TJX Identity Theft Costs Another 10 million, Protect Yourself from WarDriving

Robert Siciliano Identity Theft Expert

Most people are familiar with the TJX data breach, in which 45 million credit card numbers were stolen. TJX recently agreed to pay $9.75 million to 41 states to settle an investigation of the massive data breach. According to some reports, TJX has spent up to $256 million attempting to fix the problem that led to the breach.

It’s been said repeatedly that the criminal hackers responsible for the breach were sitting in a car outside a store when they stumbled across a vulnerable, unprotected wireless network using a laptop, a telescope antenna, and an 802.11 wireless LAN adapter. This process is called “Wardriving.”

WiFi is everywhere. Whether you travel for business or simply need Internet access while out and about, your options are plentiful. You can sign on at airports, hotels, coffee shops, fast food restaurants, and now, airplanes. What are your risk factors when accessing wireless? There are plenty. WiFi wasn’t born to be secure. It was born to be convenient. As more sensitive data has been wirelessly transmitted over the years, the need for security has evolved. Today, with criminal hackers as sophisticated as they ever have been, wireless communications are at an even higher risk.

When setting up a wireless router, there are two different security techniques you can use. WiFi Protected Access is a certification program that was created in response to several serious weaknesses researchers had found in the previous system, Wired Equivalent Privacy. Wired Equivalent Privacy was introduced in 1997 and is the original form of wireless network security. Wireless networks broadcast messages using radio and are thus more susceptible to eavesdropping than wired networks.

It’s one thing to access your own wireless connection from your home or office. It entirely another story when accessing someone else’s unprotected network. Setting up a secure WiFi connection will protect the data on your network, for the most part, but if you’re on someone else’s network, secured or unsecured, your data is at risk. Anyone using an open network risks exposing their data. There are many ways to see who’s connected on a wireless connection, and gain access to their data.

There are a few things you should do to protect yourself while using wireless. Be smart about what kind of data you transmit on a public wireless connection. There’s no need to make critical transactions while sipping that macchiato.

Don’t store critical data on a device used outside the secure network. I have a laptop and an iPhone. If they are hacked, there’s nothing on either device that would compromise me.

Install Hotspot Shield. A free ad supported program, Hotspot Shield protects your entire web surfing session by securing your connection, whether you’re at home or in public, using wired or wireless Internet. Hotspot Shield does this by ensuring that all web transactions are secured through HTTPS. They also offer an iPhone application. There are fee based programs, including Publicvpn.com and HotSpotVPN, which can create a secure “tunnel” between a computer and the site’s server.

Turn off WiFi and blue tooth on your laptop or cell phone when you’re not using them. An unattended device emitting wireless signals is very appealing to a criminal hacker.

Beware of free WiFi connections. Anywhere you see a broadcast for “Free WiFi,” consider it a red flag. It’s likely that free WiFi is meant to act as bait.

Beware of evil twins. These are connections that appear legitimate but are actually traps set to snare anyone who connects.

Keep your antivirus and operating system updated. Make sure your anti-virus is automatically updated and your operating systems critical security patches are up to date.

Invest in Intelius Identity Protect. Because when all else fails you’ll have someone watching your back. Includes a Free Credit Report, SSN monitoring, Credit & Debit Card monitoring, Bank Account monitoring, Email fraud alerts, Public Records Monitoring, Customizable “Watch List”, $25,000 in ID theft insurance, Junk Mail OptOut and Credit Card Offer OptOut.

Robert Siciliano identity theft speaker discussing criminal wireless hack

Identity Theft Scammers Targeting Online Classifieds

Robert Siciliano identity theft expert

Throughout the past week or so, scammers from Nigeria, Belgium and the UK have been coming after me in full force, via Craigslist. Unfortunately, the popular online classifieds website has become a launchpad for criminal activity. Everything from online affinity or advance fee scams to baby killers and the Craigslist killer have hampered the website’s reputation.

I use Craigslist to find renters for an apartment that I own. Last year, scammers copied my advertisement verbatim, except for the contact information, which they replaced with their own, and the price, which they reduced by half. The scammer, who claimed to be the property owner, informed potential renters that he was in Austria, and instructed them to drive by the apartment, and to send him a deposit check if they liked the look of the place. Fortunately, I happened to be present when a couple came by, per the scammer’s instructions. We discovered the ruse and contacted Craigslist. The fake ads continued popping up, but after numerous emails to Craigslist, they were all removed.

Last week I posted a new ad, and within minutes, I received the following email:

Subject: RENTAL INQUIRY!!hope to hear from you soon

Hello Robert,

Let me know if the room/apt you advertise on craigslist.com is still available and let me know if you can accept certified cashier check as mode of payment..And the last price for the space.

