Archive for ID Theft
Author: Dave Lewis
May 7, 2008 at 10:46 am · Filed under Crime, ID Theft
Ok, I am sufficiently absent minded. I read this piece yesterday but, I forgot to share it. It turns out that the folks over at Finjan have discovered a server loaded with stolen personal information. Apparently it was housing 1.4GB worth of purloined info. They have dubbed it a “crimeserver”.
How cute.
From Reuters:
A Web security firm said on Tuesday it had tipped off international banks and police after finding a huge trove of stolen business and personal data amassed on a server in the space of just three weeks.
Finjan Inc said it had notified the U.S. Federal Bureau of Investigation, police in various countries and more than 40 financial institutions in the United States, Europe and India about the discovery of the so-called “crimeserver”.
“This server was running for about three weeks and within this period it managed to collect 1.4 gigabytes of data. It is indeed the largest treasure we’ve found in this very short time,” Yuval Ben-Itzhak, chief technology officer of the California-based firm, said in a phone interview from Israel.
The stolen data consisted of 5,388 unique log files including 1,037 from Turkey, 621 from Germany, 571 from the United States, 322 from France, 308 from India and 232 from Britain.
Glad to see that they were able to find and shut down this nuisance. Congrats to the folks at Finjan.
Article Link
Author: Dave Lewis
March 31, 2008 at 8:40 am · Filed under Crime, Hacker, ID Theft
This morning brings word of another data breach. This time the victim was the Irish employment site Jobs.ie.
From Ireland.com:
Jobs.ie would not say how many of its clients had been affected, but said it had now fixed the security breach.
The clients whose information was taken are at risk from identity fraud and “phishing”, where criminals, often posing as a well-known, legitimate company, use the information gleaned to try to extract further personal and financial information from their victims.
It is understood that the hackers used an illegally obtained log-in and password given to employers who are registered with Jobs.ie to access the job applications area of the site. They then downloaded personal information from CVs submitted, along with job applications.
Most of the stolen information relates to archive CVs rather than those of people now looking for jobs.
The company, which is owned by businessman Denis O’Brien, has in recent days contacted those affected to warn them of the possibility that they may receive e-mails from people using their information.
“All of the people affected have been contacted and informed of the situation. We have urged them to exercise extra vigilance with inbound e-mails in the coming weeks to ensure online security,” a spokeswoman said.
Read on.
Article Link
Author: Dave Lewis
March 28, 2008 at 11:36 am · Filed under Data Security, ID Theft, Physical Security
Well, we get word (thx Chris) that the Georgia state department of human resources suffered a data theft last week. Apparently an external hard drive with the personal information of former and current employees stored on it was stolen “by an unauthorized person”. They did not release the number of affect but, just to put it in perspective there are currently 19,000 employees with DHR.
From Atlanta Journal Constitution:
The agency sent letters to all employees affected by the security breach, urging them to review all credit and other financial records.
DHR officials said there is no evidence the information is being used fraudulently, and the theft remains under investigation.
The incident alarmed employees and former employees.
“On the personal side, I’m concerned that they had this kind of breach,” said Jed Nitzberg, a former DHR spokesman.
He added, “I’ve already been in touch with one company about buying fraud monitoring and information protection services as an extra precaution because of this. I’m worried this could come back to cause real damage months from now.”
Gov. Sonny Perdue said through a spokesman that the theft heightens concerns about computer security in state government.
“The governor is not happy about where the government is on this,” said spokesman Bert Brantley.
To say nothing of the fact that they are running Netscape Enterprise 6.0 as their web server.
Read on.
Article Link
Author: Dave Lewis
March 18, 2008 at 6:58 am · Filed under Data Security, ID Theft
So, it wasn’t a happy St. Pats for all yesterday. I would advise our friends in the Boston area to check their card statements for any erroneous charges.
From Network World:
A major security breach at an unnamed major retailer may have exposed hundreds of thousands of consumers in the northeastern U.S. to fraud.
Close to 70 Massachusetts banks have been contacted by Visa and MasterCard about the incident, which occurred between December and March, the Massachusetts Bankers Association (MBA) said Monday in a statement.
