Killer Computer Viruses

When most people think about a virus, they think of a fever, chills, and maybe a potential pandemic. But when they think about a computer virus, they think of a headache, or worse, identity theft.

Unusually, one report claims that a computer virus played a role in the deadliest air disaster in Spanish history. Others refute this claim, arguing that a virus was not the cause.

USA Today reports, “Spanish newspaper El Pais cites a 12,000-page investigative report that outlines how a computer infection, spread via an infected USB thumb drive, may have been a contributing factor. The report says a malicious program precipitated failures in a fail-safe monitoring system at the airline’s headquarters in Palma de Mallorca.”

Whether or not a virus contributed to the delay or cancellation of the flight’s departure, which led to the crash, this type of scenario is possible. Now and in the future, incidents like this may involve malicious technology.

Technology plays a role in many aspects of our lives, and when that technology is corrupted, the results can be disastrous. Consider the extent to which hospitals, banks, water treatment facilities, electrical grids, airports, gas stations, and even roads rely on technology.

Steve Stasiukonis, a penetration tester, describes how USB thumb drives can turn external threats into internal ones in two easy steps. After being hired to penetrate a network, he says, “We gathered all the worthless vendor giveaway thumb drives collected over the years and imprinted them with our own special piece of software. I had one of my guys write a Trojan that, when run, would collect passwords, logins and machine-specific information from the user’s computer, and then email the findings back to us.”

In this scenario, the USBs were dropped in a bank parking lot, then picked up by the employees and used to compromise the network. Fortunately for the bank, this was only a test of the network’s security.

Bad guys will use every possible mechanism to accomplish their goals. Do your best to increase your security intelligence. Regardless of your job description, security is everyone’s responsibility.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss another data breach on Good Morning America. (Disclosures)

More ATM Skimmers Being Used By Gangs

A report issued by the FTC finds that customers in the process of withdrawing cash from ATMs are more likely to be victims of ATM fraud than a direct, physical crime, and skimmer devices have recently been found on gas pumps and ATMs throughout Northern California.

ATM skimming occurs when a device is placed on the face of an ATM, often over the slot where the card is inserted. The skimmer, which may use Bluetooth or cellular technology to transmit the data to criminals wirelessly, appears to be a part of the machine. It’s almost impossible for ATM users to know the difference unless they have an eye for security, or the skimmer is of poor quality. Often, the thieves will hide a small pinhole camera in a brochure holder, light bar, mirror, or speaker on the face of the ATM, which is used to capture the victim’s PIN. Gas pumps are equally vulnerable to this type of scam.

Always shield the ATM keypad with your hand while entering your PIN. Be vigilant while using an ATM. Look around and beware of anyone lurking – they could be waiting to pounce, or shoulder surfing, trying to see your PIN. And if you ever sense that something is off about an ATM or gas pump, just leave.

Choose a PIN that’s not easily guessed but can be entered quickly. Using consecutive numbers or repeating the same numbers is never a good idea. Many new ATMs won’t allow you to choose a “soft” PIN anyway.

Don’t ever let anyone assist you at an ATM. It’s hard to envision what kind of scenario might require another person to intervene at an ATM. But consider this possibility: your card gets stuck and a stranger graciously peeks his head over your shoulder to help. He frees your card and helps you finish the transaction. In the process, he got your PIN and swapped your card with another.

Beware of ATM skimming and learn to recognize a skimmer. Here is an example of a particularly well-made skimming device, which would be easy to miss. Not all are as well crafted, but some are very good.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses dummy ATM scams on NBC Boston. (Disclosures)

Criminal Web Mobs Responsible For Most Cyber Crime

New reports confirm what we’ve been seeing in the news; organized criminals have upped the ante. Global web mobs are tearing up corporations’ and financial institutions’ networks. According to a new Verizon report, a staggering 900 million records have been compromised in the past six years. Up to 85% of the breaches were blamed on organized criminals.

The hackers who infiltrate these networks include brilliant teens, 20-somethings, all the way up to clinical psychologists and organized, international cyber criminals. Many are from Russia and Eastern Europe.

Motivated by money and information, they either exploit flaws in applications to find their way inside networks, or they target their victims psychologically, tricking them into disclosing usernames and passwords, or clicking malicious links.

Flawed web applications often make these types of hacks possible. Criminals use “sniffers” to seek out flaws, and when they find them, the attack begins. Malware is generally used to extract usernames and passwords. Once the criminals have full access to a network, they use the breached system as their own, storing the stolen data and eventually turning it into cash.