I’m presently in Belgium.I will be coming immediately the place is vacant for me to move in.But the issue is that because of the distance i wont be able to come to see the place.Meanwhile let me tell you a ill about myself..I don’t smoke and I don’t have boyfriend.Am Sarah Smith and my nick name is SERA and am 26years old i lost my dad some years back when i was young so my mom had to remarry so she married to Mr Scott Michael who is my step dad now..He has been the one who has been taking care of me all this while i believe he is a God sent to me cux i have never regretted moment with him..Things i like are as follows reading,swimming and chatting with people around me and also make them happy..I have always been thinking of how i will affect peoples life positively by making donations to the less privileges cus when i looked at my pass when i lost my dad from the story my mom told me..I noticed it is not easy for people that as no parent.Well i hope when we meet in person you will know more about me..Meanwhile my step dad will need the followings to make payment to you ASAP..

1.Your name and surname.
2.Address in full with the zip code..
3.I will need your phone number

I wait to have this information from you so that my step dad can make payment for the rental fee and security deposit in advance … I Await to hear from you….

Hope to hear from you pretty soon.

Thanks, SARAH

It’s easy to dissect this scam. The person who sent this email has two goals. First, the scammer wants to build a relationship with his or her mark. He or she provides a (horribly written) story in an attempt to establish trust. The victim is then more likely to fall for the scam, following the scammer’s instructions and conducting the necessary financial transactions. Many victims are foolish enough to provide account numbers or other personal identitifying information. Second, the scammer is setting up an affinity, or advance fee scam. In such a con, the scammer mails you a check. You deposit this check in your bank account, and it temporarily clears. In that limited window of time, the scammer will request that you return some or all of the money. He may claim to have changed his mind about renting or buying from you, or that he accidently made the original check out for more than the agreed upon sum. So you wire the money back. Within a day or two, the bank calls to let you know that the original check was counterfeit. So you’ve lost the money you wired to the scammer.

How can you protect yourself from scams like this, or other scams that take advantage of online classified ads? Use common sense, be smart, and pay attention. If you do that, you won’t fall for these types of cons.

When we were young, our parents told us not to talk to strangers. Strangers are not yet part of our trusted circle. So don’t trust them! There’s no benefit to paranoia, but being a little guarded can prevent you from stumbling into a vulnerable situation.  Since predators use online classifieds to lure unsuspecting victims, you should find out as much as possible about strangers who contact you. Use Google or iSearch.com to investigate names and email addresses.

Whenever possible, deal locally. People who cannot meet you in your town are more likely to be scammers. And even when you do meet in person, you should be wary.

Never engage in online transactions involving credit cards, cashier’s checks, money orders, personal checks, Western Union, MoneyGram or cash, that require you to send money to a stranger in response to money they have sent you. This is an advance fee scam.

Be smart. Don’t disclose your financial information, including account or Social Security numbers, for any reason. Scammers will say anything in order to get this information.

Prevent check fraud. When sending checks in the mail, you want to prevent “check washing,” which occurs when they recipient alters the name of the payee and increases the dollar amount, draining your checking account. Something as simple and inexpensive as a select uni-ball pen can help. These pens contain specially formulated gel ink (trademarked Uni-Super Ink™) that is absorbed into the paper’s fibers and can never be washed out.

Secure your PC. Make sure your PC is protected with McAfee anti-virus software and all your critical security patches in your operating system are up to date.

Protect your identity. You can’t prevent all forms of identity theft. However you can significantly reduce your risk by making a small investment in your personal security by investing in Intelius Identity Protect or considering the options described in this blog post.

Robert Siciliano identity theft speaker discussing advanced fee scams

Check Fraud Identity Theft is Rising

Robert Siciliano Identity Theft Expert

As opening new lines of credit becomes more difficult, identity thieves are gravitating toward check fraud.

Check fraud is a billion dollar problem. As predicted by the Identity Theft Resource Center, check fraud, which accounted for 12% of financial crimes in 2007, increased to 17% in 2008. According to the American Bankers Association Deposit Account Fraud Survey Report, $969 million were stolen via check fraud in 2006, up from a reported $677 million in 2003. Of the $969 million dollars lost to check fraud, 38% was stolen through return deposit scams, 27% was stolen using cloned checks, 28% was stolen using counterfeit checks,  and 7% was stolen by altering or washing checks.

In an article in The New York Post, a brazen ring of thieves enlisted crooked bank tellers to run a check fraud scheme that was brought down when the crooks made the mistake of forging checks from a NYPD account. Two criminal hacker ringleaders organized the counterfeit scam, using 950 “soldiers,” or “mules,” to deposit and cash counterfeit checks, netting them millions of dollars. Three bank tellers were involved, stealing and selling customer profiles which included names, Social Security numbers, and account numbers. Insider identity theft of this kind accounts for up to 70% of all instances of identity theft.

