mCrime Perfectly Positioned to Pounce in 2011

The number of households in the United States that rely solely on wireless telephones continues increasing. More than one in four households had cell phones and no landlines in the first half of 2010, which is an increase of 2.1% since the second half of 2009. And almost one in six households uses cell phones exclusively or almost exclusively despite still having a landline.

What’s most interesting is that more than half of adults between 25 and 29 rely on cell phones alone. This is the first time that adults of any age range have been more likely to go without landlines. This trend indicates that those who have grown up with mobile phones as an accoutrement that went along with their lunch box have never bothered to get a landline. In a few decades, the landline will probably be about as obsolete as the rotary phone is today.

As a result of this shift, software application developers are focusing primarily on mobile devices, with PCs demoted to a secondary consideration.

And whenever there’s a major transition to a new technology, the uncertainty and newness creates the perfect opportunity for scammers to launch attacks. Dave DeWalt, chief executive of McAfee Inc. security software, predicts, “2011 is the year of the threat to the mobile device, particularly the mobile app.”

There are plenty of new tablets and smartphone devices coming out this year, along with thousands of new mobile applications. Meanwhile, hackers are creating bugs and viruses that modify the legitimate software industry’s processes.

Expect more scams and more scam warnings in 2011. The main initial concerns involve rogue apps and phishing messages designed to extract credit card numbers and login credentials. As mCrime evolves and criminals begin to make some money, they will have the resources to hire crackerjack programmers to do their deeds.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses mobile phone spyware on Good Morning America. (Disclosures)

Are Internet Cookies Good or Bad?

Neither, they are just a mechanism to how the Web works.  The bigger question is, are the uses thereof good or bad.

Microsoft, Google, and Firefox are implementing do-not-track features into their browsers, giving consumers the option to block cookies that may track their surfing for advertising purposes.

Most major websites now install cookies on your computer, which, over time, help develop a profile that serves as your digital fingerprint. This is why, after searching for a specific product, you may notice advertisements for that particular product or brand appearing on various other websites.

But not all cookies track you in order to sell you something. Many are there for security purposes. Merchant Risk Council considers “where the line is drawn between the proper and improper uses of this type of technology (protecting against online fraud vs. targeted online marketing).”

Several companies use cookies as well as other technologies, such as tokens, along with sophisticated and unique pattern matching that can only be derived from extensive and unique experiences with a shared reputation database, to identify and re-identify devices.

I don’t see any physical harm or identity theft ever happening as a result of of this refined marketing or especially device identification, especially when it comes to techniques meant to watch your back and protect you.

With privacy watchdogs addressing this kind of advertising as a major concern, and the Obama administration now stepping in, we will surely see the implementation of some standards in this kind of marketing practice over the next few years.

The MRC wonders, “As this issue gets more play, and consumers become more aware of this technology, will there be any effect on “good customer” behavior by potentially scaring people away from online shopping?”

I doubt it. But right now, government, industry, and consumers need to understand the difference between good cookies and bad cookies, before rash decisions designed to give us slightly more privacy make us more vulnerable to fraud.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses identity theft in front of the National Speakers Association. (Disclosures)

Digital Lifestyle: 4 Essential Mobile Travel Apps

You don’t reach Platinum Medallion status on Delta by sitting on your back porch. I got there by schlepping all over the country, from one airport and hotel to the next. And technology definitely plays a major role in making my trips more manageable.

I swear by the following apps:

Tripit is a free app that keeps your itineraries easily available on your smartphone and gives you instant access to any information you might need on the road, even when you can’t connect to the Internet. (Flight times, confirmation numbers, and even maps.) Email your receipts from airlines, hotels, and rental cars to your TripIt account, and this highly intuitive app organizes the information by date and time.

FlightTrack costs $5, and it’s the best app out there for tracking flights, with beautiful, zoomable maps and real-time departure schedules, delay updates, and gate numbers at a glance. FlightTrack will alert you to cancellations and even help you find an alternate flight. Full international coverage means you can track flights worldwide. FlightTrack works in tandem with TripIt.

AroundMe is a free app that quickly provides information about your surroundings. How many times have you needed to find the closest gas station? AroundMe identifies your position and shows you a complete list of all nearby businesses in a selected category, including banks, bars, gas stations, hospitals, hotels, movie theaters, restaurants, supermarkets, and taxis. Each listing includes distance from you, a map, and directions, plus you can easily add the information to your contact list or email it to a friend.

Yelp has a free app for your iPhone that can help you find whatever you need when you’re on the road, whether it’s a burrito joint that’s open right now, the closest Irish pub, or a gas station that you can drive to before your tank hits empty. You can search for places to eat, shop, drink, relax, and play, and read reviews from an active community of locals. The iPhone’s built-in location finder makes it easy to search for places nearby. This is similar to AroundMe, but I always use Yelp for restaurants because of the detailed user commentary.

