Archive for month: February, 2009

Robert Siciliano Identity Theft Speaker and Expert

Are you familiar with a “Logic Bomb”? This is a brilliant piece of code, a virus, designed for destruction. The goal of a logic bomb is to disable existing systems that may monitor data, protect it, back it up or access it. A logic bomb is designed to multiply like any virus and spread throughout a network multiplying its effects.

In a Wall Street Journal story an example provided, depicts an employee at Fannie Mae, knowing he is about to be fired commits an act of workplace violence by installing a logic bomb set to detonate almost 3 months after his departure. The detonation would have taken the organization off line for almost a week and cost millions and millions of dollars.

In this true crime story, an observant programmer, still employed noticed the code and disabled it before the damage could be done.

Think for a moment about your home/flat/apartment and how you would break in if you lost your keys. And if a burglar knew what you knew about where you hide and store your stuff. How much damage could he do, knowing what you know? Insiders pose the same problem. They know the ins and outs of all systems in place and can wreak havoc on your operation while they are employed and sometimes after they are let go.

The problems begin when we put people in a trusted place. They are granted access because that’s their job to perform certain duties and they are granted carte blanche access. Ultimately this is a people problem and needs to be addressed that way.

1. Limited Sources; only grant access to a few trusted sources. Minimize the amount of staff that has access to whatever systems in place.

2. Due Diligence; in the information age, our lives are an open book. Background checks from information brokers are very necessary. Not doing a background check increases your liability. A person previously convicted of a crime just might do it again.

3. Limit Access; even a good apple eventually can go bad. By restricting the access to even those who are in a trusted position, in the event they turn sour, they can only do limited damage.

4. Defense in Depth; audit, audit, audit. This is all about checks and balances. Separation of powers. Multiple layers of authorization. We’ve all watched the movie where in order to launch the missile there were 2 keys held by 2 people, who pressed 2 buttons in order for the missile to launch. Put systems in place that facilitate someone always watching over someone’s shoulder. This way the bad apple can’t hide or execute their malicious intent.

5. Prosecute the Guilty; in the event of a breach of trust, make an example of the person that others won’t forget. Public hangings set a strong deterrent.

It is human nature to trust each other. We are raised to be civil towards one another and to respect those in authoritative positions. It takes a significant amount of trust in your fellow human being to drive down the street while cars are heading toward you only separated by a thin painted line. Without trust we wouldn’t get out of bed in the morning.

This explains why we are completely beside ourselves when someone who we have bestowed our faith and trust in deceives us. A week doesn’t go by where we read of the local girls team soccor coach was preying upon his underage team members. And we are still shocked.

Throughout our lives, and especially lately, we have observed government officials, CEOs from major corporations down to front line staff and many others who have been put in positions of trust, who ultimately deceived. Putting someone in a trusted position, without checks and balances can lead to utter destruction, and is liable and irresponsible.

Robert Siciliano Identity Theft Speaker and Expert; video discussing background checks

Robert Siciliano Identity Theft Expert – Speaker

Not to long ago the CIO was a pocket protected, sugared up, soda pop drinking, potato chip eating, caffeinated, non sociable…..well….geek. Not anymore. But you knew that. Serious, Geek is getting even more sexy, stripper pole sexy. A familiar story, a colleague of mine built a tech startup, it has gone from $4 million to $175 million in 3 years. He tells me behemoth tech companies literally send scantily clad hotties to his office weekly, making numerous offers he has to refuse. Hes married, and, he has a board of directors that won’t sell.

Companies not so flush with cash and armed with solutions that actually work, are holding back and not selling out because they are undervalued due to the economic crisis. What compounds their pain is retailers and others who need their technology aren’t buying. It astonishes me that with the amount of data beaches over the past year alone, companies aren’t making the necessary investments.

I see struggling companies offering technologies including identity theft protection, data security that prevents data breaches, defending against criminal hackers from the inside and out, biometric solutions and credit card fraud prevention using multi-factor authentication, all solutions yet to be widely implemented. Solutions that work!

This kind of cost cutting has put the attention on the CIO. Budget cuts have put the CIO front and center.

CIO’s are benefiting big time from the current climate. Sure, many have a much bigger workload, but the chief information officer has become an attractive and strategic financial asset.

The CIO is now very in demand. High tech jobs are some of the most recession proof. While tech is their “job”, they have become go-to-gurus for security, and now for corporate strategy and long term company objectives.

Cost cutting often spurs innovation. Who better to turn to than the CIO who knows what works, and, deals with whiny co-workers when stuff doesn’t work. These are people that generally know what goes on in every nook, cranny and crawl space of the facility and know what is a waste and what streamlines productivity.

If you’re not already, tap your CIO for strategic initiatives and they may have something sexy to say.

Great article by Jon Fortt Here

Completely unrelated distraction of a video of credit card skimming Here

Robert Siciliano 2/12/2

Millennials, the next generation of technology savvy workers are coming to a cubicle near you. They are a generation of technogeeks that dont know they are techno or geeks. I had a rattle. They had a PS2.

