Android Apps Infected With A Virus

/in /by

Are you one off the 33% of all mobile phones running the Android operating system?  The official Android Market is run by Google and there are over 150,000 applications with an estimated 3.7 billion downloads. More than 250,000 applications have been downloaded with a malicious virus.

The LA Times reports “Google is remotely removing virus-infected Android apps from thousands of phones and tablets in its continuing cleanup of what has become known as the “Droid Dream” scare. Last Tuesday, Google removed 21 free apps that were hacked and loaded with malware, and then distributed on the company’s Android Marketplace.”

Newer reports say more than 50 apps have been infected and removed.

From Google’s blog: “For affected devices, we believe that the only information the attacker(s) were able to gather was device-specific (IMEI/IMSI, unique codes which are used to identify mobile devices, and the version of Android running on your device). But given the nature of the exploits, the attacker(s) could access other data.”

In response Google is remotely removing the malicious applications from affected devices. This remote application removal feature is one of many security controls the Android team can use to help protect users from malicious applications.

You may be consider this a violation of your privacy that Google can just go into your phone like that, but, first, you agreed to it in their terms and conditions and second they are doing you a service and protecting you from a potential identity theft situation.

Google is sending out emails to all those affected and sending notification via the device itself to let you know what has happened.

If you are unsure if your phone was infected or simply want to be safe, I’d suggest backing up your phones data and re-install the operating system. Contact your carrier or visit your phones manufacturer for instructions.

Robert Siciliano personal and home security specialist to Home Security Source discussing mobile phone spyware on Good Morning America.

Managing a Digital Life: Snooping on a Spouse’s Email

/in /by

Your spouse, boyfriend, girlfriend, or partner just headed out to do errands without logging out of his or her email account. The computer’s sitting right there. Would you feel compelled to check it out?

According to a recent study, there’s a good chance that you will eavesdrop on your significant other’s cell phone and email conversations.

38% of people who are younger than 25 and in a relationship have snooped on their significant other by reading private email. 10% of the time, this snooping revealed that the other person had been unfaithful, resulting in a break up.

36% of people in long-term, committed relationships indicated they check emails or call histories without their significant other’s knowledge. 3% of married snoopers discovered they were being cheated on.

33% of women say they snoop on their spouse or partner, while 30% of men do.

Is this okay? Trust is a fragile intangible that can be irreparably broken. But aside from the moral and ethical implications, is it legal?

CBS News reports, “An Internet law designed to protect the stealing of trade secrets and identities is being used to levy a felony charge against a Michigan man after he logged onto his then-wife’s Gmail account and found out she was cheating… [He] is being charged with felony computer misuse, and faces up to five years in prison after logging into the email account of now ex-wife…on a shared laptop using her password.”

So before you go clandestine and hack your honey’s Hotmail, know that the long arm of the law may toss you into the hoosegow .

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses hackers hacking email on Fox News. Disclosures

Identity Thief Steals Identity For 17 Years

/in /by

This mess Joseph Kidd stole Larry Smith’s identity 17 years ago, when Smith was 50 years old. While operating under Smith’s identity, Kidd “spent time in jail, as sent to prison, paroled, obtained welfare and Medicare benefits, and got married.”

He did all this using Smith’s name, which means that Smith has had to deal with the imposter’s actions from afar, as if he himself had a criminal record, was married, and on welfare. While the real Smith has no criminal record, he spent eight days in jail because of Kidd’s crimes. The real Smith has had liens placed on his home, was denied medical care, and lost his driver’s license, all because Kidd stole his identity.

When people ask, “Why would anyone steal my identity? I have no money,” I point to Kidd. When they say, “But I have bad credit,” I point to Kidd. When they say, “I don’t have a computer or credit cards. I pay cash and I don’t bank online,” I point to Kidd.

This is what identity theft looks like. Identity theft goes way beyond your computer being hacked or your credit card number being used without your permission. What happened to Larry Smith is identity theft.

Identity theft can happen to anyone. McAfee Identity Protection, offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your accounts. McAfee Identity Protection puts victims first and provides live access to fraud resolution agents who work with the victim to help restore their identity even from past theft events. For additional tips, please visit http://www.counteridentitytheft.com.

Robert Siciliano is a McAfee Consultant and Identity Theft Expert. See him discussing an identity theft pandemic on CNBC. (Disclosures)

Software Makes Dumbphones Smart for Facebook

/in /by

Facebook for SIM, from Gemalto enables anyone to enjoy Facebook on all handsets, even if without a data connection or data subscription. With this technology, Gemalto brings Facebook to millions of mobile phone users regardless of their handset type.

