Man Identified As ‘East Coast Rapist’ Held

There are only a few topics I rarely address due to their sensitive nature. Rape is one. It’s hard to write about and even harder talk about it. And being that it has never happened to me, and the fact that I’m a man, it’s a topic I’ve left to female experts in personal security to expound upon.

My overall position is I can’t call myself an expert in this topic so it’s one I should only hint at discussing.

A story in the Boston Globe reveals “Authorities have identified a man they arrested in Connecticut on suspicion of being responsible for rapes and other attacks on 17 women since 1997 and dubbed the East Coast Rapist. Police spokesman Joe Avery said Aaron Thomas, 39, of New Haven, was arrested yesterday afternoon at his home by the US Marshal’s Fugitive Task Force. Avery said Thomas “has been identified as the East Coast Rapist.’’ US Marshal Joe Faughnan said a lead from authorities in Virginia led them to Thomas. Authorities recently posted sketches of the suspect on electronic billboards in states where attacks occurred, including Connecticut, Virginia, Maryland, and Rhode Island.”

This is good news. However there are many other predators to take his place. I’ve seen stats saying 1 out of four American women will be sexually assaulted. Others say a woman is sexually assaulted somewhere in the world every 56 seconds.

Often these assaults are done by someone known to the victim whereas fewer are done by total strangers.

Either way it is essential women take hardcore self defense classes. Self defense is a topic I can speak to. The best program is known as Impact Model Mugging which utilizes a technique called “adrenal stress training”. Look them up and take any class within driving distance. And do it today.

Robert Siciliano personal and home security specialist to Home Security Source discussing self defense on Fox Boston.

Scammer Guilty of $2.7 Million Online Auction Fraud

Auction scams are messy. Consumers who are new to the world of online auctions are more likely to fall victim to deals that are too good to be true. Victims either get stuck with inferior or counterfeit goods, or they are charged and never receive the purchased item at all.

My spouse used eBay to search for skin care products, and was pleasantly surprised by the low prices she found for the products she wanted. Since she doesn’t have much experience with eBay, she called me over to help her complete the transaction. I saw that the seller had no feedback from previous buyers, and suggested that my wife hold off on the purchase. She begrudgingly agreed with me, and the next day when she logged in, the seller had been suspended from eBay. (I told her I’m wicked smart!)

If it looks like it might be fraud, it probably is.

A Romanian man recently pled guilty to charges of wire fraud and conspiracy before a Chicago judge, after having acted as a money mule in a scheme that scammed eBay, Craigslist, and AutoTrader users out of $2.7 million. The man’s associates in Romania used auction websites to sell nonexistent cars, motorcycles, and RVs. Buyers paid by wiring money to the scammers’ accounts, but never received the expensive items they had supposedly purchased.

Online classified and auction websites could prevent fraud and protect their users by incorporating device reputation management. One anti-fraud service getting lots of attention for delivering fast and effective results is ReputationManager 360 by iovation Inc. This software-as-a-service incorporates device identification, device reputation and real-time risk profiling. It is used by hundreds of online businesses to prevent fraud and abuse in real time by analyzing the computer, smartphone, or tablet connecting to their online properties.

While iovation does not collect any personally identifiable information (PII) from their business clients, they have a very unique view into the connections between computers and the accounts they access. For example, what might typically look like one transaction to a single auction site is often a coordinated attack across multiple sites.  When a group of devices hits multiple sites, across various industries, iovation can detect the attacks through velocity triggers and shared experiences across their customer base to alert the affected business and thwart the attacks.

A device reputation check used on a scammer setting up a new account in an online action site would stop him at the front door, leaving no chance to post fake items for sale which would soon cause damage to the business and its customers.

eBay makes safety recommendations for users, and the first rule is to use eBay’s built in payment system, and not to use alternate payment methods, like wiring money.

Never provide sensitive personal information like your account password, a credit card or bank account number, or your Social Security number in an email.

Before you bid or buy on eBay, know your seller. Look at your seller’s feedback ratings, score, and comments to get an idea of their reputation within the eBay marketplace.

I generally recommend using PayPal to help prevent online identity theft. If you use your credit card, check your statements frequently and refute any unauthorized charges immediately.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses scammers and thieves on The Big Idea with Donnie Deutsch. Disclosures.

When a Good Guy Steals Your Identity

Chris Roberts is a hacker. But not a black hat hacker, like the bad guys you may associate with the term. He’s a white hat hacker, or an ethical hacker, and no, that isn’t an oxymoron. Chris is the kind of guy you definitely want on your team, because if he weren’t, he’d be your worst nightmare.