To protect yourself, update your PC’s basic security, including Windows updates and critical security patches. Make sure your antivirus software is up to date and set to run automatically. Update your web browser to the latest version. An out of date web browser is often riddled with holes worms can crawl through. Run spyware removal software. And set up your wireless network with a “key” or passcode so it’s not open to the public.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses another data breach on Fox News. (Disclosures)

Are You Your Family’s Chief Security Officer?

Everyone’s job spills into their personal life is some way. I’m sure if your job is to clean offices all day, your home is probably clean. If you are a computer technician, your family bothers you every day to fix stuff. My guess is if you are a nurse, your kids are probably well taken care of.

My job is to scream about home security and other security issues all day. I’m pretty sure people are listening because they often thank me for the heads up and lately have been pointing to specific posts that saved them lots of headaches and heartache. In my home environment, I’m the CSO, Chief Security Officer, and security is an ongoing process that everyone is involved in. They have no choice. I bark it all day.

My belief is everyone has a job to do in personal safety. No matter what, you must protect yourself and family from the bad-guy. The hard part about this part time job is it requires a bit of thought. Because you’re not immersed in it all day like I am, the “second nature” part requires putting out a tiny bit of extra effort in order to complete whatever security task there may be at hand. To some people who are already burdened with life, a simple task like locking your doors or activating an alarm might be too much to think about.

I remember about 20 years ago I knew I wanted a safe. So I bought one. And that safe sat in my closet in the box for another 8 months until I actually bolted it to the floor and began to use it.  It took extra effort. Everything of significant monetary value that I don’t want stolen is easily locked up and fireproofed. Today it’s no effort.

Occasionally after a long day I go to bed and forget to set the alarm. But I always remember if I didn’t set it as my head hits the pillow, which means I get out of bed and set it. It’s a tiny bit of extra effort. Then I sleep better.  Security might not be your job, but it is really everyone’s job. Be the power of example and provide the leadership your family needs and be their Chief Security Officer.

Robert Siciliano personal security expert to Home Security Source discussing home security and identity theft on TBS Movie and a Makeover. Disclosures.



Celebrity Burglaries and Home Invasions

I’m not one to dish on celebs, although I did just meet Mario Lopez on the set of EXTRA. Cool dude took a pic with me. Celebs are no different than you and I. They are fallible and vulnerable humans, who just get lots more attention.

With one big exception; they are much bigger targets than we are because often they are moneyed.

A half dozen teens from a hoity toity suburb of LA fancied the celeb lifestyle and considered themselves part of the “in” crowd. While they lived the celeb lifestyle by hanging out in all the clubs, staying up all night and doing drugs, their thirst for drugs led to the need for more money to pay for those drugs. So they started to steal. They first started to break into cars. That was their “gateway” felony which led to breaking into homes. They were dubbed the “Bling Ring” and many are now in jail.

Their methods were simple. They tracked their victims by using social media, Facebook and Twitter. They knew when they were home and when they were away.  They even used Google Earth to scope out their homes.

They would approach a home and knock on the door and ring the bell. If nobody was home they’d jiggle the door knob. When a door was locked they looked under the mat for a key and often found one.

In 2008 Paris Hiltons home was burglarized. Shortly afterwards she installed a burglar alarm to prevent another home invasion. Many people install an alarm after their house is robbed. They react emotionally opposed to being proactive with a home security installation to protect their homes and families.

Paris Hilton recently tweeted she was almost the victim of a home invasion by a man carrying two kitchen knives. Her publicist was quoted saying “”The security cameras and alarm system were alerted and the police immediately came to the house and arrested the intruder who was attempting to break a window when they arrived.”

Without an investment in security this could have been a lot worse. And situations like this happen to millions of “everyday” people annually. Protect yourself for a dollar a day with a monitored system.

Robert Siciliano personal security expert to Home Security Source discussing Home Security on NBC Boston. Disclosures.

Internal Revenue Service Identity Theft Scams

There have been many articles written about scammers who pose as representatives of government agencies. But perhaps the most inventive are the scams that appear to originate from the IRS. It makes perfect sense for the IRS to reach out regarding your finances. And regardless of the season, the IRS is really always in business.

I’ve never received a call or an email from the IRS. As far as I know, they do not make calls or send emails. Emails that seem to come from the IRS will often have a name, title, and even “IRS” at the beginning or end of the email address. However, email addresses can easily be spoofed.