There are thousands more in this category. Some work better than others. What travel apps do you use?

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses mobile phone spyware on Good Morning America. (Disclosures)

Criminal Hackers Responsible For Most Data Breaches

According to the Identity Theft Resource Center, there were at least 662 data breaches in 2010, which exposed more than 16 million records. Nearly two-thirds of breaches exposed Social Security numbers, and 26% involved credit or debit card data.

The ITRC elaborated, “Other than breaches reported by the media and a few progressive state websites, there is little or no information available on many data breach events that occur. It is clear that without a mandatory national reporting requirement, many data breaches will continue to be unreported, or under-reported.”

The majority of these attacks were malicious hacks or insider theft, rather than the result of employee errors. InformationWeek reports, “Some states, but not all, have data breach notification laws, which require any organization that suffers a breach to notify that state’s affected residents. Interestingly, the ITRC found that information about 29% of the 662 reported breaches for 2010 could be credited to authorities in those states.”

The Privacy Rights Clearinghouse’s Chronology of Data Breaches found that more than 500 million sensitive records have been breached in the past five years. Examples of incidents in which personal data is compromised, lost, or stolen include “employees losing laptop computers, hackers downloading credit card numbers and sensitive personal data accidentally exposed online.”

Cases of identity theft are skyrocketing, and 32% of all identity theft victims had their Social Security numbers compromised.

Now more than ever, criminal hackers are hacking into databases that contain Social Security numbers and using those numbers to open new financial accounts, or to obtain credit cards, mobile phones, or even bank loans. Some victims have had their mortgages refinanced and their equity stripped.

To protect yourself from a similar fate, you can:

1. Refuse to provide your Social Security number.

2. Invest in an identity protection service. There are times when you cannot withhold your Social Security number, but an identity protection service can monitor your personal and financial data. McAfee Identity Protection provides alerts if your information is misused, credit monitoring and unlimited credit checks, and if necessary, identity fraud resolution. (For more information, visit

3. Protect your PC. McAfee Total Protection software provides the most effective protection of the data stored on your computer against virus, online and network threats.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss the use of Social Security numbers as national identification on Fox News. (Disclosures)

What It’s Like To Have Your Home Robbed

Recently, I worked with a Fox News reporter in Boston on a story about home burglaries and home security systems. The victim in our story states “I see the big smashed in window, glass everywhere,” says David Barstow of Methuen.

While his family was gone for only a couple of hours, a group of teens ransacked and burglarized his home. “It’s that sick feeling in your stomach,” he said. “What if my wife and daughter ever walked in here and they were still here?”

There is a feeling of overwhelm and “what if” that comes from any intrusion such as this. Unfortunately, these feelings sometimes never go away.

David went onto say “Instead of closing your blinds and saying thank God it wasn’t me, it’s going to be you next,” says David “who managed to catch the guys who broke into his house when the crooks returned to his neighborhood to grab some of the loot they left behind. Home security at this house has become a top priority.”

Home security should be a top priority in your home too. I know David’s home security system was installed after his family’s home was burgled. Studies show many people install a system after something bad happens.

It doesn’t have to be that way. Security is about being proactive. Not reactive. Be proactive.

Robert Siciliano personal and home security specialist to Home Security Source discussing ADT Pulse™   on Fox News.

Mobile Apps Are Leaking Data on You

Tracking users is all the rage. A battle is being waged over our data, and there are several parties involved in this fight. We voluntarily offer our data to various companies, only to discover that they are using it in ways that we never anticipated.

Smartphones have become almost an extension of ourselves. They are as integral to our lives as clothing. I have mine clipped to my suit when I’m working, jeans when I’m shopping, and pajamas when I’m lounging. And then, of course, it’s on the nightstand when I’m sleeping. It’s even right outside the shower.

And then there are the applications. Most people spend more time navigating their apps than actually making or receiving calls.

The Wall Street Journal found that many app developers haven’t been upfront with their intentions:

“An examination of 101 popular smartphone “apps”—games and other software applications for iPhone and Android phones—showed that 56 transmitted the phone’s unique device ID to other companies without users’ awareness or consent. Forty-seven apps transmitted the phone’s location in some way. Five sent age, gender and other personal details to outsiders. The findings reveal the intrusive effort by online-tracking companies to gather personal data about people in order to flesh out detailed dossiers on them.”

One developer of online ads and mobile apps declared, “We watch what apps you download, how frequently you use them, how much time you spend on them, how deep into the app you go.” The motivation here is money. The more they know about you, the more targeted ads they can deliver, and the more likely you are to buy.

