Think You’re Protected? Think Again!

/in /by

In 1990, when only the government and a number of universities were using the Internet, there were 357 unique pieces of malware. The need for security began with desktop computing when the only means of compromising data was by inserting a contaminated floppy disk into a PC or opening an infected email attachment. That was the anti-virus era.

The need for security evolved with the Internet as more companies developed internal and external networks. That was the network security era.

Now as companies leverage the power of the web, information security has evolved yet again: We are in the application security era. And as big companies get better at locking down their software and protecting their data, criminals are targeting the little guy. Ordinary citizens’ every day digital lives are at risk via infected web pages, instant messaging, phishing, Smartphone viruses, text message scams and now hackers are targeting Macs in a big way.

In the past 20 years, e-commerce and social media have taken over. The numbers behind the explosive growth of cybercrime are astounding. In a little over two decades, we’ve gone from less than 500 pieces of malware to over 55 million annually. Cybercrime has evolved from nothing to a multibillion-dollar industry.

In 1995, 8069 unique pieces of malware were detected. One out of 20 emails were spam, and the Melissa virus infected hundreds of thousands.

In 2000, 56,342 unique pieces of malware were detected, mostly on PCs, but some began spreading to Macs. Then smartphones got the Cabir virus. The “I Love You” worm slithered its way onto millions of PCs, and the MyDoom worm slowed down the entire Internet by 10%, resulting in loses totaling 38 billion dollars.

In 2005, 164,000 unique pieces of malware were detected, including the first virus for Mac OS X and another 83 mobile viruses. 57 million U.S. adults fell for phishing scams via 17,877 different spoof websites. 80% of all email was spam. The Conficker worm, Zeus Trojan, Koobface, Applescript.THT, Storm botnet, and Ikee iPhone virus all made their debuts this year.

By 2010, 54 million unique pieces of malware were spreading to tablets, too. More than 90% of all email was spam. 27% of teens infected their families’ PCs with viruses in 2010. Almost 420,000 phishing sites were discovered. OpinionSpy, Boonana, and MacDefender infected Macs. Hackers commandeered Skype’s instant messaging service to deliver malware. The Gemini and Zitmo Trojans gathered location data and stole financial transaction information.

But if that’s not enough. In 2010, more than three million malicious websites were created, any one of which could infect your computer.

The question is are you protected? Are you using some free download by an unknown company to protect yourself? Or do you have a comprehensive multi layer approach to digital security protecting all your devices?

Robert Siciliano is a McAfee Consultant and Identity Theft Expert. See him discussing identity theft on YouTube. (Disclosures)

 

Check out this video to learn more about: The History of Malware

 

 

 

 

 

 

 

Social Web Loaded With Profile Misrepresentation

/in /by

“Social fakes” are invented profiles on social media (often referred to as profile misrepresentation), which can be used to harass or mock victims anonymously. But the more lucrative fake profile is one that imitates a legitimate business, damaging that business’s online reputation.

The imposters’ ultimate goal? Spam leading to scams.

Social-web security provider Impermium published the results of their recent analysis of the cost of social spam. “Online ID signup fraud” is an emerging trend, with fraudulent accounts ranging from a low of 5% to 40% of users. “Scammers are registering accounts by the millions as they perpetrate fake “friend requests,” deceptive tweets, and the like, while the black market for bulk social networking accounts is growing exponentially.”

They also warned about social web abuse, describing current “sleeper cells” as “a ticking time bomb.” Last month, more than 30,000 fraudulent accounts coordinated an attack, in which attackers submitted more than 475,000 malicious wall posts in one hour. According to Impermium, “Even accounts you’ve had for years could be lying in wait for just the right moment.”

Multiple issues stem from fake accounts, such as brand damage for both the website and its users, scams being perpetrated on existing or potential customers, and for social networking websites, an inflated, incorrect summation of active subscribers—to name a few.

Social media sites can use iovation’s device reputation service to help identify fraudsters at account setup.  When a device (or related group of devices) signs up for more than your allotted number of accounts, you can receive alerts on this behavior.  When multiple countries are logging into the same accounts within a specified timeframe, you can set alerts on this activity. When users are constantly changing their device attributes between multiple online registrations (to look like new, legitimate consumers), you can know this immediately—and automatically deny the new accounts outright or send them to your fraud review queue.  If 1,000 accounts were just set up from the same machine, one after another, wouldn’t you want to know that while it’s happening so you can do something before the scams start?

