Victim Jumps from Second Floor in Home Invasion

/in /by

In Illinois in an apartment building that just happens to be in yelling distance from a police station, a man jumped from his second floor window screaming for help. Fortunately the police were able to catch the two guys who invaded his apartment.

Apparently he didn’t have a home security alarm system, which is an option in an apartment and something to consider.

Two men kicked in his door threatening the man with a gun and proceeded to tie the guy up. When they left to kick in the door of another apartment he was able to break free and that’s when he jumped.

I’ve often thought of what my response would be in a situation like this as my home has multiple floors. As a result I’ve taken my wife floor to floor and discussed the possibilities of escape and the logistics involved.

Jumping from a second floor window or porch certainly could kill you. So can falling off a chair you might be standing on to water plants. However a second floor window in most cases won’t be much higher than 20 feet and faced with a gun or a knife wielded by a violent home invader, jumping 20 feet for this guy was definitely an option for him.

On houses with porches that have poles and posts and the resident is adept at climbing that may be a consideration for some.

The safest and most recommended option is a fire escape ladder. I own a 25 foot ladder, three-story fire escape ladder with anti-slip rungs that can hang out a window.

It’s in my closet in case of fire or a home invasion and hopefully I never have to use it.

Robert Siciliano personal and home security specialist to Home Security Source discussing ADT Pulse™ on Fox News. Disclosures

Disclosing Data, Despite Breaches

/in /by

The ticker tape of data breaches in the last few months has been astounding. Many have called 2011 “The Year of The Hacker“ and that prognostication has rung true, without question. Halfway through the year, data breaches are an incessant news story.

And despite the constant stream of bad news, consumers continue divulging a tremendous amount of data to retailers, auction sites, dating sites, and gaming sites. While awareness of fraud and cybercrime is at an all time high, consumers seem to feel they don’t have much of a choice but to provide all their data.

People have grown to love the Internet and all the conveniences it offers, both commercially and socially. In my household, little people under five years old whack away at online iPhone games, never knowing what it’s like not to have the Internet.

Many seem to feel that their privacy is the price they must pay for all this connectedness and convenience, and are even willing to put their personal security at risk in exchange.

Scammers know and are capitalizing on this. There isn’t an online gamer, dater, social networker, or consumer today who isn’t at some level of risk.

While all necessary defenses must be employed to prevent hackers from compromising data, an additional layer of protection should be implemented to keep them off websites in the first place.

Every one of these platforms would do well to stem the tide of fraud by incorporating device reputation. One anti-fraud service offering fast and effective results is iovation’s ReputationManager 360. This service incorporates device identification, device reputation, and real-time risk profiling. Hundreds of online businesses prevent fraud and abuse by analyzing the computer, smartphone, or tablet connecting to their websites, and with iovation’s service, they stop 150,000 online fraudulent activities each day.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses another databreach on Good Morning America. (Disclosures)

Hacking Voicemail is Scary Easy

/in /by

Imagine someone jeopardizing your home security system by hacking your phone’s voicemail. There’s been a widely reported story of a British tabloid newspaper accused of accessing voicemail  messages of murder victims, government officials, celebrities and possibly victims of the 9/11 terrorist attack.

The story broke in response to the tabloids manipulating voicemail of a 13 year old girl who was a murder victim and soldiers who fought in Iraq and died. The FBI is apparently investigating.

It seems there is a flaw in many telecom systems that allow the snooper to check a targets voicemail as long as the voicemail believes the call is coming from that persons caller ID.

Snoopers can access readymade hacking scripts online to perform these tasks or simply enlist one of many “caller ID spoofing” services. These services allow for anyone to make a call to any number and trick the voicemail into believing it’s coming from the voicemails intended account holder.

Once the voicemail is accessed the caller may not need a PIN or access may be granted via default passwords like 1111 or 0000. When the voicemail receives a call they think is coming from the correct phone number spoofed by caller ID it automatically trusts it.

The quickest fix to protect voicemail is to make sure your voicemail requires a PIN especially when you call it from your phone. And make sure that PIN isn’t a default PIN or one that is easily guessed.