So what to do? Privacy concerns are justified, but what can be done with this data, other than ad targeting? Not much. I don’t see any fraud or identity theft happening as a result of this. They aren’t going to try to sell you anything by cold calling you, and hopefully they’ll refrain from emailing sales pitches.

If you want to cleanse yourself of this type of tracking you can delete and avoid apps, or you could provide false information, but that could violate terms of service, and might even be a useless tactic.

The best you can do is try to understand what you are giving and what you are getting in return, and make conscious decisions as to whether the tradeoff is worth it to you.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses leaky applications on Fox News. (Disclosures)

Online Dating Sites a Haven For Criminals

I’m weird. I know this because people tell me all the time. They tell me I’m weird because I like to do things that most people don’t. I like to do things that are different, and different usually means weird. One of my little weird things is posing as a woman. Yup. Read on.

I like to expose the flaws in our systems, to find what makes us vulnerable. Much of my “research” (or my “antics,” as some would say) is prompted by my desire to learn more about the scumbags of society, who prey on others.

So I sign up for online dating sites, create a profile as a woman, and wait for men to contact me. My research has led me to discover some particularly shady methods scammers use to target emotionally vulnerable victims. The most common is an advanced fee scam involving a wire transfer.

A divorced mother of three in Britain was taken for £80,000 by a scammer posing as a US soldier. It began when a man who called himself Sergeant Ray Smith introduced himself on a dating website. Soon they were chatting and emailing regularly, and then he was calling her on the phone and asking her to wire him money.

Twenty years ago, online dating wasn’t even a thought. Ten years ago, it was weird. Five years ago, it was new and exciting. Today, it’s as normal as milk and bread. If you are looking for a mate online, you will eventually find someone. Most of my friends who’ve tried it were successful. But by the time a new technology becomes normalized, scammers, who are usually ahead of the curve, are lying in wait. As online dating gradually gained popularity and acceptance, scammers were coming up with ways to take advantage and perfecting their craft. And now it’s a full-time job for them. They know all the new scams and come up with better ways of executing the old ones.

It blows me away that these scams are even possible. In many cases, the same scammers maintain multiple profiles on different dating sites, and the dating sites do almost nothing to prevent or police this.

We caught up with anti-fraud provider iovation to see what dating sites around the world were reporting about fraudster activities.

In the last 90 days, 230,000 fraud and abuse attempts were reported to iovation from dating sites alone, including:

•   Spamming – 90,000

•   Scams and solicitations – 30,000

•   Inappropriate content – 20,000

•   Chat abuse – 17,000

•   Profile misrepresentation – 15,000

•   Credit card fraud – 14,000

•   Identity mining / phishing attempts – 12,000

iovation has many more categories specific to dating, including bullying, account takeovers, under age members, and so on. What’s unique to their globally shared system is that their clients can choose what to take action on or not.  For example, a dating site may choose to not care about cheating in online gaming sites, but set up rules to trigger multiple account creations looking for profile misrepresentation.  Dating sites can specify which type of behavior to protect their users from.

If more sites incorporated device reputation checks for suspicious computer history and investigated for characteristics consistent with fraudulent use, they’d be able to deny criminals, often before the first time they tried to sign up.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses Safe Personal Dating on Tyra. (Disclosures)

Honesdale PA State Police Issue Burglary Prevention Tips

The WayneIndependent reports that due to a higher degree of burglaries that citizens should be proactive and protect their properties.

Here is an abridged version of their safety tips with my spin:

Walking in on a burglary?

DO NOT ENTER — a trapped burglar is dangerous. DON’T try to capture him yourself.

Call the police immediately. Always protect the scene — vital evidence may be destroyed needlessly.

If the burglar is caught, testify against him.


Lock your windows and restrict the opening to a maximum of four inches. Make sure your basement windows are outfitted so entry through them is prevented.

Equip your exterior doors with good locks. If you don’t have a solid core door install a double-cylinder, dead-bolt lock which requires a key both inside and out. Make sure this is allowed by fire officials.

DON’T leave door keys in mail chutes, under doormats or on top of door frames

While gone for and extended time

Stop deliveries and have a dependable neighbor clear your porch of all items.

Arrange to have your immediate neighbor watch your house while you are away. Leave a key with them and a telephone number where you can be reached in an emergency.


Keep your garage locked. Remove the keys from your garaged automobiles. Close your garage door each time you leave, even though you may be gone for only a short time.

Consider unplugging the electric opener.


Install approved, automatic timers. These can be set to turn on a light in your home at a time when are expected to be on. It will also turn off the light at your normal retirement hour.

A constant light in a room which cannot be looked into from the outside, such as a bathroom, is a good idea.

