Neighbor Gets 18 Years for Hacking Neighbor

/in /by

Home security in the physical world is locks, cameras and a home security system. In the virtual world home security is protecting your homes wireless internet connection.

I’ve spoke many times of how hackers can invade your wireless internet and steal your identity by getting onto your computer. We’ve also touched on how pedophiles can hijack your wireless internet and download child porn which can get the FBIs attention resulting in a battery ram on your front door at 3 am.

In Minnesota prosecutors put away a “depraved criminal” for 18 years as a result of virtually torturing his neighbors via their Wi-Fi connection.

After a brief encounter with his new neighbors he began “a calculated campaign to terrorize his neighbors”.

Wired reports “He demonstrated by his conduct that he is a dangerous man. When he became angry at his neighbors, he vented his anger in a bizarre and calculated campaign of terror against them,” (.pdf) prosecutor Timothy Rank said in a court filing. “And he did not wage this campaign in the light of day, but rather used his computer hacking skills to strike at his victims while hiding in the shadows.”

It’s a pretty frightening story that should scare you into locking down your wireless internet.

When setting up a wireless router, there are two suggested security protocol options. Wi-Fi Protected Access (WPA and WPA2) which is a certification program that was created in response to several serious weaknesses researchers had found in the previous system, Wired Equivalent Privacy.

Robert Siciliano personal and home security specialist to Home Security Source discussing home security and identity theft on TBS Movie and a Makeover. Disclosures.

 

Rogue Locksmiths Pose Threat to Home Security

/in /by

I’m a big fan of the trade and recommend everyone engage their local locksmith for a review of your hardware to determine if yours is adequate for your home security. Chances are at some point in your life you will need a locksmith in an emergency situation whether for your car, home or place of business.

But like any trade there are professionals and there are shysters. Locksmithing is worldwide, but your locksmith should be local, trusted and a member of the Associated Locksmiths of America, at least.

The Federal Trade Commission has issued an alert regarding shifty, shady, unlicensed scammy locksmiths.

“If you’ve ever locked yourself out of your car or home, you know what a hassle it can be. Your first thought is to get someone to help you out of your situation. If a family member or friend can’t deliver a spare set of keys, your next call might be to a local locksmith. But before you make that call, consider this: According to the Federal Trade Commission (FTC), the nation’s consumer protection agency, some locksmiths advertising in your local telephone book may not be local at all. They may not have professional training. What’s more, some of them may use intimidating tactics and overcharge you.”

Research local locksmiths before you need one, the same way you would a plumber, electrician, or other professional. Use your towns local newspaper or local directory opposed to the yellow pages. Scammers often use yellow pages opposed to local directories. Plug the number into your mobile phone now.

When ordering services get an estimate for everything and hold them to it. There shouldn’t be a big mystery to what work they will need to do.

Ask the locksmith for ID and expect the locksmith to ask you for identification, as well. A legitimate locksmith should confirm your identity and make sure you’re the property owner before doing any work.

 

Some locksmiths will work out of a car for quick or emergency jobs, but most will arrive in a service vehicle that is clearly marked with their company’s name.

 

Robert Siciliano personal and home security specialist to Home Security Source discussing ADT Pulse on Fox News Live. Disclosures

 

Flash Mob Attacks On The Rise

/in /by

You’ve heard of “flash mobs” when a group of people suddenly get together in some form of public place for a performance of some sort generally in the name of fun. They are formed when someone posts something on Facebook or Twitter and text messages begin to go viral. All of a sudden a time and meeting place is confirmed and the party begins a short time later.

There is an example of a flash mob on one in a television commercial of a solo man dancing in what looks like Grand Central Station in NY and he gets the text too late that the flash mob moved to another location. Another fun example happend Cape Cod, not far from where I live around Independence Day when a number of musicians flash mobbed a supermarket in song. Here, it’s awesome!

But an unfortunate twist to flash mobs are ones that are born to be vicious and violent. There seems to be a trend happening in parts of the country that you need to be aware of. An example of a flash mob happened in Boston when a reported 1000 youths, many involved in gangs all gathered at or near a beach and many began fighting.

Just like home security, your personal security begins with situational awareness. Situational awareness is key to avoiding and removing yourself from a dangerous situation. The moment something seems wrong move to safety.

Always be aware of what is going on 100 feet around the perimeter of your body. When something seems wrong, it is wrong.