I had the opportunity to meet up with him at the McAfee Focus 2010 event. His appearance fits the hacker stereotype: he’s tall and lanky, with a Viking beard and, I’m pretty sure, some tattoos. And he carries around a bag of tricks that could probably take down the Pentagon. He’s got every sort of gadget that could be used to sniff, spy, and hack.

Companies hire Chris to determine what their weaknesses are, and how vulnerable they are to a potential attack.

NetworkWorld profiled Chris, and, in the article, he brought attention to the fact that many people assume they won’t be targeted by identity thieves because they don’t have money, or status, or even good credit:

“So many people look at themselves or the companies they work for and think… Why would somebody want something from me? I don’t have any money or anything anyone would want… While you may not, if I can assume your identity, you can pay my bills. Or I can commit crimes in your name. I always try to get people to understand that no matter who the heck you are, or who you represent, you have a value to a criminal.”

No kidding.

Your Social Security number, which represents your total identity, is always valuable to a criminal. Because our system lacks full accountability when it comes to identification, anyone can use your data to pose as you.

Until the day comes, if it ever does, that we are effectively identified and authenticated, we will always be vulnerable to imposter fraud and identity theft.

Identity theft can happen to anyone. McAfee Identity Protection offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your accounts. McAfee Identity Protection puts victims first and provides live access to fraud resolution agents. For additional tips, visit CounterIdentityTheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss credit and debit card fraud on CNBC. (Disclosures)

Dumb Criminal Tries To Guess PIN 50 Times

What do you do when you are picked up in a cab and the driver suspects your home will be vacant while you are gone?

The Manchester Evening News reports “A BUNGLING burglar went to the same ATM more than 50 times – to try and guess the PIN numbers of bank cards he had stolen. He thought he might strike it lucky if he kept on putting in random sets of four numbers into the ATM machine. But, with the odds of correctly guessing a card’s PIN number ranked at one in 10,000, and he never managed to make a single withdrawal.”

Police believe the dumb criminal may have used his job as a taxi driver to pick out homes where he had picked people up and he would then return to at night and break into. He pleaded guilty to eight counts of burglary and was jailed for three years four months.

Whenever I’m picked up in a cab from my home I always get on the phone and fake or make a real call and say “Bill, can you make sure when I’m gone that the Dog stays in the house? He got out again and bit someone bad, there was blood everywhere, and please set the home alarm, and I’ll only be gone a short time this is just a shuttle”.

This puts enough doubt in the mind of the cabbie to choose my home as his next target.

Get the new ADT Pulse™ system which has 5 ways to turn on/ off the system including a wired keypad, touchpad, iPhone app, remote control and a PC.

Robert Siciliano personal and home security specialist to Home Security Source discussing ADT Pulse™ on Fox News.

LinkedIn Gone Wild: Invades Inboxes

Did you know there is a setting on LinkedIn where they will email your entire contact list in your behalf to let everyone know about a new position you have taken with a company?

I didnt.

Until I got all kinds of  “Congratulations” in my inbox.

Apparently there is a new setting that by default is left “On” which in fact tells all your contacts that you’ve taken a new job or got a new contract or whatever. And while you may post this to your profile, it may not be something you want to stick in someone’s inbox.

I know it’s posted online for the world to see. But some things posted are meant to be passive not direct. Linkedin is supposed to be a place to catalog your accomplishments and business interests. Not a sounding board to push out content in people inboxes. I choose what to pushout. Not LinkedIn.

What’s bothersome is LinkedIn knows this new feature is a problem and only passively tells their members.

It looks like this:

“”By selecting this option, your activity updates will be shared in your activity feed.

  • Note: You may want to turn this option off if you’re looking for a job and don’t want your present employer to see that you’re updating your profile.””

That’s incredible “if you’re looking for a job and don’t want your present employer to see” THEY WROTE THAT!!!!


OK, so you’d have to be a tool to update your profile with a new job while having an existing job, but the fact that by default LinkedIn has gone in and chosen to tell all your contacts is disturbing. It’s wrong on so many levels they take it upon themselves to send that email.

My issue is I don’t have a “Job” I have “clients” and now my clients think I got a Job. Which is unusual for a consultant to have a job and consult and makes me look like a “Moonlighter”.

It’s just wrong Linkedin. You had no right to do that.

Robert Siciliano has no job. He is a consultant to great security companies. See him discussing home security and identity theft on TBS Movie and a Makeover.

Slam Online Scams

#1 Nigerian Scams: While these types of scams are generally understood to be Nigerian in nature and origin, and are in fact named after the 419 Nigerian code that made them illegal, advanced-fee scams happen right here in the good old USA by Americans presenting to offer jobs or may ask help to transfer money.