Unless you are actively engaged in dialog with an IRS agent, do not respond to emails or phone calls supposedly coming from the IRS.

If a scammer posing as an IRS agent ever contacts you, they may already have some of your personal information, which they can use to try to convince you that they are actually from the IRS. This data could come from public records or even your trash. The scammer will often put pressure on you to comply with their request, or even offer you a tax refund.

If you ever receive documentation in the mail indicating earned income that you are not aware of, it may mean that someone else has used your Social Security number to gain employment.

If, when filing your tax return, you receive a letter from the IRS saying that you have already filed, it almost certainly means that someone else has filed a fraudulent return on your behalf in order to steal your refund.

If you are ever a victim of an identity theft issue related to an IRS scam, you may be very disappointed in the way it is handled via the various government agencies. They simply don’t allocate the resources to fix this problem proactively, nor are they adept at responding once it has occurred. The biggest issue is the thief’s privacy. Even if you have an idea who may have done it, the IRS or any other government agency will not release that information. Either way, knowing who did it won’t help you.

All you can do in the event of tax related identity theft is to follow the IRS’s instructions for contacting an agent and resolving the issue. Just be patient, as rectifying the issue may take many hours.

McAfee Identity Protection includes proactive identity surveillance to monitor subscribers’ credit and personal information and access to live fraud resolution agents who can help subscribers work through the process of resolving identity theft issues. For additional tips, please visit http://www.counteridentitytheft.com

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss IRS related identity theft on Fox News. (Disclosures)

Dealing with Online Harassment

I was watching Back to the Future II with a little person in my life and thought how funny it was that every time McFly was called a chicken he would accept the challenge and throw up his dukes. Maybe it’s funny to me because I’m kind of like McFly. When someone tosses out an insult or a challenge or baits me, my teeth come out and I’m ready for battle. I can’t help myself; I’m half Italian American and half German shepherd (and I’m not sure which half is worse).  Constructive feedback is one thing, but insults and attacking me is another.

I think most people at some level have a hard time with being mocked or personally castigated online or on the ground.  My mom used to say if you ignore them they will eventually go away. There is truth to that but it is easier said than done. Today’s advice might be to R.I.D yourself of the perp. That’s Report-Ignore-Delete.

Social networks are a minefield of messy comments and accusations that can invade your personal security. Anyone can set up a profile of someone else or post photos and videos or say awful things. The best thing you can do is simply manage things said about you.

To report someone on Facebook go to their profile and seek out in the bottom left corner “Report/Block this person” and you can remove them too. All sites allow you to remove those you are connected to.

Any Groups or pages that are designed with harassment in mind can be reported.

You can’t stop someone from posting a photo of you but you can remove any tags associated with photos on Facebook. If you see pictures that are harmful report them.

Most sites allow you to delete stuff on your feed or at least control who/what can be posted.

Most sites allow you to restrict access to your profile using various privacy settings

In email if you receive harassing messages most email providers allow blocking senders in the options menus. Otherwise create filters and automatically delete them. There is no need to engage in hate. Ignoring them by never seeing them is best.

You can also block text messages from unwanted callers. Why even give them the time of day. Ignore them and visit your carrier for instructions.

Monitor your children’s online profiles. Friend them to keep tabs. There are numerous programs that allow you to get snapshots of your kids social media activity. If you decide to install them have a conversation with your kids so they know why.

If any threats are ever made or harassment is taken to a level that deems a call to law enforcement, don’t hesitate to make the call.

Robert Siciliano personal security expert to Home Security Source discussing home security and identity theft on TBS Movie and a Makeover. Disclosures.

Organized Web Mobsters Getting Jobs Inside Corps

In 2009, there were a reported 140 million records compromised, compared to 360 million in 2008. In 2010 there have been almost 13 million records stolen. But don’t have a party just yet. Criminals are fine-tuning their craft and getting better. The industry just isn’t making it as easy. 97% of those records were stolen using malware – malicious software designed to attack the target’s existing systems and software in place.

A reported 50% of the malware was installed remotely. Almost 20% came from visiting infected websites and almost 10% was installed when employees clicked infected links that conned or “socially engineered” them.

A recent Verizon report stated, “Over the last two years, custom-created code was more prevalent and far more damaging than lesser forms of customization, the attackers seem to be improving in all areas: getting it on the system, making it do what they want, remaining undetected, continually adapting and evolving, and scoring big for all the above.”

This may be also attributed to an inside job. A rogue employee on the inside always has the advantage of knowing exactly how to remain undetected.