Rather than relying on information provided by the user, which may not be honest or accurate, device reputation technology goes deeper, identifying the computer being used to register an account. This exposes negative behaviors right away, allowing a website operator to deny access to threatening accounts before your business reputation is damaged and your users are abused.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses hackers hacking social media on Fox Boston. Disclosures

Burglar Hits 60 Houses in 60 Days

/in /by

Police in Morristown NJ have a prime suspect in mind which they call an “opportunist”. Sometimes the burglar breaks in by using a crowbar or breaking a window but mostly he just goes in through an unlocked door or window.

He’s going after the standard gold jewelry and laptops, stuff that’s easy to fence.

But what makes this story so interesting is the police know who he is but can’t arrest him.  The police Chief was quoted saying “This is a person who knows video surveillance very well and knows technology very well, and he does this for a living and he doesn’t want to get caught.”

The neighbors were quoted as saying stuff like “we never see a police car around” etc and the police respond by saying “the government can’t do everything anymore, the chief said. “We simply need more help from the communities we serve. Most of it is eyes and ears, and picking up the phone.”

The Chief suggested everyone pay attention and even start a neighborhood watch.

Readers of these posts know I’m all about taking personal responsibility. And while law enforcements role is to serve and protect, it is impossible to have a police car parked in every driveway. The fact that this neighborhood doesn’t even have a neighborhood watch in place is telling. These are people who simply aren’t proactive. Windows and doors are unlocked, and it seems residents don’t have home security alarms either.

But I’ll be they are installing them now.

Robert Siciliano personal and home security specialist toHome Security Source discussingADT Pulse on Fox News Live. Disclosures

 

Check Out These Hurricane Prep Apps

/in /by

Hurricane Irene whacked the east coast over two weeks ago and people are still pumping out. Roads are still messed up and life has changed for many. My property was in the path, although she went a little west of me so I was spared any damage.

But if she did head a little east I was prepared. What helped me prepare was technology. For almost a week I had sms text messages coming into my iPhone via iMapWeather Radio.

iMapWeather Radio 9.99: only app offering critical voice and text alerts on life-threatening weather events. Your iPhone will “wake up” and also “follow you” with alerts wherever you go. Listen with ease to local weather forecasts while you are on the move. Enjoy the power of a Weather Radio, with all the convenience and precision of a smart phone.

The Weather Channel FREE: Looking for the most accurate weather information available? The Weather Channel’s staff of 200+ meteorologists, along with our patented ultra-local TruPoint(sm) weather technology, allow to provide you with the weather tools you need to plan your day, week, or even the next hour.

National Weather Service’s National Hurricane Center FREE: isn’t an app at all. But it is the source of all apps information. You can go to the site and save the link as “Add to Home Screen”.

Robert Siciliano personal and home security specialist to Home Security Source discussing self defense on NBC Boston. Disclosures.

Study Shows Banks Blocking More Fraud

/in /by

Network World reports, “The Financial Services Information Sharing and Analysis Center (FS-ISAC) polled 77 financial institutions and asked how many account takeovers occurred in 2009 and during the first six months of 2010. The FS-ISAC consists of a group of banks that shares threat information and interacts with the federal government on critical infrastructure issues. Its members include Citi, Prudential, Bank of America, JPMorgan Chase, Goldman Sachs and Wells Fargo, among others.”

Account takeover occurs when thieves infiltrate your existing bank or credit card account and siphon out your money. This typically occurs after your account has been hacked or your credit card or personal identity has been stolen.

21 of the institutions polled reported a total of 108 commercial account takeovers during the first six months of 2010, compared to 86 for the full year of 2009.

In 2010, 36% of fraud attempts were successfully thwarted, whereas 2009, fraud was only prevented 20% of the time.

I have previously referenced a report from Javelin Strategy: “When examining account takeover trends, the two most popular tactics for fraudsters were adding their name as a registered user on an account or changing the physical address of the account. In 2010, changing the physical address became the most popular method, with 44 percent of account takeover incidents conducted this way.”

Unfortunately, FS-ISAC’s study failed to disclose what methods were used to thwart the account takeovers. Many financial institutions are protecting their users and themselves by incorporating device identification, device reputation, and risk profiling services to keep scammers out. Oregon-based iovation Inc. offers the world’s leading device reputation service, ReputationManager 360, which is used by leading financial institutions to help mitigate these types of risk in their online channel.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses discussesonline banking security on CBS Boston. Disclosures

 

Nicolas Cage’s First Hand Home Invasion Experience

/in /by

 

Apparently Nicolas Cage at one time didn’t believe in home security systems. He recently filmed a movie called “Trespass” about thieves’ who con their way into the opulent mansion where Cage’s character lives with his unhappy wife (played by Nicole Kidman) and their daughter, Reuters reports. The tagline for the title is: “When terror is at your door, you can run, or you can fight.” I recommend running.