The moment your intuition senses danger, run. I’m a big fan of running, just like gazelles’ are big fans of running from lions.

Robert Siciliano personal and home security specialist to Home Security Source discussing ADT Pulse on Fox News. Disclosures

The Benefits of Multifactor Authentication

/in /by

The Federal Financial Institutions Examination Council (FFIEC), a formal government interagency body empowered to prescribe uniform principles, standards, and report forms for the federal examination of financial institutions, recently issued a supplement to the 2005 document “Authentication in an Internet Banking Environment” effective January 2012. The FFIEC has acknowledged that cybercrime is increasing and financial institutions need to increase their security and that of their customers.

Specifically the FFIEC states: “Since virtually every authentication technique can be compromised, financial institutions should not rely solely on any single control for authorizing high risk transactions, but rather institute a system of layered security, as described herein.”

This means the simple “username/password” combination for accessing your online banking is ineffective. And that banks should “adjust their customer authentication controls as appropriate in response to new threats to customers’ online accounts” and “financial institutions should implement more robust controls as the risk level of the transaction increases.”

The FFIEC’s previous statement implies it is encouraging the use of dual customer authorization typically seen when using digital security devices including smartcards and password generating key fobs.

This is where multifactor authentication comes in. Multifactor is generally something the user knows like a password plus something the user has like a smart card and/or something the user is like a fingerprint. In its simplest form, it is when a website asks for a four digit credit card security code from a credit card, or if our bank requires us to add a second password for our account.

Some institutions offer or require a key fob that provides a changing second password (one-time password) in order to access accounts, or reply to a text message to approve a transaction. All of this extra security is good for you.

Like Mom used to say, “Broccoli: like it or not, it’s for your own good.”

These measures provide layers of protection, which allow you to enjoy the convenience of online services with minimal risk. The benefits of logging in online and adding an extra code is far more convenient than schlepping all the way to the bank in person.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto.

What Identity Theft Protection Is and Is Not

/in /by

To all you security companies out there, listen up: “identity theft protection” has become an overused and abused marketing term, which is often used to sell a product or service that doesn’t actually protect users from identity theft. It’s like labeling food “natural” when we know it’s not “organic.” It’s incorrect at best and a lie at worst.

Every security company on the planet claims to protect identities. But a firewall is not identity theft protection. An encrypted thumb drive is not identity theft protection. Antivirus software is not identity theft protection. One could argue that phishing alerts count as identity theft protection, but not really. Do these tools protect your identity? Sort of.

A true identity theft protection service monitors your identity by checking your credit reports and scanning the Internet for your personal information. It looks out for your Social Security number, and if something goes wrong, an identity theft protection service has people who’ll work with you to resolve the problem.

I get an email every month confirming my identity’s health. This is what identity theft protection looks like:

“Dear Robert Siciliano,

No news is good news! Your credit reports from all three bureaus, Experian®, Equifax®, and TransUnion®, have been monitored daily for the past month. We’re pleased to let you know that there is no new activity reported. As a McAfee Identity Protection user, we’ll continue to monitor your credit report every day for your protection.

Remember, McAfee Identity Protection helps protect you from the financial loss and hassle associated with identity theft. Log in to your Protection Center and review your protection status any time. Just click here and enter the Username and Password you selected when you enrolled.

As always, you can get help from a dedicated Fraud Resolution agent if any suspicious activity should appear on any of your credit reports.

If you have any questions about McAfee Identity Protection, please call Customer Support at 1-866-622-3911.

Sincerely,

McAfee, Inc.”

That’s what identity theft protection is. Don’t get me started!

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss identity theft on YouTube. (Disclosures)

5 Security Considerations for a Mobile Phone

/in /by

Nielsen reports “We are just at the beginning of a new wireless era where smartphones will become the standard device consumers will use to connect to friends, the internet and the world at large. The share of smartphones as a proportion of overall device sales has increased 29% for phone purchasers in the last six months; and 45% of respondents indicated that their next device will be a smartphone.”

Mobile users have recently captured the attention of cyber criminals. The Department of Homeland Security and the STOP. THINK. CONNECT. program recommend the following tips to help you protect yourself and to help keep the web a safer place for everyone.

You can protect yourself from cyber criminals by following the same safety rules you follow on your computer when using your smartphone. These rules include:

Access the Internet over a secure network: Only browse the web through your service provider’s network (e.g., 3G) or a secure Wi-Fi network.