This generation knows enough to fix it and enough to break it. They are the best thing and the worst thing to happen to IT administrators. They are armed with netbooks, iphones and their own routers they plug into your network. They access Facebook, Myspace, Bebo and countless other sites that should not be accessible from a corporate network.

Yes, you can control what they do on-site. But it gets more complicated when they are commuting virtually. Using their PCs to log into your network becomes a battle of the techies (your IT guy vs them) to see who wins. They dont want restrictions, they want speed and will do their best to defeat whatever technology IT has in place.

Poison Pharms; is the redirect of your domain of your companies website, it’s the equivalent of someone rerouting your phone lines to a boiler room operation across the street and posing as your business.

Storm Clouds; as many forgo software and adopt software as a service, the potential for data lost or stolen in the cloud rises. The information is virtual, its overseas, it goes through another router you dont control.

Credit Crunch; recent studies show on average companies will allocate ONE more full percentage point of their annual budget into IT security. ONE! Criminals are spending lots more and they are investing whatever they need to get into your networks and they are using your data and turning it into money to do it.

Offshoring; countries in the game only a short time have exploded with growth in their IT sectors. While most have invested heavily in their infrastructures and in security, the pace of growth for some has outpaced security.

Brilliant article by Nick Heath Here

Video of hackers caught Here

Robert Siciliano Identity Theft Expert and Speaker

Robert Siciliano Identity Theft Speaker 2/11/09

“I am Mr. Ming Yang, I have an obscured business suggestion for you. Your services will be paid for. Contact mr_mingyang_desk45@hotmail.com”

Mr Yang sent me an email just now. He wants…my services…? Or something. He’s not my type. My type doesn’t have a filthy virus. Plus he is a dude.

Care for a dalliance? He’s all yours.

Great article here: Data scams have kicked into high gear as markets tumble

As the markets tank, criminals are releasing a barrage of scams. email scams of every kind, infecting peripherals, drive-by viruses and more. In September 2009 there were a record 31,000 viruses released daily. That’s EVERY DAY! Criminal hackers are taking full advantage of the down economy and the overall panic and confusion of the millions of people whose lifetime investments are tanking and others who’ve lost their jobs.

Organized criminals in the form of webmobs are well funded and out for blood. They are breaching your home PC when your kid installs a malicious program to play a game, they are going after mom and pop small businesses all the way up to major enterprise networks.

5 years ago criminal hackers would compromise your machine and wreak havoc. They’d delete your files or crash your machine. Not any more. They want your machine running smooth and efficient.

Your computer network is an asset to organized criminals. They utilize your computing power as a “botnet”, which is a robot network of computers connected to the internet sitting in your home or office. All computers connected to a botnet share something in common, usually a virus that allows for a remote control component and someone or a group of crackers controlling it. They use your PC to do the dirty work sending out more spam, offers and phish emails.

Often your PC would be used as a server to host spoofed websites designed to extract data from the not so savvy who become victimized.

Many of today’s problems stem from applications we use every day that are vulnerable to attack. In criminal hacker forums, viruses are bought and sold that will infect a web based banner advertisement that may incorporate Adobe Flash player. Once the ad is clicked, or not, all you have to do is launch the page in some cases, a piece of code, or malware infects your PC and you become a zombie PC.

Running anti-virus, keeping your operating systems critical security patches updated, firewalls, updating your applications and not being stupid can prevent most attacks.

Here is an appearance discussing an attack on peripherals on Fox News

Robert Siciliano is and Identity Theft Expert and CEO of IDTheftSecurity.com he is a business builder, strategic marketer, security analyst, published author, television news correspondent. Delivers presentations on identity theft protection and personal security. Works with Fortune 1000, IT and startups. Launching, branding, messaging, representation, m&a facilitator, SEO and media. Current private equity projects include dynamic biometrics, credit card platform multi-factor authentication, security investigations and telemarketing fraud mitigation. Connect with him on LinkedIn

Identity Theft Speaker Robert Siciliano www.IDTheftSecurity.com

Me Mum calls me last night. Shes asks “Robby, Do I have a Paypal Account?” (Yes, my mom calls me robby) I say “Why do you ask?” Shes says “Paypal sent me an email and I need to update my account”

Shes 60. Been online for 5 years. Knows about as much as most “baby boomers” know about the Internet. And shes the mom of a dude thats been on CNN MSNBC FOX News and a bazillion publications on information security and identity theft prevention.

She does not have stupid written on her forehead. Shes just as naive, kind and cordial as most of her peers. She reached out to me because a piece of my advice to millions of others rubbed off on her.

I’m telling you, call your mother right now and tell her not to respond to any emails or phone calls or snailmail that are from anyone but her closest friends. I’m receiving more emails from victims and seeing more news now of people getting scammed than in any time in my adult life. It will get worse, it wont get better, and somebody you love will get scammed if you dont inform them of whats up.

Many agree. Another blogger added a very pertintnet comment to a recent post;
“With the Russian economy evaporating we can only expect a resurgence in scams coming from there, and in fact everywhere. With the public image of banks never worse and religious leaders announcing fatwa’s encouraging the cyber-attack of western commerce, I expect 2009 will see new records for fraud exploits. Perhaps not in value, because of diminished wealth of the victims, but certainly in the number of attacks.”