Increasingly people want to be able to stay connected and communicate with their friends on Facebook anytime, anywhere,” said Henri Moissinac, Head of Mobile Business, Facebook. “Gemalto has developed a creative solution in Facebook for SIM that enables people without mobile data plans to stay connected to their friends on Facebook in an affordable way.”

Gemalto’s software development team has embedded the software application into the SIM. This ensures the Facebook application is compatible with 100% of SIM-compliant mobile phones.

From Wikipedia: “A subscriber identity module or subscriber identification module (SIM) on a removable SIM card securely stores the service-subscriber key (IMSI) used to identify a subscriber on mobile telephony devices (such as mobile phones and computers). The SIM card allows users to change phones by simply removing the SIM card from one mobile phone and inserting it into another mobile phone or broadband telephony device.”

The innovative solution provides mobile subscribers with simple and convenient access to core Facebook features such as friend requests, status updates, wall posts or messages. It also offers unique functions: people can sign up for this service and log in directly from the SIM application. Interactive Facebook messages pop-up on the phone’s screen so people can always share up-to-the-minute posts and events. One can also automatically search their SIM phonebook for other friends and send them requests.

Facebook for SIM is extremely easy to use and is available to everyone. No data contract or application download is needed, because the software is embedded in the SIM and it uses SMS technology. As a result, it works for prepaid as well as for pay-monthly customers. Following an initial limited free trial period, Facebook for SIM then operates on a subscription model via an unlimited pass for a given period of time.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

Search Engine Doesn’t Need Kids SSN

/in /by

When Google launched Doodle-4-Google, in which children can compete to design Google’s homepage logo, they requested contestants’ Social Security numbers in an effort to prevent duplicate entries.

Americans have become accustomed to handing over the last four digits of their Social Security number as a password or identifier for various accounts and applications. But with the development of new technologies that have cracked the code for the distribution of Social Security numbers, the last four digits have become as sensitive and valuable as the first five.

The coder or marketer at Google who believes it’s reasonable to request the last four digits of children’s Social Security numbers is probably someone who readily shares his or her own number, which is not a good idea.

Researchers at Carnegie Mellon University have developed a reliable method to predict Social Security numbers using information from social networking sites, data brokers, voter registration lists, online white pages, and the publicly available Social Security Administration’s Death Master File.

The New York Times reports, “Computer scientists and policy experts say that such seemingly innocuous bits of self-revelation can increasingly be collected and reassembled by computers to help create a picture of a person’s identity, sometimes down to the Social Security number… So far, this type of powerful data mining, which relies on sophisticated statistical correlations, is mostly in the realm of university researchers, not identity thieves and marketers.”

The primary issue here is new account fraud, or financial identity theft in which the victim’s personally identifiable information and good credit standing are used to create new accounts, which are then used to obtain products and services. Stolen Social Security numbers are often used to commit new account fraud.

Aside from subscribing to an identity theft protection service, it’s difficult to stop or prevent new account fraud. One way that online businesses can mitigate the issue would be to verify the reputation of the computer or smartphone being used to submit credit applications, rather than simply verifying the Social Security number or other identification information provided by credit applicants.

By evaluating a device for criminal history or high risk while its connected to the online site, creditors can automatically detect and reject fraudulent applications.  This worked very well for one Fortune 100 credit issuer.  A Forrester Consulting Total Economic Impact study found that the device reputation service provided by Oregon-based iovation Inc., identified 43,000 fraudulent credit applications and saved the financial institution $8 million USD over two years in reduced fraud losses and operational efficiencies that their fraud prevention process and team gained.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses child predators online on Fox News. Disclosures

Identity Theft Ring Operates From Federal Prison

/in /by

For nearly a year, a prisoner at Fort Dix Federal Correctional Institution operated an identity theft ring from his jail cell. “Federal prosecutors say the man was able to get personal information communicated to him while in the prison, including names, addresses, and Social Security numbers of credit card holders at various department stores. He would then contact the stores and add additional users to the accounts or open new accounts in the person’s name.”

His eight accomplices, who used the fraudulent credit accounts to spend more than $250,000, recently pled guilty to charges related to identity thefts.