Be suspicious of unknown links or requests sent through email or text message: Do not click on unknown links or answer strange questions sent to your mobile device, regardless of who the sender appears to be.

Download only trusted applications: Download “apps” from trusted sources or marketplaces that have positive reviews and feedback.

Be vigilant about online security: Keep anti-virus and malware software up to date, use varying passwords, and never provide your personal or financial information without knowing who is asking and why they need it.

Don’t jailbreak an iPhone: Most of the infections that have plagued iPhone users occur when the phone is jailbroken. Jailbreaking is the process of removing the limitations imposed by Apple on devices running the iOS operating system. Jailbreaking allows users to gain full access (or root access) to the operating system, thereby unlocking all its features. Once jailbroken, iOS users are able to download additional applications, extensions and themes that are unavailable through the official Apple App Store.” Jailbroken phones are much more susceptible to viruses once users skirt Apples application vetting process that ensures virus free apps.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto.

Medical Temp Arrested For Identity Theft

/in /by

You’ve probably heard the phrase “a fox watching the henhouse.” Today, that applies to people on the inside of organizations who work in trusted positions, and who use those positions to steal client or employee information for their own personal gain.

As much as 70% of all identity theft is committed by individuals with inside access to organizations such as corporations, banks, or government agencies, or by someone who has an existing relationship with the victim. People with access to sensitive personal data are most likely to commit identity theft. For many, it’s just too easy not to.

In a doctor’s office in Stamford, Connecticut, police arrested a 42-year-old New York woman for using patients’ credit card numbers, which she accessed while working as a temporary hire. When patients paid by credit card, the temp would copy down the numbers and later make fraudulent charges.

An identity thief begins by acquiring a target’s personal identifying information, such as name, credit card number, Social Security number, birth date, home address, account information, etc. If the thief has access to a database, this information is typically there for the taking.

Many credit applications and online accounts request current and previous addresses. So the thief fills out the victim’s current address as “previous” and plugs in a new address, usually a P.O. box or the thief’s own address, where the new credit card or statement will be sent.

Protect yourself:

Currently, there is no way to prevent credit card fraud, or “account takeover.” Instead, check your statements diligently and refute unauthorized charges within 60 days, or two billing cycles. In most cases, your credit card company will quickly resolve the issue.

Protecting yourself from new account fraud begins with closely monitoring your credit files at each of the three major credit bureaus. However, you need to monitor your credit daily, which is nearly impossible on your own, and far from cost-effective. That’s where identity theft protection comes in.

To protect yourself from scams, consider subscribing to an identity theft protection service, which offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your accounts. For additional tips, please visit CounterIdentityTheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss an identity theft pandemic on CNBC. (Disclosures)

Standards Will Bring Mobile Payment

/in /by

Mobile payment has been around for years in numerous forms for purchases such as downloading music, ringtones and various other services and is now gaining traction for retail purchases in the U.S. But its implementation in the U.S. is a bit slower due to a lack of standardization of payment methods and the overall security concerns of mCommerce. Some consumers in the U.S. have had bad experiences with criminal hacking and data breaches and are concerned about their security and are waiting for the various handset manufacturers (those who make the phones), mobile carriers (those who provide mobile service) and third party technology providers (those who make the technology facilitating financial transactions) to agree on standardization leading to more secure transactions.

However, for many years in Japan and South Korea for example, mobile penetration has been much higher and many people don’t and have never owned PCs (or have been hacked) as they function purely from mobile devices. Security hasn’t been as much a concern. It’s a perfect example of “ignorance is bliss.”

Consumers in the U.S. overwhelmingly want mobile payment. A recent study by Mobio showed “49 percent of Americans said they’ve used their mobile phones to make a payment or purchase in the past three months. And 77 percent of the 1,085 respondents in North America said they would be interested in using their mobile phones to make a payment or purchase. The response was higher — 84 percent — in the 35 to 44 year old age group and among Canadians (86 percent versus 72 percent of U.S. respondents).”

Near Field Communications (NFC), the engine behind mobile payments comes in a variety of forms and there are multiple players trying to makes theirs a standard. Bank Systems Technology reports the disagreements involve banks, credit card companies and the third party technologies all coming together with mobile carriers. The mobile carriers want to control near-field communication and mobile payment fees by maintaining control over the phones payment technology containing their users’ credentials. Mobile carriers see the devices they support as revenue generators that should grant them mobile payment per transaction fees.