Robert Siciliano personal and home security specialist to Home Security Source discussing mobile phone spyware on Good Morning America. Disclosures.

Home Invasion Murder Happens Close to Home

/in /by

All this scribbling I do about home security cameras and home alarm systems is actually part of a business I run so it requires me to have an administrator to perform certain duties that she’s better at than I am. Earlier this week I reached out to her via text and briefly she wasn’t responding.

Then I get this text: “I’m in New Hampshire at a friend’s. My girlfriend was murdered Saturday night by her fiancés son. Then he shot himself. The kid that killed her broke into the neighbor’s house and tried to shoot him”

Eeesh. When people hear these stories happening in their backyard they say “I just didn’t think it would happen here”, whereas I expect it, and so does my admin.

Reports say police responded to a call about a home invasion at 5 am on a Sunday. The neighbor whose home was invaded got a knock on the door and opens it to an 18 year old sticking a shot gun in his face. He pulled the trigger and the gun misfired. The father ran off to get something to defend himself with and the intruder fled.

This was after he killed his father’s fiancé. Man O’ man. Just like that a 41 year old mother of 3 is dead because of a young man’s actions. Nobody will ever know why he did it. But there were probably signals leading up to it.

On the CDC’s website they state Violence is a serious public health problem in the United States. From infants to the elderly, it affects people in all stages of life. In 2007, more than 18,000 people were victims of homicide and more than 34,000 took their own life.

People who act out in extreme violence like this often say and do things prior to the event over the course of days/weeks/months/years that indicate they will eventually unravel and hurt someone. Some reports say the teen was quick to anger, that he wasn’t someone you messed with. While that’s not enough to go on, it can be considered a red flag.

Visit the CDC for more information.

Robert Siciliano personal and home security specialist to Home Security Source discussing ADT Pulse™ on Fox News Live. Disclosures

15 Social Media Security Tips

/in /by

1. Realize that you can become a victim at any time. Not a day goes by when we don’t hear about a new hack. With 55,000 new pieces of malware a day, security never sleeps.

2. Think before you post. Status updates, photos, and comments can reveal more about you than you intended to disclose. You could end up feeling like some silly politician as you struggle to explain yourself.

3. Nothing good comes from filling out a “25 Most Amazing Things About You” survey. Avoid publicly answering questionnaires with details like your middle name, as this is the type of information financial institutions may use to verify your identity.

4. Think twice about applications that request permission to access your data. You would be allowing an unknown party to send you email, post to your wall, and access your information at any time, regardless of whether you’re using the application.

5. Don’t click on short links that don’t clearly show the link location. Criminals often post phony links that claim to show who has been viewing your profile. Test unknown links at Siteadvisor.com by pasting the link into the “View a Site Report” form on the right-hand side of the page.

6. Beware of posts with subjects along the lines of, “LOL! Look at the video I found of you!”  When you click the link, you get a message saying that you need to upgrade your video player in order to see the clip, but when you attempt to download the “upgrade,” the malicious page will instead install malware that tracks and steals your data.

7. Be suspicious of anything that sounds unusual or feels odd. If one of your friends posts, “We’re stuck in Cambodia and need money,” it’s most likely a scam.

8. Understand your privacy settings. Select the most secure options and check periodically for changes that can open up your profile to the public.

9. Geolocation apps such as Foursquare share your exact location, which also lets criminals know that you aren’t home, so reconsider broadcasting that information.

10. Use an updated browser. Older browsers tend to have more security flaws.

11. Choose unique logins and passwords for each of the websites you use. I’m a big fan of password managers, which can create and store secure passwords for you.

12. Check the domain to be sure that you’re logging into a legitimate website. So if you’re visiting a Facebook page, look for the www.facebook.com address.

13. Be cautious of any message, post, or link you find on Facebook that looks at all suspicious or requires an additional login.

14. Make sure your security suite is up to date and includes antivirus, anti-spyware, anti-spam, a firewall, and a website safety advisor.