“The MBA estimates that hundreds of thousands of credit and debit cards owned by consumers in Massachusetts and northern New England states could be affected, and is urging consumers to monitor their accounts,” the bankers association said.
The group did not provide any details on how the breach occurred or name the “major retailer” responsible for the breach.
Unnamed. How quaint. Anyone know who the vendor where this “potential” breach occurred?
Article Link
Tags: Data Breach, ID Theft, Data Loss
Author: Dave Lewis
February 29, 2008 at 7:48 am · Filed under Data Security, ID Theft, Privacy
With the ever increasing upsurge in personal data theft it should comes as little surprise that healthcare providers have landed in the cross hairs. We have seen incidents all over, including here in Toronto last year. Identity theft is a lucrative and thriving business. More resources need to be either allocated or better utilized to help combat this problem. After having conducted security audits on healthcare providers in the past it really is no surprise that they are getting picked on by the bad guys.
From PC World:
“There is definitely an uptick in attacks,” says Dr. John Halamka, CIO at both Beth Israel Deaconess Medical Center and Harvard Medical School in the Boston area. “Privacy is the foundation of everything we do. We don’t want to be the TJX of healthcare.” TJX is the Framingham, Mass-based retailer which last year disclosed a massive data breach involving customer records.
Dr. Halamka, who this week announced a project in electronic health records as an online service to the 300 doctors in the Beth Israel Deaconess Physicians Organization, acknowledges computers in healthcare are sometimes compromised as spam relays or to host unauthorized content such as porn.
“It gives attackers a means to distribute it,” says Halamka. While he has seen no evidence of attackers targeting healthcare networks to steal patient data for financial gain, other security experts say that dangerous trend is well underway.
Dangerous trend? Well, yeah. Porn is really the least of their problems. It really shouldn’t come as a surprise to people that this targeting is going on. Where is a bank robber going to go for income? Well, a bank. And the identity thief will go where the information is. Namely, yours.
Now, with the impending HIPAA audits approaching at any point it would seem that folks are giving this problem sharper focus in the US.
Article Link
Tags: Healthcare Data Security, HIPAA, Identity Theft
Author: Dave Lewis
February 22, 2008 at 3:13 pm · Filed under Crime, ID Theft, Privacy
You know, it never fails to amaze me how people can spin an incident. I was reading the Globe and Mail this morning and I read that a laptop with the personal information on 28,000 students was stolen from a Newfoundland school board. On the face of it that is bad news. But, it gets compounded when the Eastern School District school board issues a statement such as this,
The board said the computers were password protected and therefore limit access to the personal information.
While not inaccurate it is misleading to say the least. It’s trivial to bypass a password on a Windows machine which I’m assuming it is. Well, I guess they are trying to save face.
From the Globe and Mail:
Police in Newfoundland are investigating the theft of a school board laptop computer that contains the personal information of nearly 30,000 students.
The Eastern School District said in a statement Thursday that four laptops were stolen Sunday from an office in St. John’s.
One of the laptops contained an electronic database of bussing information for about 28,000 students.
The school board said the information includes names, grade levels, health card numbers, addresses, phone numbers and the names of parents and guardians.
Article Link
Tags: Laptop Theft, Personal Data Stolen, NFLD Laptop Stolen
Author: Dave Lewis
December 31, 2007 at 9:15 am · Filed under Data Security, ID Theft
A data thief or “data runner” is the new drug runner. Let us face the facts. It is far less dangerous for a hacker to make off with the personal information for X number of people and get paid for that data than it would be to smuggle drugs into the US. These days it is more profitable and it would be harder to prosecute. To say nothing of the fact that it would be extremely difficult for law enforcement to capture the data runner let alone have the necessary legal resources to convict.
From Seattle Times:
While companies, government agencies, schools and other institutions are spending more to protect ever-increasing volumes of data with more sophisticated firewalls and encryption, the investment often is too little too late.