Check fraud victims include banks, businesses and consumers themselves. Our current system for cashing checks is somewhat flawed. Checks can be cashed and merchandise can be purchased even when there is no money in the checking account.

I presented a program on motivation and self-improvement at a women’s prison in Massachusetts a few years back. I requested a little background on the women I was speaking to, just because I watch too many movies and I wanted to know if there was any possibility I’d get shanked. The case worker informed me that about 80% of the women were incarcerated for check fraud and shoplifting. It seems that when some people get a checkbook, they consider it an opportunity to print money.

There are numerous forms of check fraud:

Forged signatures are the easiest form of check fraud. These are legitimate checks with a forged signature. This can occur when a checkbook is lost or stolen, or when a home or business is burglarized. An individual who is invited into your home or business can rip a single check from your checkbook and pay themselves as much as they like. Banks don’t often verify signatures until a problem arises that requires them to assign liability.

Forged endorsements generally occur when someone steals a check and cashes or deposits it. There’s really nothing anyone can do to protect themselves from this, aside from guarding their checks and going over their bank statements carefully.

Counterfeit checks can be created by anyone with a desktop scanner and printer. They simply create a check and make it out to themselves. In order to prevent your checks from being counterfeited, make sure you shred all canceled checks before throwing them away, and be sure to lock up any checks in your home or office. Consider a locked mailbox so nobody can access your bank statements. You should also seriously consider using online banking exclusively, and discontinuing paper statements.

Check kiting or check floating usually involves two bank accounts, where money is transferred back and forth, so that they appear to contain a balance which can then be withdrawn. A check is deposited in one account, then cash is withdrawn despite the lack of sufficient funds to cover the check. In this case, it’s generally the bank or whoever cashed the check that gets burnt, unless they are able to go after the person who used their own account.

Check washing involves altering a legitimate check, changing the name of the payee and often increasing the amount. This is the sneakiest form of check fraud. When checks or tax-related documents are stolen, either from the mail or by other means, the ink can be erased using common household chemicals such as nail polish remover. This allows the thieves to endorse checks to themselves. In this case, something as simple and inexpensive as a select uni-ball pen can help. Select uni-ball pens contain specially formulated gel ink (trademarked Uni-Super Ink™) that is absorbed into the paper’s fibers and can never be washed out. The pen costs two bucks and is available at any office supply store.

If you write a check to pay a bill and then put it in your mailbox for the postal carrier to deliver, you put yourself at a higher risk for check fraud. Thieves see that red flag up and go phishing for checks. I suggest using a uni-ball pen and taking checks directly to the post office, or dropping them in a big blue mailbox.

If you plan to do any online banking, which millions do, make sure your PC is protected with McAfee anti-virus software and all your critical security patches in your operating system are up to date.

Robert Siciliano identity theft speaker discussing identity fraud and security

Identity Theft Expert; Organized Webmobs Focused on Cyber Crime

Identity Theft Expert Robert Siciliano

New reports confirm what we have been seeing in the news; organized criminals have upped the ante. Global web mobs are tearing up financial institutions’ networks.

We’ve known for some time that the long-haired, lowly, pot-smoking, havoc-reeking hacker, sitting alone in his mom’s basement, hacking for fun and fame is no more. He cut his hair and has now graduated into a full time professional criminal hacker, hacking for government secrets and financial gain.

His contacts are global, many from Russia and Eastern Europe, and they include brilliant teens, 20-somethings, all the way up to clinical psychologists who are organized, international cyber criminals.

We are in the middle of a cold cyber crime war.

Their sole motivation is money and information and they either find their way inside networks due to flaws in the applications, or they work on their victims psychologically and trick them into entering usernames and passwords, or clicking links.

According to a new Verizon report, a staggering 285 million records were compromised in 2008, which exceeds total losses for 2004-2007 combined. As many as 93% of the breaches were targeted hacks occurring at financial institutions.

Hackers made $10 million by hacking RBS Worldpay’s system, then loading up blank dummy cards and gift cards, and sending mules to use them at ATMs. The entire scheme took less than one day to pull off.

Many of these hacks occur due to flaws in the design of web applications. The criminals send out “sniffers,” which seek out those flaws. Once they are found, the attack begins. Malware is generally implanted on the network to extract usernames and passwords. Once the criminals have full access, they use the breached system as their own, storing the stolen data and eventually turning it into cash.

Meanwhile, criminal hackers have created approximately 1.6 million security threats, according to Symantec’s Internet Security Threat Report. 90% of these attacks were designed to steal personal information including names, addresses and credit card details. Almost every single American has had their data compromised in some way.

Unsuspecting computer users who do not update their PC’s basic security, including Windows updates, critical security patches or anti-virus definitions often become infected as part of a botnet. Botnets are used to execute many of the attacks on unprotected networks.