15. Invest in identity theft protection. Regardless of how careful you may be or any security systems you put in place, there is always a chance that you can be compromised in some way. It’s nice to have identity theft protection watching your back.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss social media scammers on CNN. (Disclosures)

 

Make Criminals Cry UNCLE

/in /by

A Neighborhood crime watch, also called a crime watch or neighborhood watch, is an organized group of citizens devoted to crime and vandalism prevention within a neighborhood. A neighborhood watch may be organized as its own group or may simply be a function of a neighborhood association or other community association.

In South Carolina a group of concerned citizens created a crime watch organization called UNCLE. That stands for United Network of Communities on Law and Enforcement.

The members of UNCLE drive around reporting suspicious behavior. If something looks out of place, they write it down and call the police. If there are suspicious vacant houses or too many cars in a yard or trash piles, they write it down and report it. If they see a suspected drug house they find the owners name and report it. If they see cars parked out front they get the license plates and report them.

UNCLE has the feel of the “Broken Windows Theory” that was deployed in New York City and is often credited with its safe city status today.

The broken windows theory is a criminological theory of the norm setting and signaling effects of urban disorder and vandalism on additional crime and anti-social behavior. The theory states that monitoring and maintaining urban environments in a well-ordered condition may prevent further vandalism as well as an escalation into more serious crime.

None of this is “vigilantism” but more like the Department of Homeland Security’s slogan “If you see something say something” Remember, we are all in this together. Your participation in your communities’ safety and security is essential to the security of us all.

Robert Siciliano personal and home security specialist to Home Security Source discussing Home Security on NBC Boston. Disclosures.

Bump Keys Are Today’s Skeleton Keys

/in /by

Locking your doors is a first step to securing your home.

However after conducting thousands of seminars on personal security I’m amazed at how many people do not lock their doors. That one simple act can prevent a door jiggling burglar from choosing your home. However if you do lock your doors, the quality of your locks can impact your security.

Lock bumping as its known is a lock picking method that involves inserting a modified key similar to the original and lightly bumping or hitting the key with a hammer or other blunt instrument. As the key is bumped the knob is gently twisted back and forth allowing the locks tumblers to fall in place. Carefully crafting a bump key and manipulating the knob allows the modified key to unlock the door.

Locks are made up of a series of pins and springs that when properly lined up allow the fitted key to turn, thus opening the lock. Bump keys are designed to trick the pins and springs by designing the bump key to accommodate the pins and keys in a variety of ways that ultimately come together by force or through bumping and turning.

Locks manufactured utilizing “programmable side bars” and do not utilize “top pins” are considered bump proof.  Other locks that are electronic, magnetic, disc tumbler or use rotating disks are generally considered bump proof.  This is general advice that should be followed up by enlisting a certified locksmith to guide you in a safe and secure direction.

Robert Siciliano personal and home security specialist to Home Security Source discussing home security and identity theft on TBS Movie and a Makeover. Disclosures.

McAfee Reports Most Malware Ever in Early 2011

/in /by

Malware refers to malicious software, which includes computer viruses and rootkits. McAfee recently released the McAfee Threats Report: First Quarter 2011. With six million unique samples of recorded malware, the first quarter of 2011 was the most active in malware history.

In February alone, approximately 2.75 million new malware samples were recorded.  Fake antivirus software had an active quarter as well, reaching its highest levels in more than a year, with 350,000 unique samples recorded in March.

Mobile malware is the new frontier of cybercrime.

Malware no longer affects just PCs. As Android devices have grown in popularity, the platform has solidified its position as the second most popular environment for mobile malware, behind Symbian OS, during the first three months of the year.

Cybercriminals often disguise malicious content by using popular “lures” to trick unsuspecting users. Spam promoting real or phony products was the most popular lure in most global regions. In Russia and South Korea, drug spam was the most popular, and in Australia and China, fake delivery status notifications were the spam of choice. So far this year, we’ve also seen a new trend of “banker” Trojans, malware that steal passwords and other data, using UPS, FedEx, USPS and the IRS as lures in their spam campaigns.

McAfee Labs saw significant spikes in malicious web content corresponding with major news events, such as the Japanese earthquake and tsunami, and major sporting events, with an average of 8,600 new bad sites per day. In the same vein, within the top 100 results of each of the daily top search terms, nearly 50% led to malicious sites, and on average contained more than two malicious links.

