Gritty Grandma Foils Home Invasion

In Colorado Springs the Gazzette.com reports an eighty-three-year-old grandmother has a simple message for the bad guys: “Nobody better mess with me.”

“A man used a crow bar or similar tool to pry at the back door of her central Colorado Springs home. Throwing her 112 pound frame against the door, she wasn’t having it. The intruder — who wore a hooded sweatshirt — took off running after she blocked the way and cried out that she was calling the police.”

The scenario went like this: She was on the phone calling in a prescription. She sees a guy in a hooded sweatshirt coming down her front walkway.  He puts the hood on then rings the doorbell. She doesn’t answer. Grandma states in the article “I never come to the door.” Then moments later after ringing the doorbell and knocking loudly, he went around to her back door and began prying at the back door with a crowbar.

“She shouted for the man to leave, and he began pounding at the door. Then she placed herself against the door and continued shouting that she was going to call police. Then the door began to open, leaving a three-inch gap of daylight between the door and the frame.”

Then for whatever reason, he took off running. For whatever reason the home invader got spooked.

This is a happy ending. But it could have just as easily, and it’s more likely to have ended tragically as it does in similar situations every day. He probably didn’t intend on “invading” the home, because he didn’t think she was home. But more likely he was going to burgle it with her gone.

What to do?

Signage outside, front and back saying the home is alarmed is a deterrent.

Big dog bowls saying “Killer” on the front and back porch is a deterrent.

When at home and seeing someone trying to break in, hit the panic button on your alarm. For my system it’s the “A” and “1” button simultaneously. That sends off a shrieking alarm and calls the police.

Have your alarm on 24/7. Meaning if someone pries open a door while you are home or away, the alarm goes off.

Install home security cameras around the perimeter. I have 8 cameras outside fully encompassing every door and window.

These are all layers of security. The more layers you install the less likely your home will be targeted.

Robert Siciliano personal and home security specialist to Home Security Source discussing ADT Pulse™ on Fox News.

Should You Worry About Smartphone Security?

Every industry involves four main parties. There are, most obviously consumers and manufacturers. There are also those who provide services or supplies to the manufactures, or produce peripheral products that work in tandem with the original product. Finally, there are the watchdogs, keeping tabs. Watchdogs are usually either government regulators or third party nonprofits.

IBM predicts rising mobile threats, critical infrastructure attacks in 2011.

As reported by BoingBoing, former Google Android security framework engineer Chris Palmer, who is now technology director of the nonprofit Electronic Frontier Foundation, addresses the risks posed by mobile operating system manufacturers’ lax approach to security:

“Mobile systems lag far behind the established industry standard for open disclosure about problems and regular patch distribution. For example, Google has never made an announcement to its android-security-announce mailing list, although of course they have released many patches to resolve many security problems, just like any OS vendor. But Android open source releases are made only occasionally and contain security fixes unmarked, in among many other fixes and enhancements…

Android is hardly the only mobile security offender. Apple tends to ship patches for terrible bugs very late. For example, iOS 4.2 (shipped in early December 2010) contains fixes for remotely exploitable flaws such as this FreeType bug that were several months old at the time of patch release. To ship important patches so late is below the standard set by Microsoft and Ubuntu, who are usually (though not always) much more timely. (For example, Ubuntu shipped a patch for CVE-2010-2805 in mid-August, more than three months before Apple.)”

Other industry leaders disagree. CIO.com’s Bill Snyder has stated:

“I was sitting in the middle of one of the most security conscious crowds you’d ever come across—about 200 computer security professionals listening to a high-powered panel on mobile security threats at the RSA Conference in San Francisco last week. And you’d think that after nearly 90 minutes of discussion, I’d leave the room all a twitter (pardon the pun) and scared that my iPhone was about to go rogue. Not at all. In fact, I left feeling a lot more relaxed about the security of my smartphone, and a little more skeptical about the barrage of hacker warnings to which we’ve all been subjected.”

Ed Amoroso, chief security officer of AT&T, said:

“Day-to-day mobile threats haven’t (yet) caused much harm.”

