New Jersey and several other states are scheduled to be sentenced today in federal court. full article

S. Ill. woman gets 4 years for identity theft

January 10, 2010 (EAST ST. LOUIS, Ill.) -- A southwestern Illinois woman charged with stealing identities while working as a restaurant manager has been sentenced to four years in prison. full article

Nineteen Indicted in Massive Cybercrime Conspiracy

DALLAS—A federal grand jury in Dallas returned a superseding indictment this week charging 19 defendants in a massive cybercrime conspiracy, announced U.S. Attorney James T. Jacks of the Northern District of Texas. This indictment supersedes a September 2, 2009, indictment that charged nine of the defendants in the conspiracy. full article

E-statements plugged as solution to mail fraud

Mail fraud and identity theft like that clamped down on by NSW Police this week could be eliminated if bank customers opt for electronic-statements, according to a security analyst. full article

Customers alerted to BlueCross data breach

Chattanooga Times Free Press, Tenn.

(Chattanooga Times (TN) Via Acquire Media NewsEdge) Jan. 10--Customers of Chattanooga-based insurer BlueCross BlueShield of Tennessee slowly are being notified by mail of a potential breach of their personal information. full article

Ex-UCLA researcher pleads guilty to record breach

A former UCLA School of Medicine researcher pleaded guilty to reading confidential medical records of celebrities, high-profile patients and his co-workers in federal court on Friday. full article

Rogue anti-virus software targets Google Groups

Google discussion groups are being hit by messages linking to rogue anti-virus software, security firm Webroot has warned. full article

January 8, 2010

TSA Nominee Runs Into Flak Over Improper Database Access

The improper use of a federal database two decades ago by Erroll Southers, the White House nominee to be administrator of the Transportation Security Administration (TSA), has caught the attention of GOP lawmakers. full article

768-bit RSA cracked

Researchers have decomposed a 768-bit number with 232 decimal places into its two prime factors and published a paper with their results. The number is the string released as "RSA-768" under the now defunct RSA Challenge. As a result, RSA encryptions with 768-bit keys must, from now on, be considered cracked. full article

OH: Ninety-Month Sentence for Man Who E-Mailed Threats to a Columbus Company, Florida Legislator

Kyle Jeffrey Tschiegg, 39, of Sarasota, Florida was sentenced in United States District Court here today to 90 months’ imprisonment for e-mailing threats, including threats to cause a candidate to drop out of a race for statewide office in Florida; hacking into e-mail accounts of individuals and companies; and using stolen identity information to commit computer crimes. full article

Hackers crack security on Eugene school employee info

EUGENE, Ore. -- Hackers breached the security a computer server containing the names, phone numbers and employee ID numbers of current and former Eugene School District employees, the district said Tuesday. full article

UMC lacks way to log patients’ records

Health Division probe follows reported leaks of private data

University Medical Center has no system to track patient records, leading to numerous instances in which hospital paperwork containing Social Security numbers, birth dates and other private information goes missing, a state investigation has found. full article

Heartland To Pay Up To $60 Million In Breach Settlement With Visa

A year after the big breach, Heartland is still paying for hack

Heartland Payment Systems and Visa today announced a settlement agreement that will allow issuers of Visa-branded credit and debit cards to recover some of the money they lost a year ago, when the payment processor was breached for approximately 130 million records. full article

Springfield Man Pleads Guilty to Identity Theft

A Springfield man could spend 50 years in federal prison for passing bogus bills and identity theft. full article

January 7, 2010

Cyber Attack Simulation Planned Next Month

A financial sector group aims to help organizations learn how to respond when hit with a cyber attack.

A financial services industry group is planning to simulate a series of cyber attacks to test how well banks, payment processors and retailers deal with online threats. full article

National ID card linked to NI numbers, goverment says

The national identity card is linked to people's national insurance number, the government hasconfirmed.