Robert Siciliano personal and home security specialist to Home Security Source discussing ADT Pulse™ on Fox News.

Being Proactive Isn’t Living In Fear — Smart Home Solution

Occasionally, I’m chided by naysayers who accuse of promoting the FUD: fear uncertainty and doubt. They rattle off statistics that point to the chances of something bad happening is slim and one should not be concerned about such issues.

They are right, the stats are correct, and they are wrong, you should be concerned, but not overly. Regardless, directives towards belittling an issue I speak of is generally aimed at their own insecurity they fear addressing.

In their minds they know it’s something they need to deal with but one they’d prefer not because it’s easier to chastise me and minimize the event than it is to address it head on and be proactive in that manner.

The underlying excuses I’ve heard over and over again point to 2 cop-out procrastinating terms including “it can’t happen to me” and “I don’t want to be paranoid.”

To dispel “it can’t happen to me”

Unless you live in a bubble that protects from gamma rays, it can happen. While chances might be slim of any crime occurring, there is still enough of a chance that it will. For evidence just look in your regional or local police blotter and see how many it happens within a 5 miles radius of your home.

To dispel “I don’t want to be paranoid.”

Heck, I don’t want to be paranoid either. And I don’t wish you to be.

To define paranoia: “Paranoid personality disorder is a psychiatric condition in which a person has a long-term distrust and suspicion of others. People with paranoid personality disorder are highly suspicious of other people. As a result, people with this condition severely limit their social lives. They often feel that they are in danger, and look for evidence to support their suspicions. People with this disorder have trouble seeing that their distrustfulness is out of proportion to their environment”

Paranoia is a loss of control and persistent overwhelm. Taking control of one’s personal security is the complete opposite of paranoia. It’s a balanced perspective knowing that yes, these things do happen, chances are slim they will happen to me, and I’m going to be proactive and do my best to prevent it.

No sense in living in fear. But being proactive, that should be common sense.

Be proactive with the help of ADT Pulse™, a new interactive smart home solution that goes beyond traditional home security to provide a new level of control, accessibility and connection with the home.

Connectivity and interactivity are driving the way people live and manage their smart homes. ADT Pulse™ provides customers with anywhere, anytime access to their home via smart phones or personal computers, including an iPhone application to:

• Arm and disarm their home security system.

• Get notified of alarms and selected events via email and text messages as well as video clips.

• View their home through cameras and watch secure real-time video or stored video clips of events from monitored areas of the home.

• Access lights and appliances or set schedules to automate them.

Robert Siciliano personal and home security specialist to Home Security Source discussing ADT Pulse™ on Fox News.

Shoring Up National Cyber Security Infrastructure

The wild, wild web is the most exciting, alluring, and all-around awesome thing available to us today. It’s also something we have come to rely on to a fault. And that’s a little scary. The Internet is a decentralized wilderness, used by billions of devices worldwide.

Joe Lieberman, chairman of the Homeland Security and Governmental Affairs Committee, introduced a controversial bill designed to empower the United States to shut down the Internet, explaining, “For all of its user-friendly allure, the Internet can also be a dangerous place with electronic pipelines that run directly into everything from personal bank accounts to key infrastructure to government and industrial secrets, our economic security, national security and public safety are now all at risk from new kinds of enemies — cyber-warriors, cyber-spies, cyber-terrorists and cyber-criminals.”

Regardless of the politics behind the issue, shutting down the Internet would have dire consequence on everything from electricity, water delivery, transportation, and food production. We simply aren’t prepared for that kind of shift.

But the question remains, how do we shore up our nation’s critical infrastructure against online attacks?

States, governments, and corporations are investing billions in online infrastructure. Thousands of cyber security professionals are being trained to keep us safe. I can only hope that many are decentralizing their systems in order to become self-reliant if necessary.

While technologists and government leaders are sorting this out, the weakest link in the chain is still…drum roll, please…you.

Corporations and government agencies are legally required to secure their systems, at least minimally. But no such standards exist for the consumer. No laws require you to take a single step for the sake of your own security. Software vendors should certainly be held accountable if their products aren’t secure, but this alone is inadequate.

If you buy a bike for your child, for example, it’s up to you to teach him to ride safely, and to require him to wear a helmet. In many places, children are legally required to wear bike helmets. Similarly, you can’t drive a car without a license, and you can’t get that license without proper training.

It should be the same with technology. Before you come to rely on a smartphone or PC, you ought to receive training on how to use it securely. I have enough faith in people to believe that if we truly understand the consequences of inaction, we’ll come together and act to resolve whatever problems we face. We need to get together on this issue and do something about it…like, yesterday.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses the possibility of an Internet crash on Fox Boston. (Disclosures)