Ian Robertson, security research manager for BlackBerry developers  Research in Motion, said:

“I can count on one hand the pieces of (mobile) malware I’ve seen installed.”

And quoted in NPRs All Things Considered is Paul Smocer, who is in charge of technology at the banking trade group The Financial Services Roundtable:

“I have begun to use mobile banking myself, yes. We haven’t seen a whole lot of malicious software yet. Part of that relates to the fact that there are so many different manufacturers and operating systems in the mobile world. But part of it, I think, is also to do with the fact that this is a relatively new environment, and unfortunately, crime follows growth.”

The truth, of course, lies in the middle. While the mobile security industry isn’t exactly under siege, there is clearly more work to be done. It’s smart to invest in antivirus protection for your mobile phone, keep its operating system updated, and be cognizant of how you use you phone, so that you can avoid putting your data at risk.

Robert Siciliano is a personal security expert contributor to Just Ask Gemalto. (Disclosures)

A Third Of Break-in Victims Suffer From Anxiety

The impact of a burglary far surpasses the cost of replacing stolen items or damaged property, as research by ADT Security reveals break-ins cause anxiety in 34% of victims.

Honestly, this number seems low. I still have anxiety from a break-in from a home I owned 15 years ago, that was 4 houses ago! That feeling never really leaves you. It’s a constant reminder to be vigilant and activate that alarm.

The inaugural Secure Homes Report, which surveyed 2000 homeowners and renters, reveals that 40% of victims experienced reduced trust levels, 16% experienced sleeping problems and 8% were no longer able to be at home alone following break-in or burglary.

According to the research, the majority of those surveyed are aware of the need for home security, with 93% locking their doors.

But when those surveyed had been victims of a previous break-in they chose more advanced custom home security solutions. As many as 65% of break-in victims reported they upgraded their homes security after their homes were broken into.

I’ve seen even higher statistics than that. In an informal survey I’ve done, almost 9 out of 10 people I talked to installed a home security system after they were broken into.

Once a home is burgled, people lose their sense of security and try to gain it back with the installation of an alarm. A home alarm certainly provides security, but people who are victimized in this way often face years of emotional aftershocks.

The key to security is thinking proactively and doing things to secure yourself and family before something bad happens. Don’t think “it can’t happen to me”, think “yes, there is a chance this can happen and I’m going to set an example and proactively do something about it.”

Robert Siciliano personal and home security specialist to Home Security Source discussing ADT Pulse™ on Fox News.

Hackers Go After Points, Credits, and Virtual Currency

In a previous post I discussed virtual currency, which is used to purchase virtual goods within a variety of online communities, including social networking websites, virtual worlds, and online gaming sites. These virtual dollars and virtual goods have real value.

Virtual currency includes the points customers receive from retailers, merchants, airlines, hotels, and credit card companies through loyalty reward programs. These reward points are supposedly the second most traded currency on the planet.

Gizmodo reports that hackers have targeted Microsoft points, the currency used to purchase digital goods and gift cards for the Xbox and Zune. Someone cracked the algorithm Microsoft uses to generate codes for those gift cards, and released that information online. A website was used to generate more than a million Microsoft points worth of free gift cards, as well as other Xbox items, before Microsoft was able to shut it down.

In 2009, Facebook created a virtual currency called Credits, which users spend on games and other Facebook content. Facebook has worked with fraud fighters to test and structure this currency so as to avoid attracting criminals, but as with any virtual currency, criminal activity is inevitable.

Hackers even steal carbon credits. European carbon traders were fooled by a phishing email, which allowed hackers to access the victims’ online accounts and then transfer more than $50 million in carbon credits into their own accounts. Of course, the hackers promptly resold those credits for profit.