Cage was quoted saying “It was two in the morning. I was living in Orange County at the time and was asleep with my wife. My two-year old at the time was in another room. I opened my eyes and there was a naked man wearing my leather jacket eating a Fudgesicle in front of my bed,” he told reporters. “I know it sounds funny … but it was horrifying.”

Doesn’t sound funny to me at all. Luckily the man was capable of being talked to and Cage talked him out of the house. Police arrived and arrested him. The man was relatively harmless, he was mentally ill.

Cage was also quoted saying that after the incident he could no longer stay in that home and has since moved.

People whose homes are burglarized or homes invaded often feel a constant sense of un-ease in a home that has been violated like that. Your home is your castle and is supposed to be a place of relief, solitude, safety and security from the sometimes big, bad, ugly, world. When it’s “soiled” like that, the stink never goes away.

Robert Siciliano personal and home security specialist to Home Security Source discussingADT Pulse on Fox News. Disclosures

Celine Dions Burglar Takes a Bath

/in /by

The burglar apparently sauntered up her driveway and jiggled the door of an unlocked car in the driveway. The door was open and of course the keys were in the ignition along with the garage door opener.

This was all the burglar needed to open the door, head inside and make himself a tasty snack (pastries, I love pastry, I’m Italian you know.). Meanwhile as he’s munching away he drew himself a nice warm bubble bath. I’ll bet Celine Dion has nice bubbles and a nicer bath. Must be as big as my whole first floor.

Celine actually had a home alarm, but apparently it doesn’t have a siren, I don’t know. Or maybe the burglar was hard of hearing.

A monitored home security system can be as little as $99.00 installed then a dollar a day for monitoring. Celine Dion probably makes $99.00 in a matter of seconds when she’s headlining and performing at the Coliseum at Caesars Palace in Las Vegas.

For the short money that a home alarm costs, she should have one that has a siren. Ya think?

Fortunately for the Dion’s, they were traveling. If you travel away from your home:

  • Don’t leave your keys in your unlocked car in your driveway.
  • Use timers on indoor and outdoor lights.
  • Let a trusted neighbor and the police know you are traveling.
  • Unplug garage door openers.
  • If grass is still growing where you live and if you’re gone for a bit have a landscaper mow your lawn.
  • Don’t share your travel plans on social media or on a voicemail outgoing message.
  • Lock everything of significant value in a safe.
  • Invest in a home security camera system and home security alarm system.

Robert Siciliano personal and home security specialist to Home Security Source discussingADT Pulse on Fox News Live. Disclosures

Online Auto Sales Often Involve Scary Scams

/in /by

Online auction and classifieds websites are unwittingly participating in car sale scams. Ads gain credibility by appearing on eBay, Craigslist, and other online automobile sales websites, but some are either completely phony or have been copied and pasted from other websites.

The FBI’s Internet Crime Complaint Center received nearly 14,000 complaints from 2008 through 2010, from consumers who have been victimized, or at least targeted, by these auto sale scams. Of the victims who lost money, the total dollar amount is staggering: nearly $44.5 million.

The FBI explains how the scam works:

“Consumers find a vehicle they like—often at a below-market price—on a legitimate website. The buyer contacts the seller, usually through an e-mail address in the ad, to indicate their interest. The seller responds via e-mail, often with a hard-luck story about why they want to sell the vehicle and at such a good price.

In the e-mail, the seller asks the buyer to move the transaction to the website of another online company….for security reasons….and then offers a buyer protection plan in the name of a major Internet company (e.g., eBay). Through the new website, the buyer receives an invoice and is instructed to wire the funds for the vehicle to an account somewhere. In a new twist, sometimes the criminals pose as company representatives in a live chat to answer questions from buyers.

Once the funds are wired, the buyer may be asked by the seller to fax a receipt to show that the transaction has taken place. And then the seller and buyer agree upon a time for the delivery of the vehicle.”

Consumers should watch out for the following red flags:

  • Cars are advertised at too-good-to-be true prices
  • Sellers want to move transactions from the original website to another site
  • Sellers claim that a buyer protection program offered by a major Internet company covers an auto transaction conducted outside that company’s website
  • Sellers refuse to meet in person or allow potential buyers to inspect the car ahead of time
  • Sellers who say they want to sell the car because they’re in the U.S. military about to be deployed, are moving, the car belonged to someone who recently died, or a similar story
  • Sellers who ask for funds to be wired ahead of time

Online classified and auction websites could work together, and share information on the devices running these scams, through the device reputation service provided by iovation Inc. Their fraud detection service, called ReputationManager 360, is a B2B SaaS solution incorporating complex device identification, device reputation and real-time risk profiling. It is used by hundreds of online businesses to prevent fraud and behavioral abuse in real time by analyzing the computer, smartphone, or tablet connecting to their online properties.

iovation’s “living shared database” is used by fraud analysts daily and shares the reputations of devices from literally every country in the world. This reputation is a combination of fact-based evidence (such actual chargebacks, identity theft, online scams and account takeovers), plus what risk can be inferred at transaction time.  Fraud analysts take this fight seriously and submit 10,000 events of fraud or abuse into the shared database each day.