This type of organized crime ring is made up of many players, including:

Kingpin: This ringleader intimidates those on the outside into acting on his behalf while he’s behind bars. His associates are primarily motivated by money, but the kingpin often relies on violence to keep them in line.

Insiders: Department store employees had access to account data. These insiders violated the trust of their employer and fed the information to the ringleader in prison.

Mules: Street level criminals who don’t mind being recorded on surveillance cameras will often use the stolen accounts to make big-ticket purchases in stores.

Store clerks: Mules often need a cohort at the register who allows a purchase to be made without checking the mule’s ID.

Fences: The fraudulently purchased merchandise end up being handled by a fence, who sells the items on the black market or trades them for drugs. Fences often interact with drug dealers, who tend to have the money for purchases.

A similar group targeted Apple stores, obtaining stolen account numbers, which they used to forge credit cards and buy laptops, iPhones, and other items. Again, a ringleader orchestrated the scheme from behind bars.

This is what we are up against: organized criminals with no consideration for the law, working in trusted positions with access to our information. You can shred all day and limit the amount of information you give out. But your identity is at risk, no matter what.

It is important to observe basic security precautions to protect your identity. However, the safety of your information with corporations and other entities that you transact business with is very often beyond your control. Consumers should consider an identity theft protection product that offer daily credit monitoring, proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your accounts. McAfee Identity Protection includes all these features in addition to live help from fraud resolution agents if your identity is ever compromised. For more tips on protecting yourself, please visit http://www.counteridentitytheft.com

Robert Siciliano is a McAfee Consultant and Identity Theft Expert. See him discussing identity theft on YouTube. (Disclosures)

Black Money Washing Scam Plagues Naïve

/in /by

Get ready to cringe. The Nigerians really have cornered the market on scamming the unsuspecting. In business, if they were to have a niche’ their clientele are the extremely naïve, very gullible and stupidly vulnerable.

Florida seems to be their stop off point in the US as many “419” scams begin and end in Florida. I think part of the reason is the immense elder population. And when you have millions of older people with connections to the Internet, something bad is bound to happen due to their inexperience with the medium.

“In March the Lee County Sheriff’s Office Highway Interdiction Unit conducted a routine traffic stop and found $20,800 in cash, black construction paper the size of dollar bills, several bottles of commonly known substances and a list of ingredients necessary to complete the “Black Wash/ Money Washing” scam.”

Honestly, I’d never heard of this one until recently, which would make me a target too!

Here’s the scam:

Scammers send thousands of phish emails regarding an unknown inheritance. Ok right there should be a red flag. But, for many who think their ship has come in, it’s opportunity. Unfortunately.

Once engaged the victim is told of the mass amounts of money needing to be snuck in/out of the country and it is dyed black to avoid detection by custom officials. OMG.

Once a meeting is arranged the victim is shown a trunk full of dyed black money, then to whet the appetite of the victims a few of the bills are pulled out and a magic solution cleans off a few nice crisp $100.00 bills. The victim now frothing at the mouth wants more.

The ruse is to get the victim to buy thousands of dollars of this magic cleaning solution for the promise of making hundreds of thousands of dollars. WOW.

Like a bait and switch shell game or 3 cards Monte, there is a bit of entertainment value in this scam and anyone who enjoys watching a stupid show like the Bachelor can get taken. Beware.

Robert Siciliano personal and home security specialist to Home Security Source discussing scammers and thieves on The Big Idea with Donnie Deutsch.

Creepy iPhone App Invites Security Risks

/in /by

This is just nuts: “Situationist is an iPhone app that makes your everyday life more thrilling and unpredictable. It alerts members to each other’s proximity and gets them to interact in random “situations”. These situations vary from the friendly “Hug me for 5 seconds exactly” or “Compliment me on my haircut”, to the subversive e.g. “Help me rouse everyone around us into revolutionary fervor and storm the nearest TV station”. Members simply upload their photo and pick the situations they want to happen to them from a shortlist, in the knowledge that they might then occur anywhere, and at any time.”

The application comes equipped the ability to upload your photo and it turns your mobile into a GPS bull’s-eye.

Can you say “Please stalk me!?!”

I suppose there are plenty of people that like a surprise and plenty of others that enjoy the state of anticipation. For those types, this app may be the life distraction they need to get through the day.

The application developers address the issue of stalking asking the question in caps “WILL IT NOT ATTRACT STALKERS AND OTHER UNSAVOURY TYPES?” and give a rambling answer revolving around “moderation” and “vetting”.