#2 Romance Scams: If you ever hear talk like this, run far and fast: “In me sweetheart you are going to find the most passionate, loving and romantic man you have ever met. There are very few promises in life but this is one of them! ROMANCE is the key to my happiness and to my heart and soul!”

#3 Classified Ad Scams: This story caught my eye: “An online scam targeting pet-lovers is circulating the web, and it could cost you more than a new pet. An ad posted to a local online classified website by a man who claimed he was living in Florida. He was willing to give the Labrador Retriever puppy named Dely away for the cost of shipping, which was $220.”

#4 Phishing: Phishing continues to become more sophisticated, more effective, and more prevalent. In one example, criminal hackers waited until Pennsylvania school administrators were on vacation, then used simple money transfers to liquidate over $440,000 out of the districts accounts.

#5 Spear Phishing: Spear phishing occurs when the scammers concentrate on a localized target, usually an individual with control over a company’s checkbook. This insidious type of phishing occurs when a recipient clicks a link, either in the body of an email or on the spoofed website linked in the email, and a download begins.

Don’t be taken. Keep your head up and recognize when someone’s trying to take advantage of you.

Robert Siciliano personal and home security specialist to Home Security Source discussing home security and identity theft on TBS Movie and a Makeover.

A Good Decade for Cybercrime

Cybercrime is one of the most successful and lucrative industries of our time, growing by double digits year after year. Over the last decade, cyber crooks have developed new and sophisticated ways to prey on an explosion of Internet users, with little danger of being caught. Meanwhile, consumers face greater risks to their money and information each year.

A few famous exploits illustrate different eras of cybercrime:

“I Love You” worm’s false affection: $15 billion estimated damage

Emails with the subject line “I love you” proved irresistible in 2000. Millions of users downloaded the attached file, which was supposedly a love letter but was actually a virus. This infamous worm cost companies and government agencies $15 billion.

MyDoom’s mass infection: $38 billion estimated damage

This fast-moving worm, which first struck in 2004, tops McAfee’s list in terms of monetary damage. It delivered enough spam to slow global Internet access by 10% and reduce access to some websites by 50%, costing billions of dollars in lost productivity and online sales.

Conficker’s stealthy destruction: $9.1 billion estimated damage

This 2008 worm infected millions of computers. It went a step further than the other two worms on our list, downloading and installing a variety of malware that gave hackers remote control over victims’ PCs.

Some of the most common and nefarious scams include:

Fake antivirus software

Selling fake antivirus software is one of the most insidious and successful scams in recent years. Cyber criminals play on users’ fears that their computers and information are at risk, displaying misleading pop-ups that prompt the victim to purchase antivirus software to fix the problem. When victims enter their credit card information, it is stolen and, instead of security software, they wind up downloading malware.

Phishing scams

Phishing, or trying to trick users into giving up personal information, is one of the most common and persistent online threats. Phishing messages can come in the form of spam emails, spam instant messages, fake friend requests, or social networking posts.

Phony websites

In recent years, cyber crooks have become adept at creating fake websites that look like the real deal. From phony online banking to auction sites and e-commerce pages, hackers lay traps in the hopes that you will be fooled into entering your credit card number or personal information.

For your own peace of mind, consider subscribing to an identity theft protection service such as McAfee Identity Protection, which offers proactive identity surveillance, lost wallet protection, alerts when suspicious activity is detected on your accounts, and access to fraud resolution agents. For additional tips, visit CounterIdentityTheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him explain how to protect yourself from identity theft on CounterIdentityTheft.com. (Disclosures)

Mother’s Book Recalls Serial Killer’s ’07 Massachusetts Home Invasion

In July of 2007 on a hot summer night a serial killer was arrested after he broke into a 15-year-old girl’s room in Chelmsford Massachusetts in the middle of the night and tried to rape her. The girl’s father heard her scream and held the masked and gloved Lane in a headlock until police arrived, authorities said.

At the victims’ home, the killer found the back door unlocked. The daughter left it that way when she came home that night, because she thought her brother was coming home later.

The Boston Globe reports the Mom, Jeannie, “has written a book about that night and its aftermath. In those adrenaline charged minutes, she says, ignorance kept her from becoming paralyzed: She did not know she was fighting a serial killer who had killed his previous victim the day before.”

Evil takes many forms. One of its forms is as Adam Leroy Lane. Lane was a truck driver from North Carolina whose route traveled up and down the east coast and attacked or murdered women in New Jersey, Pennsylvania and Massachusetts.