Virtual thieves can sell stolen points in online forums or on eBay, or they can try to exchange points for rewards. However, most online retailers, social media, and gaming websites recognize the thieves’ behavior patterns when cashing in stolen points. By analyzing the history of the device being used to access a website, the website’s operator can prevent fraudulent transactions.

iovation’s ReputationManager 360 is getting a lot of attention for preventing chargebacks, virtual asset theft, gold farming, code hacking and account takeovers. The service identifies devices and shares their reputation including alerting businesses to real-time risk. Online businesses use device reputation to prevent fraud and abuse by analyzing the computers, smartphones, and tablets being used to access their websites.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses scammers and thieves on The Big Idea with Donnie Deutsch. (Disclosures)

Serial Killer Loose On Long Island

“The serial killer who dumped his victim’s bodies in the thick brush along several miles of New York’s breathtaking beachfront may have dismembered several of them, law enforcement authorities have told ABC News.”

The chance of you ever coming face to face with a serial killer is extremely slim, unless of course you are a prostitute, then the odds change. Either way there is an extremely slim chance you’d ever get struck by lightning too. But I’ll bet you wouldn’t go climbing a metal flag pole in a lightning storm.

On Long Island, New York officials have found the remains of 9-10 bodies most believed to be women and so far one child.

Much speculation has come about regarding the killer’s profile. Some say his IQ may be as high as 120, he is probably white, mid 30’s, and integrated into the community. He could be a neighbor, boss and some say a cop or military.

The case points to how the killer is someone who looks like you and I and acts like you and me, but simply doesn’t think like you and I.

He may “suffer” from anti-social personality disorder. They lack empathy for others’ feelings. They aren’t concerned about the consequences of their actions and the potential harm it may do others. Many in prison are said to have this “ailment.”

According to the U.S. Bureau of Justice Statistics “In 2008, over 7.3 million people were on probation, in jail or prison, or on parole at year-end — 3.2% of all U.S. adult residents or 1 in every 31 adults.”  2,304,115 were incarcerated in U.S. prisons and jails.

There is an old saying born of motorcycle gangs called “one percenters”.  The theory is 1% of all people come out of their momma just bad. According to these stats, it may actually be 3.2 percent.

Unfortunately, while most people are civilized, few aren’t. The uncivilized don’t have the same boundaries as us and sometimes kill for their own pleasure.

Lock up, install a home security system, take a self defense course, and keep your head up.

Robert Siciliano personal and home security specialist to Home Security Source discussing self defense and rape prevention on NBC Boston

Lawmakers Push To Shield Last 4 Social Security Numbers

Most of us have become accustomed to giving out the last four digits of our Social Security numbers. But this customary request is becoming increasingly problematic, and two Rhode Island lawmakers are responding by pushing legislation to stop businesses from asking for the last four digits of customers’ Social Security numbers.

Researchers at Carnegie Mellon University have developed a reliable method for predicting Social Security numbers, including the first five digits, using information from social networking sites, data brokers, voter registration lists, online white pages, and the publicly available Social Security Administration’s Death Master File. This, of course, makes the last four digits vulnerable.

NBC 10 Rhode Island reports, “The lawmakers say identity thieves can often determine an entire Social Security number from just a few digits. They called the bill ‘a seemingly small, but vitally important way for government to further protect its citizens from the financial and emotional devastation of identity theft.’”

The nine-digit Social Security number is composed of three parts. The first set of three digits is the Area Number. The second set of two digits is the Group Number. The final set of four digits is the Serial Number.

The Area Number is assigned by geographical region. Prior to 1972, when cards were issued in local Social Security offices around the country, the Area Number represented the State in which the card was issued, but not necessarily the applicant’s state of residence.

The Group Number ranges from 01 to 99, but numbers are not assigned in consecutive order. For administrative reasons, odd numbers from 01 through 09 are issued first, followed by even numbers from 10 through 98.

Serial Numbers run consecutively from 0001 through 9999.

This numbering scheme was designed in 1936, before the existence of computers, primarily for the purpose of tracking Social Security benefits. It was not designed to be used as a national identification number, as it arguably is used today. And once a criminal gets your Social Security number, he has extensive access to your identity.

To avoid becoming an identity theft victim, consider subscribing to an identity theft protection service that offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your accounts.

