Want Privacy? On Facebook? Shut Up!

Identity Theft Expert Robert Siciliano

There seems to be a groundswell of people who are anti-Facebook today.

Google “Facebook” and “Privacy” and 761,000,000, that’s seven hundred and sixty-one million results come up in a quarter second. WHY? BECAUSE THERE IS AN OBVIOUS ISSUE WITH FACEBOOK AND PRIVACY. The major issue here is not that Facebook isn’t private, it’s that some people want it to be private and its not and they can’t have their cake and eat it too. Privacy has always been a hotbed media grabbing issue that sells news too, so the few privacy pundits that there are, get all this attention by pointing the finger.

Mark Zuckerberg, Facebooks head dude said “people have really gotten comfortable not only sharing more information and different kinds, but more openly and with more people.Then he went on to say “that social norm is just something that has evolved over time.”

Nick Bilton a New York Times writer interviewed a Facebook employee and shortly after tweetedOff record chat w/ Facebook employee. Me: How does Zuck feel about privacy? Response: [laughter] He doesn’t believe in it.”

So if the head of an organization is telling you straight out, privacy isn’t really a concern, then why expect anything different? If you are about to book a cruise and you are told the captain of the ship likes to drink ALOT and he has a habit of hitting icebergs, would you get on the ship? If you don’t like the way things are done at Facebook either shut up or delete your profile.

I personally have no hard feelings towards Facebook, I also don’t share intimate details of my life and I understand the implications of the service. My angst is towards its users who say and do things that make themselves vulnerable to crime and online reputational disasters. Like Howard Stern’s dad used to say to him “I told you not to be stupid you moron.

And now that politicians are stepping in and making a fuss, Facebook is now the new privacy battle ground. These same politicians won’t do anything or accomplish anything. They just love the attention. And with 400 million people on board, I think privacy is deader than dead, a rotting corpse that just smells bad and we will complain as long as the stink lingers. Openness and transparency along with sharing too much information is the norm. But that doesn’t exclude you from at least understanding the risks, taking some responsibility and being smart about how to use it.

Protect yourself:

Use URL decoding. Before clicking on shortened URLs, find out where they lead by pasting them into a URL lengthening service like TinyURL Decoder or Untiny.

Maintain updated security. Whether hardware or software, anti-virus or critical security patches, make sure you are up to date.

Lock down settings. Most social networks have privacy settings that need to be administered to the highest level. Default settings generally leave your networks wide open for attack.

Register company name and all your officers at every social media site. You can do this manually or by using a very cost effective service called Knowem.com.

Protect your identity.

Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing Social Media on Fox Boston.

Criminal Hackers Had Their Best Year

Identity Theft Expert Robert Siciliano

The FBI reported that last year, organized criminals made double what was reported in 2008. Phishing emails containing the name and logo of the FBI were one of the top money makers for scam artists.

Successful scams included auction scams where products were bought and paid for but product was not delivered. Advanced fee scams also topped the list.

Scammers will say and do anything to get a person to part with their money.

Never automatically trust over the phone or via the internet. Unless the business is one that is well established online; don’t ever send money that you can’t get back. Never send money in response to an email or a phone call or even a classified ad. Money orders and wiring money have less security than a credit card does.

Anytime the transaction involves wiring money, that’s a dead giveaway. In any virtual transaction, I’d suggest using a credit card, but not without first checking the legitimacy of the business or the individual. A quick scan online of a company, individual, or even the nature of a transaction can often provide enough information to make an informed decision.

Scareware was also a big player. Studies show that organized criminals are earning $10,000.00 a day from scareware. That’s approximately 200 people a day getting nabbed. Some “distributors” have been estimated to make as much as $5 million a year.

What makes the scam so believable is there is actual follow through of the purchasing of software that is supposed to protect you. There is a shopping cart, an order form, credit card processing and a download, just like any online software purchase.