In reality, this is one of the single greatest tools a stalker would have at their disposal to pay unwanted attention to an attention seeking thrillist.

OK folks, I think it’s plainly obvious that to download and activate this would mean you probably have too much time on your hands and not enough drama in your life. Seriously, all you need is get into a dysfunctional relationship and all your problems will be solved.

Robert Siciliano personal and home security specialist to Home Security Source discussing home security and identity theft on TBS Movie and a Makeover.

Identity Theft Victim Held Hostage By Bank

/in /by

The Huffington Post reports, “The Identity Theft Resource Center says Ty Powell is a victim of identity theft. Freddie Mac says he hasn’t paid his mortgage in two years. The local paper says he’s dead. Powell says, ‘I don’t know what to say.’”

Powell bought a house in Arizona from a builder, paying $217,000 in cash that he made playing professional basketball in Brazil. While he was in Brazil, someone sucked the equity out of the home to the tune of a $376,703 mortgage, and of course, defaulted. It is believed that the builder, who had the personal information on Powell, took out the loan and even paid some of the debt in order to keep the scheme until after Powell had taken possession of the house.

Then one day, Powell gets an eviction notice saying he has to move out of his home because of the unpaid mortgage. Unfortunately, it’s been demonstrated time and again that when it comes to being an identity theft victim, you are guilty until proven innocent.

Freddie Mac’s spokesperson replies, “We believe the foreclosure was legitimate because the loan secured by the property was in default. Despite a mortgage workout in 2008, no mortgage payment had been received since January 2009. We have also referred the matter to our fraud investigations unit.”

The local paper incorrectly reported that Powell had died of a heart attack. This was more than likely planted by the identity thief so that a death certificate would be issued, making it difficult for the bank to proceed.

Meanwhile, the scammers opened new credit card accounts and got a fraudulent driver’s license in Powell’s name.

Most, if not all, of this was preventable.

To ensure peace of mind —subscribe to an identity theft protection service, such as McAfee Identity Protection, which offers proactive identity surveillance and lost wallet protection. If your credit or debit cards are ever lost, stolen or misused without your authorization, you can call McAfee Identity Protection and they’ll help you cancel them and order new ones. If their product fails, you’ll be reimbursed for any stolen funds not covered by your bank or credit card company. Please see Guarantee for details. For additional tips, please visit http://www.counteridentitytheft.com

Robert Siciliano is a McAfee Consultant and Identity Theft Expert. See him discussing how to protect yourself from identity theft on CounterIdentityTheft.com. (Disclosures)

mCrime Takes A Leap Into Profitability For Criminals

/in /by

Cellular phones are becoming a bigger target for crime. As smartphones continue replacing landlines and billions of new applications are downloaded, mobile crime, or mCrime, will inevitably increase.

McAfee’s threat report for the fourth quarter of 2010 reveals steady growth of threats to mobile platforms. New mobile malware increased by 46% in 2010. 20 million new threats were discovered last year, or 55,000 per day. McAfee Labs has identified a total of nearly 55 million pieces of malware. 36% of that malware was created in 2010.

Senior VP of McAfee Labs Vincent Weafer says, “Our Q4 Threats Report shows that cybercriminals are keeping tabs on what’s popular, and what will have the biggest impact from the smallest effort… In the past few quarters, malware trends have been very similar in different geographies, but in the last quarter we’ve seen a significant shift in various regions, showing that cybercriminals are tapped in to trends worldwide. McAfee Labs also sees the direct correlation between device popularity and cybercriminal activity, a trend we expect to surge in 2011.”

Protect yourself from malware and other threats. Spyware can be remotely or directly installed on your cell phone. Never click on links in texts or emails, since links may point toward malicious downloads. Keep your phone with you. Don’t let it out of your sight and don’t share it. Make sure your phone requires a password, as this makes it more difficult to install spyware.

If your phone is behaving oddly or you have some other reason to suspect that it contains spyware, reinstall the operating system. Consult your user manual or call your carrier’s customer service for step-by-step help with this process.

Invest in a service that can locate, lock, or wipe your phone, and even restore your data when you trade it in for a new one. If necessary, you’ll be able to lock down your service remotely or wipe out important stored data to protect your privacy. You can back up your data directly or use the web to so remotely. You can access your data online from anywhere, or locate your missing phone and plot the location on a map. If it’s lost or stolen, SIM cards and phone calls can help get it back for you.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses mobile phone spyware on Good Morning America. Disclosures