For additional tips, visit CounterIdentityTheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss Social Security numbers as national identification on Fox News. (Disclosures)

Mobile Banking Becoming an E-Commerce Staple

Mobile banking, m-banking, or SMS banking refers to online banking that occurs via mobile phone or PDA rather than a PC. The earliest mobile banking services were offered over SMS, but with the introduction of smartphones and Apple iOS, mobile banking is being offered primarily through applications as opposed to text messages or a mobile browser.

Mobile banking reduces expenses by allowing customers to review transactions, transfer funds, pay bills, and check balances without relatively expensive phone calls to a bank’s customer service call center. More than half of all customer service calls already come in from mobile phones, and studies show consumers are twice as likely to have a cell phone than cash when out and about. Younger consumers, who are most likely to carry cell phones, are also heavy debit card users who require frequent balance checks.

Enhanced security with SMS transaction notifications and the ability to turn card accounts on or off, and new technologies like mobile check deposit, in which you simply take a cell phone picture of the check, are contributing to the increasing popularity of mobile banking. Eventually, mobile phones may even replace ATMs and credit cards.

About 10% of U.S. households currently use mobile banking, according to market research firm Nielsen, and Forrester predicts that one in five adults in the U.S. will be useing mobile banking by 2015:

“Consumer adoption of smartphones and increasing use of the mobile Web will drive sustained growth of casual, informational use of mobile banking — to check balances, review transactions, or receive alerts. Creating preference for mobile banking broadly will require banks to deliver more obvious value and superior execution than other channels offer. Functionality like mobile remote deposit capture and contactless mobile payments alone, though, will not anchor mobile banking the way that bill payment and account transfers have done for online banking. Channel managers must address issues of duplicate functionality, marginal user experiences, and a general failure to exploit the most valuable aspects of the channel if mobile banking is to become a critical part of how consumers manage their accounts.”

Standard, PC-based online banking is holding steady at around 40%, banks like USAA and Bank of America are reporting big increases in mobile banking in the last two years.

Like regular online banking, mobile banking won’t be for everyone. But as more banks and credit unions recognize the financial efficiency of mobile banking, they will invest in applications that make banking that much more convenient for their customers. And as those customers take advantage of the timesaving features provided by their banks, mobile banking will grow exponentially.

Robert Siciliano is a personal security expert contributor to Just Ask Gemalto. (Disclosures)

102-Year-Old Woman’s Identity Stolen

How low can you go? In Virginia, a man has been accused of identity theft, forgery, and obtaining money by false pretenses.

The 25-year-old accused claims, “I know I’m not guilty of any of theses charges…The day that it aired people were calling me and texting me and asking me what have I done and I was like what are you talking about? I thought I was being pranked.”

He is, however, on probation for similar charges, but he swears that he’s no longer a criminal, though he was six years ago. Well, all right then, I guess he must be innocent!

According to detectives, in one scam he used counterfeit checks to make purchases at various stores, and then returned his purchases to different stores in exchange for cash.

One of his identity theft victims is a 102-year-old woman who recently graduated from the city’s citizen police academy, the oldest person ever to do so. “I don’t know how they got my identity,” she said.

How cool is she? But how difficult must it be to recover from identity theft at 102 years old?

Observing a few basic security precautions to protect your identity may help you avoid such a chore.

Consumers should also consider investing in an identity theft protection product that offer daily credit monitoring, proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your accounts. McAfee Identity Protection includes all these features, as well as live access to fraud resolution agents in the event that your identity is ever compromised.

For additional tips, visit CounterIdentityTheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss identity theft victims on The Morning Show with Mike and Juliet. (Disclosures)

Mobile Payment Set to Dramatically Increase

Mobile payments generally involve three participants: the mobile device, the merchant, and a financial service provider or trusted third party.

That trusted third party, or TTP, is an established, reputable fiduciary entity accepted by all parties to an agreement, deal, or transaction. A TTP authenticates and authorizes users in order to secure a payment transaction, and acts as an impartial intermediary for the settlement of payments and any problems that arise after the transaction has occurred.