The software is sometimes known as “AntiVirus2009” “WinFixer,” “WinAntivirus,” “DriveCleaner,” “WinAntispyware,” “AntivirusXP” and “XP Antivirus 2008.” These are actually viruses or spyware that infect your PC, or just junk software that does nothing of value.

Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing Ransomeware on Fox Boston.

Top 10 Jobs For Criminal Hackers

Identity Theft Expert Robert Siciliano

So you wanna go to the dark side? You’ve been hearing all about this hacking thing and you’d like to impress your girlfriend and show her how you can hack into corporate databases eh? Well, first if you are nodding your head, you’re an idiot. Second, chances are better than ever that you’ll get caught. Law enforcement is actually getting pretty good at finding the bad guy. In the meantime, the FBI posted the top jobs in computer crime and the bad guys are hiring.

They need:

1. Programmers: They are the dudes that write the actual viruses that end up on your PC because you were surfing porn or downloading pirated software off of torrents.

2. Carders: the most visible of criminals who distribute and sell stolen data to whoever is willing to take it and burn it onto a white card or make purchases over the internet.

3. IT Dudes: these are like any computer professionals who maintain all the hardware to keep the operation running as it should.

4. Criminal Hackers: these are the tech savvy penetration testers who aren’t legitimate penn testers but black hat hackers. They look for vulnerabilities in networks and plant code to exploit the users.

5. Social Engineers: these are the scammers and liars that think up all the different scams and communicate with people via phishing emails.

6. Hosted Systems Providers: are often unethical businesses that provide servers for the bad guy to do his dirty work.

7. Cashiers: provide bank accounts where criminals can hide money.

8. Money Mules: these may be unsuspecting Americans who act as shipping managers and do the dirty work for the bad guy and open bank accounts too. Sometimes the mule may be foreign and travel to the US specifically to open bank accounts.

9. Tellers: Help transfer and launder money through digital currency’s such as e-gold.

10. Bosses: These are the Mafia Dons. They run the show, bring together talent, manage, delegate, tell people what to do and maybe cut a head or two off.

If this whole writing, speaking and consulting thing doesn’t pan out I know who is hiring.

Invest in Intelius identity theft protection and prevention. Not all forms ows.f identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing hackers on Fox News.

Why Everyone Should Learn to Be A Hacker

I know enough about hacking to make all of my software un-usable, mess up my operating system, and crash my PC. I also know enough about hacking to re-install my operating system, re-install all my software and get my PC running fresh and relatively secure. I’m no criminal hacker. And I am not suggesting that. Nor can I program; I don’t know code but I do know enough to hack in a way that keeps me running, and again, secure.

Hacker isn’t a bad word and hacking isn’t a bad thing to do. It’s something that if everyone who plugs into a PC every day did, they’d be a heck of a lot more versed in the functionality and security of a computer.

The beauty of becoming a “do it yourself” (DIY) hacker is you don’t need to pay a dude to come to your home or office to fix your computer when it’s not working. Three hundred and twenty five years ago I used to pay someone to fix me. Now I can do most of it myself, and when I don’t know how to do it I look it up on Google. Chances are if you have had this problem, then thousands of others have too. There are a bazillion forums that you can go to and solve annoyances and real technology issues.

Once you start asking questions you begin to find people who know the answers. Next thing you know you are the person with the answers. Along the way you connect with people that are smarter than you are who actually do know code and how to really hack a system. Then keep this stable of experts on your contact list so when you are in a pinch, you reach out. But do your best to figure it out on your own first so you aren’t constantly bugging them. You’d be amazed at how capable you are once you invest the necessary time to learn this stuff.

Another great way to learn how to be a DIY hacker is through tech support of your new PC. Most computers come with a one year guarantee that includes phone support. Now many people complain about lousy support, but the hundred or so hours I’ve spent over the years with these people from all over the world has definitely upped my hack-abilities. Even when the tech support guy is wrong, you learn something.