Performing a device reputation check on a scammer attempting to create a new account at a sale or auction website would stop him before he has a chance to post advertisements for scams, preventing damage to the business and its customers. And when one of your good customers has been scammed, you can submit that evidence back into the iovation database to make sure it does not happen again, whether from the same device, or a related device.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses scammers and thieves on The Big Idea with Donnie Deutsch. Disclosures.

82 Year Old Man Shoots Burglars, Faces Charges

/in /by

Guns, guns, guns. Americans love their guns. Guns definitely are a layer of security. They can save your life and they can also be used against you and they can also get you in lots and lots of trouble.

An elderly man is now facing two counts of armed assault with intent to murder, two counts of assault and battery with a dangerous weapon and discharging a firearm within 500 feet of a building for shooting 2 people outside of his home. He believed they were trying to get in, and his belief was affirmed when one of them tossed a boulder through one of his windows.

His attorney stated “This is the victim here, an 82-year-old man with no criminal record. He defended life and property.”

The Assistant District Attorney was quoted saying “We don’t live in a place where you can just fire from a window. It is fortunate no one died.”

True.

It definitely isn’t a good idea to shoot someone outside of your home even on your property. However in some states the laws side with homeowners when shooting trespassers.

I appeared on the Maury Povich show to discuss weaponry and self defense. The premise was the shows subjects were facing jail time or in jail because they killed their attackers, which almost happened in the above scenario.

Some of the subjects were victims of domestic violence where others were victims of home invasions or stalking.

So maybe the guy “jumped the gun”, maybe he was legitimately at risk.

The first layer of protection should always be locked secure doors and windows. A monitored home security alarm should run parallel to a secure perimeter. In the above situation with a proper alarm that included glass break sensors, law enforcement would have been alerted the moment the glass broke. The piecing alarm may have also made the burglars think twice.

Robert Siciliano personal and home security specialist toHome Security Source discussing Home Invasions on Maury Povich. Disclosures

International Credit Card Hackers Hammered

/in /by

Retailers can temporarily rejoice (for about a minute) now that six cyber villains have been caught in two different international credit card fraud rings.

The Register reports, “After investigations that began in 2009, the police executed three search warrants in metropolitan Sydney, retrieving EFTPOS terminals, computers, cash, mobile phones, skimming devices, and several Canadian credit cards. Other seizures in the two-year investigation have included 18,000 blank and counterfeit credit cards, stolen EFTPOS terminals, and skimming devices. The men arrested are Malaysian and Sri Lankan nationals, and are accused of coordinating the fraud operation in Australia, North America and Europe.”

Meanwhile, “a Brooklyn man has pleaded guilty to aggravated identity theft for his role in an operation that defrauded credit card issuers of almost $800,000 in bogus charges. FBI and Secret Service agents recovered data for 2,341 stolen accounts on his computer and on the magnetic stripes of cards, according to court documents.”

Cooperation between U.S. law enforcement agencies and international governments can be credited in taking down these thieves. However, studies show there are plenty of other criminals involved in fraudulent acts from countries like China, Nigeria, Vietnam, Ukraine, Malaysia, Thailand, Indonesia, Saudi Arabia and South Korea to take their place.

There is an anti-fraud company in Oregon, called iovation Inc., that helps online businesses connect the devices used in fraud rings across geographies, by associating them with the accounts they access. Whether the device is a PC, smartphone, tablet or other Internet-enabled device, iovation’s device identification technology recognizes new and returning devices touching their client’s sites within multiple industries.

Cyber criminals with a history of fraud or abuse are obviously flagged by iovation’s ReputationManager 360 service, but even more interesting are the real-time checks that happen within a fraction of a section as the user is interacting with the website. This might include assessing risk for activities such as setting up an account, logging in, changing account information, or attempting to make a purchase or transfer funds. Real-time checks differ for each website integration point as businesses customize and continually fine-tune them to detect fraudulent and risky behavior so that they can identify and keep bad actors off their site for good.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses organized criminal hackers busted on Good Morning America. Disclosures