Meanwhile, consumers crave mobile payment and must adapt until the big guys fight it out to see who ends up top dog. However, because there is a relatively low security risk in mobile payment, consumers stand to benefit by trying out and adopting the various methods presented. I’m frequently using 2-3 methods such as the Paypal App which allows me to send and receive payments and Square which allows me to make and receive credit card payments on the spot. I find both convenient and fun!

Robert Siciliano, personal security expert contributor to Just Ask Gemalto.

Device Intelligence Helps Stop Scammers Targeting Social Media Sites

/in /by

We’ve heard this story before, but unfortunately it happens over and over again. Social media and dating sites are overrun with criminals who pose as legitimate, upstanding individuals, but are really wolves in sheep’s clothing.

In Florida, a man named Martin Kahl met a 51-year-old woman and they developed an online romance. A quick search for the name “Martin Kahl” turns up many men with the same name and no obvious signs of trouble.

This particular Martin Kahl told his online girlfriend that he would soon be working in Nigeria (red flag) on a construction project, but a short time later he informed her that the job had fallen through. He cried poverty and asked her to send him money, which she did.

(If there are people in your life who might be prone to falling for a scam like this, please reel them in immediately. Any of their financial transactions ought to require a cosignatory.)

Anyway, during their affair, Kahl claimed he had been arrested (red flag) on some bogus charge, and requested that the woman bail him out to the tune of $4,000, which she most likely paid via money wire transfer (red flag).

All told, she sent the scammer at least $15,000 during their relationship. Sadly, social media sites can do more to protect their users, and should take advantage of information that readily exists for them to use — the known reputations on over 650 million devices in iovation’s device reputation knowledge base. Computers that are new to these social networks dealing with scammers and spammers are rarely new to iovation.  They have seen these devices on retail, financial, gaming or other dating sites and will help social sites know in real-time, whether to trust them.

In the case above, the phone numbers used in the scam were traced overseas. The computer or other device the scammer used to go online could surely also have been traced overseas and could have been flagged for many things:  hiding behind a proxy, creating too many new accounts in the social network, device anomalies such as a time zone and browser language mismatch, past history of online scams and identity theft, and the list goes on.  Scammers in countries such as Ghana, Nigeria, Romania, Korea, Israel, Columbia, Argentina, the Philippines, or Malaysia conduct many of these scams, spending their days targeting consumers in the developed world.

Social media sites could protect users by incorporating device identification, device reputation, and risk profiling services to keep scammers out. Oregon-based iovation Inc. offers the world’s leading device reputation service, ReputationManager 360.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses Dating Security on E! True Hollywood Stories.  Disclosures

llegal Alien Steals Identity, Becomes Cop

/in /by

In a story that could have come right out of a movie, a widely respected police officer turned out to be a Mexican national who stole an American identity and moved to Alaska to become a cop. I’ll bet Sarah Palin didn’t see this one coming.

Fox News reports that the identity thief had been employed as an Anchorage police officer using his assumed name since 2005. Police and federal prosecutors said he didn’t have a criminal record. He does now!

“Federal agents processing a renewal request for his passport discovered the alleged fraud. He was arrested Thursday after authorities searched his home and found documents confirming his true identity, officials said. The passport fraud case is similar to one involving a Mexican national who took the identity of a dead cousin who was a U.S. citizen in order to become a Milwaukee police officer in 2007.”

Crimes like this are possible because citizens have yet to be identified effectively and reliably. We are identified solely by paper documents and photographs, and our Social Security numbers are our primary identifying account numbers.

All an identity thief needs is your Social Security number, which they can use to apply for additional documentation and, eventually, a passport or driver’s license in your name. Once they begin this process they will also apply for credit under your name and, in most cases, ruin your credit history.

You will not know someone has obtained a passport or driver’s license under your name until there is a problem, unless perhaps a red flag pops up when renewing your identification. But by then, whoever has obtained identification in your name will probably have run up unpaid credit card bills in your name, too. That’s where identity theft protection comes in.

McAfee, the most trusted name in digital security, includes proactive identity surveillance to monitor subscribers’ credit and personal information, as well as access to live fraud resolution agents who can help subscribers work through the process of resolving identity theft issues. For additional tips, please visit CounterIdentityTheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss illegal immigrant identity theft on Fox news. (Disclosures)