Apparently when the urge struck, he’d veer off the highway and stalk neighborhoods and jiggle door knobs until he found one unlocked with a woman inside. In all the cases, the killer picked his victims at random and attacked them at their homes near interstate highways that he traveled.

Lane was carrying knives, a belt with Chinese throwing stars and choke wire during the attack. Police also allegedly found in the cab of his truck a copy of the movie, “Hunting Humans,” which is about a serial killer. “I study them until I’ve got their pattern and it’s easy to do the rest,” says a line from the movie Hunting Humans.

This is exactly the breed of predator I’ve been screaming about my entire life. The always has been, there is, and there always will be Adam Leroy Lane’s jiggling another door knob.

Protect yourself and family.

  • Lock your doors and windows day and night because you are smart.
  • Beef up the lighting outside your home because you are aware.
  • Install home security cameras because you want a layer of protection.
  • Be proactive with the help of ADT Pulse™, a new interactive smart home solution that goes beyond traditional home security to provide a new level of control, accessibility and connection with the home

Robert Siciliano personal and home security specialist to Home Security Source discussing Home Invasions on Maury Povich.

Traveling For Winter Vacations? Think Security

Contrary to what some might suggest, I’ve never thought it was a good idea to place your name on a “stop mail” list at the post office. Because some crack head postal employee now has a list of opportunities.

It’s the same thing with stopping delivery of your newspaper. Once you are on that list, it is known you are away.

The best case scenario for both issues is to have a trusted friend, family member or neighbor grab your mail and newspaper for you.

Never list your vacation plans on social media. The last thing you need to be doing on Facebook is telling the world you are 2000 miles away.

Put lights on timers to give your home the “lived in look”. ADT Pulse™ does all this form you.

Do all the fundamentals like invest in a home alarm system that sends an alert to local law enforcement that your house has been broken into. Studies show as many as 25% of all American homes are equipped with a home security system. Monitoring is generally a buck a day.

Set yourself up with home security cameras. Mine can be accessed from my iPhone and online. It’s kind of addicting, and I’m always checking out the scene at the homestead when I travel.

Here are a few tips to help protect the safety of your home while you are gone:

  • If you are traveling by car make sure it’s running properly, check belts and tires and oil. Have a good spare and carry an emergency kit.
  • If you are heading overnight pack your car in your garage or late at night under the cover of darkness.
  • Use timers on indoor and outdoor lights.
  • Let a trusted neighbor and the police know you are traveling.
  • Unplug garage door openers.
  • Have a neighbor park their car in your driveway.
  • If grass is still growing where you live and if you’re gone for a bit have a landscaper mow your lawn.
  • Don’t share your travel plans on social media or on a voicemail outgoing message.
  • Lock everything of significant value in a safe.

Robert Siciliano personal and home security specialist to Home Security Source discussing Home Security on NBC Boston

Social Security Numbers Easily Cracked

It is easier than ever to guess or predict an individual’s Social Security number, which puts us all at a greater risk for identity theft.

Researchers at Carnegie Mellon University have developed a reliable method for predicting Social Security numbers, using information from social networking sites, data brokers, voter registration lists, online white pages, and the publicly available Social Security Administration’s Death Master File.

Originally, the first three numbers on a Social Security card represented the state in which a person had initially applied for their card. Numbers started in the northeast and moved westward. This meant that people born on the East Coast were assigned the lowest numbers and those born on the West Coast were assigned the highest numbers. Before 1986, people were rarely assigned a Social Security number until age 14 or so, since the numbers were used for income tracking purposes.

The Carnegie Mellon researchers were able to guess the first five digits of a Social Security number on their first attempt for 44% of people born after 1988. For those in less populated states, the researchers had a 90% success rate. In fewer than 1,000 attempts, the researchers could identify a complete Social Security number, “making SSNs akin to 3-digit financial PINs.” The researchers concluded, “Unless mitigating strategies are implemented, the predictability of SSNs exposes people born after 1988 to risks of identity theft on mass scales.”

While the researchers’ work is certainly an accomplishment, the potential to predict Social Security numbers is the least of our problems. Social Security numbers can be found in unprotected file cabinets and databases in thousands of government offices, corporations, and educational institutions.

The problem stems from that fact that our existing system of identification is seriously outdated. We rely on nine digits as a primary identifier, the key to the kingdom, despite the fact that our Social Security numbers have no physical relationship to who we actually are. This problem can only be remedied by incorporating multiple levels of authentication into our identification process.

With more than 11 million victims just last year, identity theft is a serious concern. McAfee Identity Protection offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your financial accounts. Visit CounterIdentityTheft.com to educate and protect yourself.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss how a person becomes an identity theft victim on CounterIdentityTheft.com (Disclosures)