Wireless Security:Wi-Fi Hacking Burglars Busted

In Seattle 3 men have been arrested for hacking the wireless networks of over a dozen businesses along with 41 burglaries. They are alleged to have stolen at least $750,000 in funds, computer equipment and other items.

SeattlePIreported their Wi-Fi hacking techniques included “wardriving,” in which hackers mount a high-strength Wi-Fi receiver inside a car and search for networks that can be penetrated. Once a Wi-Fi network is located through wardriving, hackers can remotely watch for information that may reveal the network’s security setup and vulnerabilities”. Police said they used sophisticated electronic equipment to break through networks using a 12-year-old security algorithm — Wired Equivalent Privacy, or WEP protection.

Right out of a Mission Impossible movie these burglars hacked wireless networks and stole employee and client data. Their burglaries involved stealing laptops they used those laptops to crack payroll accounts and steal banking information. Once they turned the data into cash they turned the cash into prepaid debit cards.

Wired Equivalent Privacy was introduced in 1997 and is the original version of wireless network security. But WEP has been cracked, hacked, and decimated.

Home or office Wi-Fi with a WPA encryption is better. Wi-Fi Protected Access is a certification program that was created in response to several serious security vulnerabilities researchers found in WEP, the previous system. WPA and WPA2 are tougher to crack, but not impossible.

Small businesses would fare much better if they also installed a monitored security alarm system with cameras. It’s not enough to lock doors especially if there is thousands of dollars in technology waiting for a burglar to take it.

Robert Siciliano personal and small business security specialist toADT Small Business Security discussingADT Pulse on Fox News. Disclosures

5 Smart and Safe eBay Shopper Tips

Shopping is for people with time and money. When I am a consumer, it’s because I need something, and not necessarily the biggest or the best something. I need something practical, safe, and smart. eBay allows consumers to search for exactly what they need, and can be a great place to find hard-to-get items.

Overall, eBay can be a good experience if you know what you are doing. But take it from me: knowing what you are doing takes time and focus. Don’t just jump on eBay and whip out your credit card. You may get burnt in more ways than one.

1. Avoid scams by looking at the sellers’ feedback ratings. A rating of one indicates that the seller is either a “newbie” or a criminal. Certainly, we all have to start somewhere. But personally, I draw the line at sellers with a feedback rating of at least 15, and I still check to see what they’ve bought and sold. If they’ve bought or sold 15 items at $1 each, that’s a red flag. Sellers with higher ratings are generally experienced professionals.

2. Search deeply before bidding. Check to see if the same item is available from a different seller, how the “Buy Now” price varies, and how much others are bidding. The highest bid may be much lower than the “Buy Now” price. Consider how much time is left to bid to help determine what the final sale price may be.

3. Walk before you run. If there are plenty of the item you want available but prices are all over the place, sit back and “Watch” a few to see where the final sales prices end up.

4. Set up alerts. I set up eBay alerts for any items I’m looking for. I receive messages with all the current items for sale, and then only the new ones being listed on eBay each day. This allows me to effectively manage my purchasing.

5. Use Auction Sniper. I never bid on eBay. The more your presence is known the more opportunities there are for criminals to contact you. Protect your identity with Auction Sniper, you bid anonymously the absolute highest dollar amount you’re willing to spend on that item, and walk away. Auction Sniper will snipe the bid for you in the last five seconds while people wonder where the heck you came from.

Robert Siciliano personal and home security specialist to Home Security Source discussing ADT Pulse on Fox News.

McAfee Mobile Security Delivers at Mobile World Congress

In Barcelona, Spain on Feb. 27, 2012 McAfee unveils its series of technology advancements that deliver upon its vision of providing comprehensive mobile security and privacy protection for devices, data and apps. McAfee® Enterprise Mobility Management (EMM™) 10.0, available now, includes significant security updates for enterprise customers to enable ‘bring your own device’ practices in the enterprise. With EMM 10.0, IT professionals will have improved control to identify, secure, and assign policies to both employee- and business-owned smartphones and tablets.

The concern for IT professionals is “BYOD” (Bring Your Own Device) which has become widely adopted to refer to mobile workers bringing their own mobile devices, such as smartphones, tablets and PDAs, into the workplace for use and connectivity. Today, many consumers expect to be able to use personal smartphones and mobile devices at work, which is an IT concern. Many corporations that allow employees to use their own mobile devices at work implement a “BYOD policy” to help IT better manage these devices and ensure network security.”

Expanded Data Security, Application Security and Ease of Administration

McAfee EMM software gives enterprises the ability to offer their employees mobile device choice, while delivering secure and easy access to mobile corporate applications. New features and functionality include:

Expanded Data Security: Email “Sandboxing” for iOS and an integrated Secure Container for Android, available by Q2

Enhanced Application Security: Application Blacklisting for Android and iOS allows the administrator to define a set of applications and block access.

Ease of Administration: Bulk provisioning for Android and iOS

 Enhanced Protection for Consumers

McAfee® Mobile Security 2.0 for consumers, which offers an all-encompassing approach to mobile security and protects a user’s privacy when using smartphones and Android tablets. McAfee Mobile Security combines powerful anti-theft, antivirus, call and SMS filtering, web and app protection. It was also recently awarded with the LAPTOP Magazine Editors’ Choice award for best mobile security app.

McAfee can also be seen the week of Feb. 27 at Mobile World Congress in Barcelona, Spain at the Intel stand in Hall 8 B197 and at the RSA Conference in San Francisco, CA at McAfee booth #1117 or Intel booth #1324. Be sure if you are attending Mobile World Congress to stop by for a chance to win a Samsung Galaxy Tab!


Robert Siciliano is an Online Security Evangelist to McAfee. See him discussing identity theft on YouTube.(Disclosures)

Identity Fraud: Stolen Puerto Rican IDs Filter In The Workplace

In the U.S. identity brokers allegedly sold Social Security cards and corresponding Puerto Rico birth certificates for prices ranging from $700 to $2,500 per set, since it can be used to hide illegal immigrants and gain employment. Puerto Rican stolen identities have surfaced in workplace immigration raids all over the country. “Birth certificates have become legal tender,” said Puerto Rico’s secretary of state.

Fifty individuals were recently charged in an indictment unsealed in Puerto Rico with conspiracy to commit identityfraud in connection with their alleged roles in a scheme to traffic the identities of Puerto Rican U.S. citizens and corresponding identity documents. The charges are the result of an extensive identity theft investigation led by U.S. Immigration and Customs Enforcement’s (ICE) Homeland Security Investigations (HSI), in partnership with other federal, state and local law enforcement agencies.

According to the indictment, from at least April 2009 to December 2011, conspirators in 15 states and Puerto Rico, a U.S. territory, trafficked the identities of Puerto Rican U.S. citizens, corresponding Social Security cards, Puerto Rico birth certificates and other identification documents to undocumented aliens and others residing in the United States.

Businesses hiring illegal immigrants with stolen IDs face possible insider fraud among other legal and liability issues.  One way too effectively vet whether the person being hired is who they say they are, regardless of what documentation they produce is to pull their credit report. Often a credit report will have current and previous addresses. If the job candidate can’t tell you the last few places they lived that’s a red flag. You can also ask them various “knowledge based questions”. The credit report might also help the employer to track down a current phone number and simply call the person whose identity is associated with the credit report.

Robert Siciliano personal and small business security specialist toADT Small Business Security discussingADT Pulse on Fox News. Disclosures