Recently I got rid of all my old 5-6-8 year old PCs and upgraded all but one to Windows 7 boxes and couldn’t be happier. In the process, I had to go through a litany of changes that were always frustrating, but made me a better, smarter, faster DIY hacker. I’ve spent about 20 hours with tech support on the phone getting everything to work like it should and now I know how to do it myself when things go wrong.

“Why I want my daughter to be a hacker” is the title of a post that’s been making waves in the blogosphere. It doesn’t exactly make my point, but worth a read.

Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing the identity theft on CNBC.

Steel Bars Hamper Rescue from Burning House

In some parts of the country, generally in big cities where crimes are higher, steel bars are a significant part of the home security landscape. We don’t see many new installations of steel bars today. If you live on a fist floor or basement level apartment, steel bars may be a consideration for windows and sometimes doors. However, newer technologies are available that are not only close to as effective to prevent a burglar, but are also safer when it comes to fire rescue.

A  man remained in critical condition Tuesday, a day after firefighters sawed through a set of steel security bars to pull him from his burning home. Bars on doors typically slow down the rescue by a minute or two – about the time it takes to warm up the power tools and saw through the steel. Steel bars on doors and windows typically are required to lock from the inside. If someone is locked inside a barred house and can’t leave on their own, rescue efforts can take a minute or two longer than usual.”

“Everybody wants their home to be secure, and steel bars are a good way to do it,” he said. “But again, I look at it from a different angle because of what I do,” said the battalion commander for Fire Emergency Management.

Certainly steel bars are going to be a deterrent. But in this situation the results of a fortress like home can be deadly in the event of a fire. Here are a few considerations.

1. Install a home security system that also has carbon monoxide sensors and smoke detectors to alert you, alarm central, the police and fire departments in case of noxious gasses or fire.

2. Consider home security cameras that can be remotely monitored.

3. Instead of bars on the doors, install a fireproofed door that doesn’t require firefighters to crank up a saw to get through. A battering ram is quicker.

4. Instead of bars on windows install window security film which is a clean thin virtually invisible layer of protection and is easily applied to your glass windows.

Robert Siciliano personal security expert to Home Security Source discussing Home Security on NBC Boston. Disclosures.

Elderly Couple Assaulted During Home Invasion

Every day I scan the news for stories to report on. My job is to disseminate information in a way that is easily digestible and makes sense. Hopefully the reader will act on what they learn and make better decisions to protect themselves and their families.

It’s not easy to read stories every single day about horrible things happening to good people. The frustrating part is seeing the same awful crimes happening over and over and over again. I can write about “Elderly couple assaulted during home invasion” 20 times a day and each story will be worse than the next. If you are elderly or have elderly parents, please take heed:

The man’s wife, whom he’s been married to for almost six decades, lies in the hospital. The victim says the suspect broke a window in the bedroom and appeared in their living room around 10:30pm Sunday night as they watched television. “He grabbed me around the neck, and said he would cut my throat if I didn’t do what he said,” said the husband.

THEY WERE JUST WATCHING TV!!!!!!!!!!!!!!!

“He went through the drawers, getting jewelry and whatever else he saw he wanted,” said the husband. For four hours, the homeowner says the suspect tore through their belongings while they were forced to lie face down in their bedroom. “He was very comfortable with being in here.

Any time his wife made a noise showing her fear, the suspect came back to the bedroom. “She was making noise and he didn’t want her making noise, he would kick her hard.” The victim’s wife was transported to Methodist Hospital in the Medical Center due to brain swelling from being kicked by the suspect. Her husband tells us they will monitor her overnight and she may be able to go home on Tuesday.

Locking your doors isn’t enough. Locking your windows isn’t enough. In order to prevent a crime like this the homeowner needs a comprehensive home security review. Bring in the local police to give your home a once over. Invite a local locksmith to determine what the best locks for your doors are. Call a home alarm installer to discuss a home security system. Consider taking it up a notch and installing home security cameras. Consider a do it yourself wireless home alarm system or hire a professional. But please, whatever you do, do something. The worst thing you can do is nothing.