Home secretary Alan Johnson said NI numbers are one of several data items that are part of the national ID card database but not the passport database. full article

Michael Jackson fans hack Iranian president's website

Hackers attacked the website of Iranian president Mahmoud Ahmadinejad on Tuesday, redirecting visitors to a plea to God from a Michael Jackson fan. full article

China Helped State-Backed Companies Steal Computer Code, U.S. Firm Says

LOS ANGELES (CN) - In "one of the largest cases of software piracy in history," the Chinese government helped two state-backed companies steal encrypted data from an Internet content-filtering program developed by a family-owned U.S. company and made more than $2 billion selling it with the help of manufacturing giants such as Sony and Toshiba, who "chose to turn a blind eye," Santa Barbara-based Solid Oak Software claims in Federal Court. China uses the program to spy on its people, according to the complaint. full article

Hacker pilfers browser GPS location via router attack

If you're surfing the web from a wireless router supplied by some of the biggest device makers, there's a chance Samy Kamkar can identify your geographic location. full article

Nevada and New Hampshire Data Security and Privacy Laws Take Effect

On January 1, 2010, two important state data security and privacy laws took effect in Nevada and New Hampshire. The laws create new obligations for most companies that do business in Nevada and for health care providers and business associates in New Hampshire. full article

January 6, 2010

FTC Examining Cloud Computing

The agency wants its findings to be considered as the FCC formulates a National Broadband Plan.

In response to a Federal Communication Commission (FCC) Notice of Inquiry into how broadband and data portability issues relate to cloud computing, identity and privacy -- part of the FCC's effort to formulate a National Broadband Plan -- the Federal Trade Commission (FTC) said last month that it is examining the privacy and data security implications of cloud computing for consumers. full article

HHS wants contractor to test privacy of 'anonymous' data

The challenge is to see whether "de-identified" data can be "re-identified"

Can personal medical data that has been stripped of its identifiers to protect privacy later be used to identify a specific person? That is the question that the Health and Human Services Department is hoping a research contractor can answer. full article

Florida men charged with running multistate identity theft operation with victims in N.J.

BENSALEM, Pa. — Four Florida men have been charged with running a multistate identity theft operation out of a suburban Philadelphia motel room. full article

New Attack Locates Web Users Via XSS, Google Data

The security researcher who created the MySpace XSS worm in 2005 has developed a technique that enables an attacker to accurately locate a Web user with GPS coordinates, without using IP-based geolocation. full article

Kingston flash drives suffer password flaw

Kingston Technology has asked customers to return certain models of its DataTraveler secure flash drives for an update, following the discovery of a flaw in the memory sticks. full article

Willimantic Resident Who Created Fake Identity is Sentenced

Nora R. Dannehy, United States Attorney for the District of Connecticut, announced that AMJAD IQBAL, also known as “Asif Ali,” 38, a citizen of Pakistan lawfully residing in the United States in Willimantic, Connecticut, was sentenced today by Senior United States District Judge Peter C. Dorsey in New Haven to two years of probation. On September 15, 2009, IQBAL pleaded guilty to one count of Social Security fraud. full article

Hacker Hits Eastern Washington University

Colleges continue to be popular targets for hackers, with another 130,000 student records exposed.

Eastern Washington University this week is notifying more than 130,000 current and former students that their personal information -- including Social Security numbers and birth dates -- may have been accessed by a hacker sometime in the past year. full article

FBI Investigating Online School District Theft

A New York school district has reverted to using paper checks after cybercriminals tried to steal about US$3.8 million from its online accounts just before Christmas, prompting an FBI investigation. full article

Exclusive: Documents found in mall parking lot

PALISADES (WABC) -- Hundreds of documents with personal information like social security numbers were found in the parking lot of a popular mall. full article

Atlanta man indicted on ID Theft and Short Sale fraud allegations

In the following press release from Sally Quillian Yates, Acting United States Attorney for the Northern District of Georgia it was announced that Brent Merriell, 37, of Atlanta, Georgia has been indicted by a federal grand jury on charges of aggravated identity theft and false statements to the FDIC, today waived his detention hearing today before United States Magistrate Judge Russell G. Vineyard, and has been immediately detained. The indictment charging Merriell was filed on December 15, 2009, and unsealed yesterday with his arrest. full article

Internet pirates find 'bulletproof' havens for illegal file sharing

Internet pirates are moving away from safe havens such as Sweden to new territories that include China and Ukraine, as they try to avoid prosecution for illegal file sharing, according to experts. full article