The report further stated that organized crime rings may “recruit, or even place, insiders in a position to embezzle or skim monetary assets and data, usually in return for some cut of the score, the smaller end of these schemes often target cashiers at retail and hospitality establishments while the upper end are more prone to involve bank employees and the like.”

In the past three years that’s a total of 513 million records. On average, every citizen has had his or her data compromised almost twice. Where’s your Social Security number in that mix?

To ensure peace of mind, subscribe to an identity theft protection service, such as McAfee Identity Protection, which offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your accounts. For additional tips, please visit http://www.counteridentitytheft.com

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss another data breach on Fox News. (Disclosures)

Poor Money Mule Not So Poor

“Money mules” may be unsuspecting Americans who act as shipping managers, do the dirty work for the bad guy, and open bank accounts, too. Sometimes the mule may be foreign, traveling to the United States specifically to open bank accounts.

Mules often get hooked into a “small business” or employment that is a function of a criminal enterprise. The mules often respond to “help wanted” ads from online job placement sites. Shipping scams are a common tactic criminals use to employ mules to receive goods bought with stolen credit card numbers, who then ship to people who buy them in online auctions. The mules in this process are essentially facilitating selling hot goods and money laundering.

The mules are often baited into setting up bank accounts that the criminal controls. These bank accounts will be set up under the name of the mule, and are generally programmed to transfer money overseas in increments of less than $10,000 to avoid detection.

Most mules end up pulling money out of their pockets to front shipping costs with the promise of a big payoff. In the end, the mule is often bilked and ends up with an empty bank account.

But not this mule, who was arrested and sentenced to 46 months in federal prison for sending more than $860,000 to offshore online scammers. He was caught after a sheriff’s deputy became suspicious during a traffic stop. They found eleven cell phones, fake IDs, $53,200 in cash, and 76 Western Union receipts. This ain’t no poor unsuspecting mule. This guy knew exactly what he was doing.

“He admitted accepting and cashing wire transfers from online shoppers for vehicles, boats, motorcycles and vehicle trailers, then sending that money to Romania or Spain in small amounts to make detection less likely. The items for sale did not actually exist.”

To ensure peace of mind, subscribe to an identity theft protection service, such as McAfee Identity Protection, which offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your accounts. For additional tips, please visit http://www.counteridentitytheft.com

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss money mules and job scams on Fox News. (Disclosures)

Scammer Tricks Woman with Bait and Switch

As far back as I can remember I would often be approached in parking lots by someone in a van who was trying to sell me home stereo speakers. The speakers were always from a retailer’s loading dock or from trucks that had extra unaccounted inventory. And today was my lucky day.  The ruse was when you got the speakers loaded into your trunk, you were generally getting them in their new box. But the box just had pieces of wood.  Anyone thinking they were getting a deal, was just getting firewood. This is classic bait and switch.  Be more aware of these scams and protect yourself from them.

A twist on this scam happening all over is with laptops. The Business and Heritage reports “As a woman got out of her vehicle, she was approached by a man who had exited from his car. In his car were a woman in the front seat and a kid in the back. He approached the woman and showed her a laptop.  He explained that his girlfriend is a manager at Best Buy and that he had gotten a great deal on some laptops like the one he had. But, now he needed the money more than he needed the laptops and said he would sell them to her for $350.00 each. He had four of them, each in an individual Fed Ex box in his car.  She accompanied him to his car, where he opened two boxes, and she saw what appeared to be two laptops. One was a black laptop with a Best Buy sales tag of $1999.99 and the other was a white Apple laptop with a $1999.99 price tag on it. Both were packaged nicely in plastic bubble wrap in Fed Ex boxes specifically made for shipping laptop computers.

The woman called some of her friends and they all wanted to buy one, so she bought all four of them for $1,000 in cash, on the spot. The scammer loaded them into the woman’s car and quickly left.  After the woman got back to her hotel, she discovered that the “computers” were actually several packages of notebook paper sandwiched between a black notebook binder and a white notebook binder.”

PT Barnum once said, “There’s a sucker born every minute”. Even old scams with new twists make smart people stupid. It’s not difficult to get swindled out of your money in a scam like this. Everyone wants a deal and everyone likes to think they are too smart to get scammed. Always keep in mind what Mom said, “If it’s too good to be true, then it is.”

Robert Siciliano personal security expert to Home Security Source discussing scammers and thieves on The Big Idea with Donnie Deutsch. Disclosures