“More of them are experiencing data breaches, and they’re responding to them in a reactive way, rather than proactively looking at the company’s security and seeing where the holes might be,” said Linda Foley, who founded the San Diego-based Identity Theft Resource Center (ITRC) after becoming an identity-theft victim herself.
Foley’s group lists more than 79 million records reported compromised in the United States through Dec. 18. That’s a nearly fourfold increase from the nearly 20 million records reported in all of 2006.
Damn. That’s a lot of money. Law enforcement is playing catchup with these characters.
Article Link
Tags: Data Theft, Data Runner, ID Theft, Data Security
Author: Dave Lewis
December 31, 2007 at 8:59 am · Filed under ID Theft, Privacy
The never ending parade of stolen/lost laptops added another to its list today. The Tennessean.com is reporting that a laptop containing voter information for Davidson County residents was stolen over the holidays. How many is that you ask?
337,000+
Ouch.
From the article:
That could persuade potential voters in the upcoming presidential primaries to avoid the process altogether, according to Deborah Narrigan, a member of the watchdog group Common Cause Tennessee.
“If you can’t trust that the commission can safely handle your Social Security number, it would raise doubts for a lot of people about its ability to secure other parts of the voting process,” Narrigan said.
County Election Administrator Ray Barrett said Friday that the commission will mail letters to all registered county voters this week notifying them of the incident. Barrett also said he has asked Metro’s Information Technology Services department to prevent future security breaches.
Article Link
Tags: Data Loss, Stolen Laptop, Privacy
Author: Dave Lewis
December 13, 2007 at 8:24 am · Filed under ID Theft
Well, so it has come to this. As if it’s not bad enough that lonely folks have been pushed off into the void of the internet to look for love on sites like Lavalife. Now the phishers are trying to harvest the personal info for the lovelorn via bots.
That’s cold.
From Computer World:
Internet users are being warned about a new malware trend involving the use of natural language dialogue systems that are already deployed within gaming technologies.
The software conducts fully automated flirtatious conversations in a bid to collect personal data from those seeking relationships online.
Developed in Russia, the new software is known as CyberLover and has been uncovered by security vendor PC Tools.
CyberLover can be found in chat-rooms and dating sites trying to lure victims into sharing their identity or visiting websites with malicious content.
According to its creators, CyberLover can establish a new relationship with up to 10 partners in just 30 minutes and its victims cannot distinguish it from a human being.
PC Tools is concerned about the program’s ability to mimic human behaviour during online interactions and urges internet users to beware of this new breed of software that can easily be used for malicious purposes.
Article Link
Tags: Cyber Love, Online Dating, Lava Life, ID Theft
Author: Dave Lewis
November 11, 2007 at 10:03 am · Filed under Crime, ID Theft
Gregory Kopiloff gets to play “Prison Break” the real game. He has plead guilty to ID theft in a Seattle court. Kopiloff will be facing up to 20 years in lock up for stealing IDs via a P2P networks. In all likelihood he won’t get anywhere near that much time.
From Computer World NZ:
At the time of his arrest, Kopiloff had allegedly bought US$73,000 to US$120,000 worth of merchandise using identity information belonging to at least 83 individuals.
Kopiloff’s arrest and subsequent guilty plea highlight what some security analysts have said is a growing problem: All sorts of personal and confidential information is readily available on file-sharing networks to just about anyone who cares to look for it.
According to several security analysts, the situation is the result of the inadvertent leaking of personal data on P2P networks by users who have failed to take adequate security precautions when sharing music and other files. Though the problem is not new, what makes it a growing concern is the fact that identity thieves and other fraudsters are increasingly lurking on such networks to harvest and use this data illegally, according to the analysts.
The interesting part here is that it starting to dawn on folks that there is a wealth of information floating around P2P networks of a classified nature. I have seen some interesting docs on torrent sites in the past. If you have a P2P client try searching for items such as “US military” and “.pdf”. Basically use your imagination. It’s a little frightening what you can fine sometimes.
Article Link
Tags: ID Theft, Gregory Kopiloff, P2P ID Theft
Next entries »
Explore
Security Bloggers Network