January 5, 2010

Man gets jail, fine in U.S. for identity theft

OTTAWA — An Ottawa man has been sentenced to jail in the U.S. and a fine of $5,000 for identity theft after he tried to cross the border with eight counterfeit credit cards and a counterfeit Quebec driver’s licence. full article

Skimming Scams – Identity Theft Gets Sophisticated

Rochester, N.Y. – Identity thieves have been using more sophisticated devices, but now, a new state law targets thieves who use skimming devices, which are small and hard to spot. full article

Man sentenced for identity theft, forgery

A man from Mexico will spend 81 days in jail for using another man's identity to gain employment in Orange City and Hospers, Iowa. full article

Hackers switch Spanish PM for Mr Bean

kers have used a common website security weakness to deface awebsiteset up to mark Spain's six-month presidency of the EU.

An unidentified hacker succeeded in briefly replacing an image of Spain's leader Jose Luis Rodriguez Zapatero with one of fictional comic character Mr Bean. full article

Thirteen people accused in forgery operation

As many as 100 people may be involved, police say

Thirteen people with ties to Salem have been arrested for their alleged involvement in a massive check forgery operation, and police said as many as 100 more people could face related charges. full article

Does reasonable expection of privacy extend to your car’s wiring system?

Over on, John Wesley Hall Jr. alerts us to an Ohio case involving GPS and the Fourth Amendment. In State v. Dalton, 2009 Ohio 6910, the court remanded the case because the lower court had not addressed Dalton’s claim that he had a reasonable expectation of privacy in his car’s wiring system and that the placement of a GPS device in his car’s wiring system by police was unconstitutional. full article

Top 10 security nightmares of the decade

Remember when we didn't worry about cyberwar, botnets or phishing?

Blame the Internet for the latest decade of security lessons. Without it, you probably wouldn't even recognize the terms phishing, cybercrime, data breach, or botnet. Let's revisit the top security horrors of the past ten years, and try to remember what we learned from each. full article

How to Tell the Difference Between a US Census Worker and a Con Artist

The 2010 Census is getting underway. The government is making every effort to get folks signed up. The forms will arrive in the mail and if you don't send it back in, expect someone to be knocking at your door - but be aware, you could fall for a scam. full article

Fresno businessman sentenced to 70 months for identity theft

Alfred Ford of Fresno has been sentenced to five years and 10 months in prison and ordered to pay $91,721 in restitution for conspiracy to commit identity theft and access device fraud and aggravated identity theft. full article

January 4, 2010

Kingston flash drives suffer password flaw

Kingston Technology has asked customers to return certain models of its DataTraveler secure flash drives for an update, following the discovery of a flaw in the memory sticks. full article

DHS releases 2009 Data Mining Report

This report describes DHS programs, both operational and in development, that involve data mining as defined by the Federal Agency Data Mining Reporting Act of 2007. The report provides the detailed information required by the Act and includes updates on program modifications and other developments since the Department issued its 2008 Data Mining Report in December 2008. full article

January 3, 2010

TSA turbulence grips Logan, nation

Lynn couple accused in airport ID theft case

A recent data breach at Logan International Airport involving a TSA contract worker, coming amid other high-profile Transportation Security Administration lapses, casts another cloud over a federal agency engulfed in turmoil. full article

Data breaches affect million state residents

One million Massachusetts residents - or 1 in 6 people - have had their credit card numbers, medical records, or other personal information leaked or stolen over the past two years, according to records provided to the Globe by state officials. full article

January 1, 2010

U.S. security rules would break privacy laws, Canadian airlines contend

Canada's major airlines say they will be forced either to break privacy laws or to ignore new American air security rules unless the federal government comes up with a response to U.S. demands for passenger information. full article

'Monster' German employee database goes online

Under controversial new legislation, German employers must now submit data on their workers to a central information storage hub, affecting as many as 40 million employees throughout the country. full article

Personnel files for Larch workers stolen

Records were in briefcase taken from manager’s car

The Washington Department of Corrections is investigating an incident in which a briefcase full of sensitive personnel records was stolen from the vehicle of a Larch Corrections Center manager early Monday morning. full article