Robert Siciliano personal security expert to Home Security Source discussing home invasions on the Gordon Elliot Show. Disclosures

Why We Need Secure Identification

New York police have served warrants dozens of times to an elderly couple looking for suspects the couple has no knowledge of. “Police have knocked on their door 50-plus times since the couple moved into their home in 2002, looking for suspects or witnesses in murder, robbery and rape cases, according to reports. The couple has been visited by law enforcement up to three times a week. Authorities are investigating the possibility that the Martins’ identities may have been stolen.”

Criminal identity theft is when someone commits a crime and uses the assumed name and address of another person. The thief in the act of the crime or upon arrest poses as the identity theft victim. Often the perpetrator will have a fake ID with the identity theft victim’s information but the imposters’ picture. This is the scariest form of identity theft.

In Mexico plans are rolling out to identify  110 million citizens into its national ID card program. “The program will be among the first to capture iris, fingerprint and facial biometrics for identification.  Similar programs around the world use biometrics for voter registration and even financial transactions. Possible uses for the card include  identification, driver licenses, collection of tolls, a travel card and an ATM card.”

In India, they are in the process of creating the Unique Identification Authority to identify their 1.1 billion citizens. A uniform ID system with biometric data, which should launch next year, will be designed to curb fraud and effectively identify their citizens. It could also make many new commercial transactions possible by allowing online verification of identities by laptop and mobile phone.

In the US, in order to end illegal immigration politicians have proposed a worker identity card and quoted from the New American “Ending Illegal Employment Through Biometric Employment Verification,” Reid, et al, set forth their chilling scheme to require all Americans to carry a 21st Century version of the Social Security Card. The national identification card will be embedded with biometric data detectable by federal agents. Specifically, the Reid plan will mandate that within 18 months of the passage of immigration reform legislation, every American worker carry the “fraud-resistant, tamper-resistant, wear resistant, and machine-readable social security cards containing a photograph and an electronically coded micro-processing chip which possesses a unique biometric identifier for the authorized card-bearer.”As if that isn’t enough to freeze the blood of any ally of freedom and our constitutional republic.”

“Chilling scheme” and “freeze the blood” or a step towards security? I wonder if the couple in New York or the millions who have had their identity stolen wish they were properly identified.

Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing the Social Security numbers on Fox News.

12-Year-Old Girl Home When Man Tries To Break In

Is it OK if I call this criminal a boob? Because he’s a dopey boob who used a pink Huffy as a getaway vehicle. And his victim, well, she’s a ROCK STAR! Read on... A 20 year old burglar breaks into a home. Twelve year old girl is home alone. I don’t know why, I think that’s illegal in some states. But she’s home alone and at least the alarm is on. Which turns out to be a very good thing.

Using a brick, burglar breaks the glass on the front door and reaches through to unlock the door. Girl sees a green latex glove coming through the window. Smart little rock star that she is; she hits the panic button on the home’s alarm system, and the thief ran off.

“When police arrived, they found two witnesses – one who saw a man enter the back yard of the residence, and one who saw him leave. Both provided the same description. About a block away, police saw a man matching the description riding a pink Huffy youth bicycle, and they stopped him.

According to police, the boob had several different stories about where he was going and where he had been. Police patted him down and found a screwdriver and green latex gloves, which matched with what the girl saw when the suspect’s hand came through the front door.”

First, never leave a 12 year old home alone. Maybe a 12 year old is perfectly capable, but still, that doesn’t work for me. If it’s legal in your state to have a 12 year old home alone, then at least discuss home security tips, which in this case it seems they did. She did well by hitting that panic alarm.

At least install home security cameras as another layer of protection with signage outside. Do you think this house had a sign outside that denoted the house was alarmed? If it did I bet the guy would not have broken in.