There are various mobile payment delivery options. Near Field Communications is a contactless delivery system, involving a chip that is either built into the phone itself, into a card within the phone, or a sticker attached to the phone. There are also new applications that facilitate mobile payments, most of which involve a barcode that the user scans at the register.

The statistics for mobile payment are impressive. The U.S. mobile payment industry encompasses a number of categories, including mobile bill payment, mobile point of sale, m-commerce, and mobile contactless. Mobile bill payment, in which consumers pay bills via mobile phone, currently makes up the bulk of the U.S.’s mobile payment industry. Mobile point of sale, in which a consumer’s phone is used as a point of sale device, accounts for just over 5%, but is expected to grow by 127% in the next five years, to $54 billion in transactions. Mobile contactless is expected to grow 1,077% by 2015. The gross dollar volume of mobile payments overall is expected to grow 68% by 2015.

This is all very exciting, but the Payment Card Industry Standards Council is not yet granting approval to any mobile payment applications. With the explosive growth of the mobile payment industry, they are holding off and waiting to see which technologies rise to the top. This shouldn’t be a concern for mobile phone users, though, since the merchant, rather than the customer, undertakes the bulk of the risk.

Meanwhile, as you increasingly use your phone for mobile payments, be aware that the phone correspondingly increases in value to thieves and hackers. So keep track of your cell phone. You wouldn’t leave your wallet on a bar and walk away, and you shouldn’t do that with your phone, either. And be cautious when visiting websites on your phone’s browser, clicking on links, or responding to text messages.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses mobile phone spyware on Good Morning America. (Disclosures)

Five Mobile Operating System Options

There are a number of mobile operating systems, but five major players have floated to the top, dominating a major chunk of the market. It used to be that people chose their phone only by their carrier and what brands they offered. Today many choose their phone based on the manufacturer and its operating systems features.

Symbian: 31% of all mobile phones run this open-source operating system, most of which are “feature phones,” otherwise known as dumb phones, as opposed to smartphones. Nokia is the largest shareholder and customer. Other brands whose phones run Symbian include Fujitsu, Samsung, Sharp, and Sony Ericsson.

Symbian’s worldwide market share has declined from over 50% in 2009 to about 30% in 2010. Last month, Nokia announced a partnership with Microsoft, which will replace Symbian OS with Windows’ operating system.

Windows Mobile 7: Less than 5% of all mobile phones run Windows Mobile 7, which took over where Windows Mobile left off. This is a closed-source operating system that can be managed through Microsoft Exchange. Microsoft’s mobile industry market share has recently slipped quite a bit, leaving the future of Windows Mobile 7 uncertain.

BlackBerry RIM: BlackBerrys running this closed-source operating system make up 15% of all mobile phones. BlackBerry RIM began as an enterprise solution, and still is for the most part, but a consumer base has developed. Businesses like BlackBerry RIM because enhanced end-to-end encryption is standard with BlackBerry Enterprise Server. BlackBerry RIM meets the Department of Defense’s requirements, and it’s good enough for the President. This system supports over 15,000 applications, and over two million are downloaded daily.

Apple iOS: 16% of all mobile devices are iPhones or iPads running Apple iOS. This is a closed-source operating system. Currently, Apple iOS supports over 400,000 applications, including third party applications as of July 2008, which have been downloaded over 10 billion times.

Google Android: 33% of all phones run Google Android, an open-source, Linux-derived operating system backed by Google, along with major hardware and software developers that form the Open Handset Alliance. (Intel, HTC, ARM, Samsung, Motorola, and eBay, to name a few.) Google operates the official Android Market, which contains over 150,000 applications, with an estimated 3.7 billion downloads.

In summary, I’ve had plenty of Symbian-based phones, but at this point, I’ll may never have one again mainly because they are more feature than smart. I’ve never had the type of job that requires a BlackBerry. Many love the Android operating system, and though it has its detractors, I do love Google and may consider Android. But for now, I’m still in awe of my iPhone.

Robert Siciliano is a personal security expert contributor to Just Ask Gemalto. (Disclosures)