Protect yourself from these and other threats.

McAfee Wave locates, locks, or wipes your phone, and even restores your data when you trade it in for a new one. If necessary, you’ll be able to lock down your service remotely or wipe out important stored data to protect your privacy. You can back up your data directly or use the web to so remotely. You can access your data online from anywhere, or locate your missing phone and plot its location on a map. If it’s lost or stolen, SIM cards and phone calls can help get it back for you.

Invest in an identity protection service. There are times when you cannot withhold your Social Security number, but an identity protection service can monitor your personal and financial data. McAfee Identity Protection provides alerts if your information is misused, credit monitoring and unlimited credit checks, and if necessary, identity fraud resolution. (For more information, visit CounterIdentityTheft.com.)

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss mobile phone spyware on Good Morning America. (Disclosures)

 

Security Cameras Catch Intruder

/in /by

Video is a great thief repellant. It is one layer of security that must be incorporated into every home security system. However there is no such thing as 100% security. And while video often catches a thief in the act, it can’t actually catch a thief. That’s what police are for.

In Des Moines Iowa, which I’ve been to a few times and is a very cool place, lots of Bald Eagles, a bar owner was awoken to a phone call from ADT Security calling to tell him the alarm in his bar was going off. At the same time the police were summoned.

Meanwhile the bar owner logged into his security systems internet enabled cameras and saw the legs of a man dangling from the ceiling through ceiling tiles! The criminal apparently cut a hole in the roof! Then he saw the man jump to the floor with a crowbar and immediately head towards his target: a ticket machine full of cash.

Obviously the thief knew what he was after. After about 3 minutes he ran out when the police arrived and narrowly escaped.

Now the police have video footage of the thief to use to hopefully catch him.

Security is about layers of protection. The protection in this case at least minimized the damage by sending off a piercing alarm reducing the damage the criminal would do if he stayed longer and then the cameras will help identify the thief. Fortunately the bar owner has insurance (which is another layer of protection) that will ultimately pay for the loss and damage.

Robert Siciliano personal and home security specialist to Home Security Source discussing ADT Pulse on Fox News. Disclosures

What The FFIEC Is Doing to Protect You and Your Bank

/in /by

FFIEC is the Federal Financial Institutions Examination Council which is a government body empowered to prescribe uniform principles, standards and report forms for the federal examination of financial institutions by and for numerous other government, public, private and financial entities.

If there is a “good” place for your tax dollars to head, it’s to the FFIEC. And very recently the FFIEC has issued updated guidelines for financial institutions in regards to their cyber security and new threats your bank needs to counter.

Over the past decade as we have all (mostly) have banked and bought stuff online, criminals have formed organized web mobs to sniff out transactions and take over existing accounts and in some cases open up new accounts.

The FFIEC has certainly pointed this out and at the same time has made additional security recommendations since the last time they did in 2005 based on new kinds of criminal hacking and new technologies to combat it.

Hacking in its many forms involves compromising a system from numerous vantage points. A network can be hacked from the inside by an employee or former employee with credentialed access or from the outside by seeking vulnerabilities in a networks technology. But more often hacking takes place when an account holders access such as username and passwords are compromised.

To defend against all of these hacks the FFIEC recommends to financial institutions what’s called a “layered approach” of anti-fraud tools and techniques to combat crime. Meaning it’s not simply a matter of applying a firewall and having anti-virus to protect the network, but going much deeper in protecting many interaction points within the banking site (not just login) and using a variety of proven fraud prevention solutions.

That includes sophisticated methods of identifying devices and knowing their reputation (past and current behavior and other devices they are associated with) the moment they touch the banking website. The FFIEC has recognized complex device identification strategies as a viable solution that’s already proven strong at very large financial institutions. ReputationManager360 by iovation leads the charge with device reputation encompassing identification and builds on device recognition with real-time risk assessment, uniquely leveraging both the attributes and the behavior of the device.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses identity theft in front of the National Speakers Association. (Disclosures)