The door on this house facilitated the break in. Windows on doors aren’t secure. I prefer solid core doors. If you are going to have a window on a door, it should be very small and be at the very top of the door so the burglar can’t break it and reach in to unlock the door.

Finally, I love the fact that the neighbors saw him. This must be a neighborhood with a successful neighborhood watch program.

Robert Siciliano personal security expert to Home Security Source discussing Home Invasions on Montel Williams.

Why American’s Identities Are Easily Stolen

Identity Theft Expert Robert Siciliano

We can fix this thing, but we won’t because we don’t want to be inconvenienced. I’m introduced to amazing technologies every week that will stop this. All they need is government support and system wide adoption. Meanwhile, Chuck Schumer and Ed Markey and the rest of the grand standing politicians scream about privacy and security issues when they see an opportunity for publicity, but their follow through is less than satisfactory.

We use easily counterfeited identification, Social Security numbers that are written on the sides of buses and we rely on the anonymity of the phone, fax, internet and snail mail as a means of application.

In other countries they solve problems. They have priorities and don’t deal with the rhetoric.  They put security first, convenience second.

Cedric Pariente from B32Trust tells us that in Paris, France you need to open an account first before a loan is granted by a bank. In order to do so, you need to provide them with a printed copy of your ID card and proof that you still live where you claim to live (last electricity bill usually.) Then they can check your credit history and decide to grant you with a loan or not. Most of the time, they just check that your debt is not over 30% of your income. You have to be a bank client. Doesn’t seem they allow phone, fax, internet or snail mail transaction when granting credit.

In the UK, Keith Appleyard echoed something similar to France’s system: you have to present yourself in person with a Government-issued Photo ID such as Passport or Drivers License, plus a proof of address less than 3 months old, such as a bank statement or utility bill. Keith further explained the whole UK population had vetting their Identity Credentials and one of the last people to be vetted was the Queen of England, but she is not exempt. So she meets with her Bankers, but she doesn’t have a Passport or Birth Certificate or Drivers License. So she asks them to take a Sterling Currency note out of their wallet, points to her picture engraved on the note, and says “yes, that’s me”. So they officially recorded the Serial Number on the Currency note as being her Identity Document. I think that process may need looking into. J

In Australia, Stephen Wilson from the Lockstep Group discussed identification of customers opening bank accounts has been regulated since the 1980’s.  They have a roster of “evidence of identity” documents (passports, Australian driver licenses, government issued cards of various sorts, other bank accounts, utility bills, birth certificates, naturalization certificates …) each of which is equated to a set number of “points” reflecting broadly the quality of the document as proof of id.  You need to present 100 points total to open an account.  Usually passport + driver license suffices.

Gavin Matthews of SECCOM GLOBAL in Australia adds the system can only be compromised with forged items, which are not that easy to obtain. Like our money these days we have holographic licenses, chipped passports etc. However it does happen regularly and organized crime is the main culprit (Asian gangs, motorcycle clubs etc) and replication of stolen items probably makes up 70-80% of beating this system. There have been cases here of people working for drivers licensing authorities in various states being indicted for fraud etc and being linked back to organized crime.

In Finland, Kalle Keihanen from the Nordea Bank Finland Plc added the modern IDs are pretty tough to forge and forgeries easy to spot by professionals like bank tellers. If there is a suspected fake document the police are summoned and their database includes pictures and such of the real person.

When opening a bank account, the social security number on the ID is first mathematically verified (it has a simple algorithm built in), and then submitted electronically to a national registry, which then returns the name, address and credit info tied to that SSN. Utility bills or such are therefore not needed.