Yup. Cold War 2.0

Its Tax Time for Scammers in the USA. And I’m getting a flood of emails from scammers posing as the IRS. They are taking a low tech tact. They are including Word Docs that the victim fills out and faxes back. I sacrificed my security and went against my own rule and opened the attachments in the last one. I scanned them first and so far I think I’m good. And please dont send me comments telling me I have stupid written….

The attachments and note came equipped with a real fax number with an area code from the Bronx, New York USA. Cant blame the Nigerians or Russians for this one. Unless of course they live in NY ;)~

Make sure Mum has McAfee or another no brainer anti-virus provider on her PC automatically updating with every phish filter running.

See below.

DOC 1

Sir/Madam,

Our records indicate that you are a non-resident alien. As a result, you are exempted from United States of America Tax reporting and withholdings, on interest paid you on your account and other financial dealing to protect your exemption from tax on your account and other financial benefit in rectifying your exemption status.

Therefore, you are to authenticate the following by completing form W-4100B2, and return to us as soon as possible through the fax number: +1-646- 519-7245.

If you are a USA Citizen and resident, please complete form W-4100B2 and fax it to us, please indicate “USA Citizen/Resident” on the form and return it to us.

When completing form W-4100B2, please follow the steps below

1. We need you to provide your permanent address if different from the current mailing address on your Form W-4100B2 , you must indicate if a non-USA resident, your country of origin to support your non-resident status (if your bank account or other financial dealing has a USA address for mailing purpose).

2. If any joint account holder are now USA residents or Citizen, or in any way subject to USA tax reporting laws, Please check the box in this section.

3. Please complete 1 through 19 and have all account holders, sign and date the form separately and fax it to the above-mentioned number.

Please, complete Form W-4100B2 ‘attached” and return to us within 1 (one) week from the receipt of this letter by faxing it, to enable us update your records immediately if your account or any other financial benefits are not rectified in a timely manner, it will be subject to USA tax reporting and back up withholding (if back up withholding applies, we are required to withhold 30% of the interest paid to you).

We appreciate your cooperation in helping us protect your exempt status and also update our records.

Sincerely,

Laura Stevens
IRS .Public Relations.

_____________________________________________________________________
DOC2

FORM W-4100B2 (US Tax Recertification)
Request for Recertification of Foreign Status
W-4100B2 Certificate of Foreign Status of Beneficial Owner
(Substitute form) For United States Tax Withholding
Part I Identification of Beneficial Owner
(JAN-APRIL. 2009)
1. Name of individual or organization that is the beneficial owner
2. Sex: □ male □ female
3. Type of beneficial owner □ Individual □ Corporation □ Complex Trust
□ Simple Trust □ Grantor Trust □ Central Bank of issue
□ Government □ International organization
□ Tax-exempt organization □ Private foundation
4. Date of Birth
5(a). Nationality: 5(b). Place of Birth:
6(a). Country of permanent Residence 6(b). Passport No.
7. Mother’s Maiden Name:
8(a). Spouse Name: 8(b). Spouse date of Birth:
9.Permanent resident address (street, apt, or suite no, or rural route).
Do not use a P.O.box or In-care of address
City or town, state or province, include postal code where appropriate
10. Mailing address (if different from above)
City or town, state or province, include postal code where appropriate
11. Social Security Number □SSN or ITIN □EIN
12. Profession: 13.Day time phone/ fax Number
14.(a) Bank Name(s):
15. Account number(s):
16. Branch Address:
17. Date Account(s) was opened:
18. How often do you come to USA and when did you arrive last?
19. ATTACH PHOTOCOPY OF PASSPORT OR US DRIVERS LICENCE FOR PROPER IDENTIFICATION
Part II Certification of Beneficiary Owner
Under penalties of perjury, I decided that I have examined the information on this form to the best of my knowledge and believe it is true, correct and complete.
I furthermore certify under penalties of perjury that:
. I am the beneficial owner (or am authorized to sign for the beneficial owner) of all the income to which this form relate.
. The beneficial owner is not a U.S person.
. The income to which this form relates is not effectively connected with the conduct of a trade or business in the United States or is effectively connected but
subject to tax under an income tax treaty, and
. For broker transaction or barter exchanges, the beneficial owner is an exempt foreign person as defined in the instructions.
Furthermore, I authorized this form to be provided to any withholding agent that has control, receipt or custody of the income of which I am the beneficial owner or withholding agent that can disburse or make payments of the income of which I am the beneficial owner.
The Internal Revenue Service does not require your consent to any provisions of this document other than the Certifications required to establishing your status as a non-U.S person and, if applicable, obtain a reduced rate of withholding.

Sign Here ____________________________________________________________
(Signer #1) signature of beneficial owner or individual authorized to sign for beneficial owner Date

Sign Here ____________________________________________________________
(Signer #2) signature of beneficial owner or individual authorized to sign for beneficial owner Date SEND FAX TO: +1-646- 519-7245

Heres a video of fraud around Tax Day
http://www.youtube.com/watch?v=wSyPQnXNido