The low identity theft figures in Finland are mostly due to the SSN, where the system does real-time checks on the status of the identity, combined to a difficult-to-forge array of ID papers (passport, driver’s license, national id). Also, nearly 100% of Finns always carry a picture ID, since the law requires “every person of age 15 and up to be able to reliably prove their identity to the authorities.” Thus, there is a “chain of picture identity papers” starting from childhood in the national registry and any new ID application is verified against previous ones and the photos in the database, making applying for an ID with a stolen identity extremely difficult. You can only apply for an ID to replace one that is broken or expiring. Stolen or lost IDs are always submitted for criminal investigation before a replacing ID is issued.

While none of these systems are perfect, they are a step in the right direction and far better than the US’s honor based system. At least we have corporations that are providing what the government won’t. But that still doesn’t fix the problem.

Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing the criminal hackers on Good Morning America.

Secret Service: ATM Card Skimming Five Times Higher This Year

Identity Theft Expert Robert Siciliano

ATM skimming is approaching a billion-dollar issue. ATM skimming is happening coast to coast and there seems to be no end in sight. Skimming devices have been found recently at ATMs at a Bank of America in Daytona Beach and one weekend last month people came and went from the automated teller machine outside a Chase Bank in Escondido, California. They slipped in their cards, took their money and left.

In Boston, police uncovered an international ATM skimming ring responsible for stealing money from hundreds of local accounts. Izaylo Hristov, 28, of Ontario, Canada, a Bulgarian citizen, was arrested at an ATM in the Boston area along with Viadiclav Vladevo and Anton Venkov. Venkov had $99,100 in $20 bills in his car when he was arrested. One of them had Dunkin’ Donuts gift cards and American Express cards with post-it notes that had “PIN’’ and various numbers written on them. These cards were used to write the stolen data on, and then used to make withdrawals. Apparently a few more than a few people in the Boston area didn’t watch this on Fox Boston, or this on NBC Boston or read this in the Boston Globe.

A spate of recent news reports highlight growing ATM fraud. Law enforcement in New York City reported a gang had stolen $500,000 from bank accounts via ATM skimming. They installed cameras and skimming devices on the machines, and recorded the magnetic strips and the PIN numbers.

Don’t expect the banks employees to protect you. At a bank in NY an alert customer pulled a skimmer off the ATM and brought it into the bank manager who had never seen a skimmer.  She thanked him. He came back in moments later with the small wireless camera. She thanked him again then she shut down the ATM.

Generally, if you can pull something off the face of the ATM where you’d slide your card through, that’s probably an ATM skimming device see pictures here.. Banks are investing in new technologies, such as internal hardware that can jam the signal of skimming devices. But customers need to be aware of the problem and keep an eye out for devices affixed to the front of ATMs or cameras mounted near small mirrors or on brochure holders.

To help combat this type of crime, ADT unveiled the ADT Anti-Skim ATM Security Solution, which helps prevent skimming attempts and detects skimming devices on all major ATM makes and models. ADT’s anti-skim solution is installed inside an ATM near the card reader, making it invisible from the outside.

See more skim demonstrations on Extra TV.

The solution detects the presence of foreign devices placed over or near an ATM card entry slot, without disrupting the customer transaction or operation of most ATMs. It can trigger a silent alarm for command center response and coordinate video surveillance of all skimming activities. Also, the technology helps prevent card-skimming attempts by interrupting the operation of an illegal card reader.

You can protect yourself from these types of scams first by covering your pin!! Scammers have a difficult time turning your 16 digit account numbers into cash without the PIN. Consider never using a debit card again, since credit cards are safer. When using an ATM, pay close attention to details, and look for anything that seems out of place. If your card gets stuck in the machine or you notice anything odd about the appearance of the machine, such as wires, double sided tape, error messages or the machine seems unusually old and run down, don’t use it. Don’t use just any ATM. Instead, look for ATMs in more secure locations.

Ultimately, you must pay close attention to your statements. Refute unauthorized transactions within 60 days. Check with your bank to determine what their timeframe is to refute unauthorized withdrawals. In some cases an can be as early as a week.

Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing the Bulgarian ATM scammer getting busted on Fox Boston.