The same study shows computer users were hit by 349 billion spam and phishing messages. Many were tricked into giving up personal information. It is common sense not to plug data into an email that appears to be from your bank, asking to update your account. Attacks directed towards mobile phones are also rising. “Phexting” is when a text message phishes for personal data. Just hit delete.

Much of the data stolen is out of your hands. So invest in identity theft protection, and keep your McAfee Internet security software updated.

Robert Siciliano, identity theft speaker, discusses criminal hackers who got caught.

I’m excited to work with uni-ball in 2009 in a partnership to help raise awareness about the growing threat of identity theft and provide tips for protecting yourself. Check out uniball-na.com for more information.

Is the security community selling fear?

Robert Siciliano Identity Theft Expert

Cyber crime profits are running into the trillions.

Weekly, and often daily, I remind readers of how potentially screwed they are once they boot up their PCs and access the Internet. Identity theft is a real problem that messes up people’s lives. When someone’s PC is hacked and their passwords are compromised, account takeover can be financially devastating. Even though a financial institution may resolve the errors, victims still lose money.

Most are beginning to realize that the only secure PC is one that is powered off.

Many view these rants as selling “FUD”: fear, uncertainty and doubt. And selling fear is what gets people to buy your security product. Many have accused the Internet security companies of being fear mongers peddling their wares during the Conficker scare.

Fear-based selling has been going on since the beginning of time and will always be a part of the sales cycle. But am I really selling fear? Do those I work with sell fear? I don’t think so. But feel free to disagree with me.

The fact remains that there are scumbags out there, trying to figure out how to get you to part with your money in thousands of different ways, every day, all day. And if reminding readers of all these scams and then selling a solution to the problem is selling fear, then so be it. The question is, is the fear real or made up? Is there a legitimate scare that needs to be brought to light, and a solution that will fix it? Or is this just selling snake oil and false promises, and taking advantage of people?

Information Week states, “The computer security industry has failed computer users, and the Internet has become so unsafe that average users can’t protect themselves.” The Internet is not a safe place for everyday folk. The online world is like Iraq and Afghanistan (dangerous), the Taliban (criminals) are everywhere. Most people do not have the capacity to secure their networks or the technical know-how to surf safely. Studies show that 40% of web surfers haven’t updated their browser’s security, or their Windows-based computers don’t have their critical security patches updated.

The threats are real. The Washington Post reports that Senate lawmakers are advancing legislation to create mandatory computer security standards for government and private sector operators of critical infrastructure. This is legislation that will force standards in security,  ensuring that we keep the lights on, the fields plowed, the water clean, and the engines running.

If there was ever a time to be “fearful” and to make an investment in identity theft protection, Internet security software such as McAfee, or any other protective hardware or software as a result, now is that time.

Robert Siciliano Identity Theft Speaker discussing online security here

I’m excited to work with uni-ball in 2009 in a partnership to help raise awareness about the growing threat of identity theft and provide tips for protecting yourself. Check out uniball-na.com for more information.

Identity Theft Speaker; Confickers Threat Hasn’t Waned www.IDTheftSecurity.com

Robert Siciliano Identity Theft Expert

We are not out of the woods with this one.

Conficker’s rise and fall and the passing activity of the worm on April 1st has allowed researchers and anti-virus companies to better understand the virus and its impact. While April Fools was supposed to be the day of reckoning for Conficker, it wasn’t and still isn’t a joke.

Viruses often come with a trigger date, as pointed out by CNET. And while many fail to meet the media hype, they still can and often do cause millions or billions in damage.

The media does what it does and reports on the news. While they or even I may not always get the facts straight, the impetus is still there.

In a “Conficker Postmortem,” CNET examines the media frenzy and points to a humorous spoof that Wired ran, a fake live blog from the “Conficker Worm War Room.” CNET also points out that, “The New York Times called it an ‘unthinkable disaster’ in the making. CBS’s 60Minutes said the worm could ‘disrupt the entire internet,’ and The Guardian warned that it might be a ‘deadly threat’.”

The positive result of this media hype is that it brings attention to an ongoing problem for an audience that never considered themselves vulnerable to these issues. In my world, even Facebook friends and Twitter followers who had never reacted to previous posts on a plethoraof IT and personal security issues are finally starting to ask the right questions.

“Your mom’s virus,” as we knew it, has become a part of popular culture. In a sense, this is a good thing, because it’s now water cooler talk with the same level of buzz as Britney Spears going nutty. We in the security community couldn’t ask for more and better attention, that may potentially enlist an army of security moms. Thank you, Conficker!

Still, Conficker is the most sophisticated virus to date and is still waiting to strike, which can very well lead to major data breaches and identity theft. As the virus continues to call home for the yet to be delivered update, researchers have determined an estimated 3.5 to 4 million PCs are infected on the Conficker botnet, which is the most powerful and dangerous aspect of Conficker.

Overall totals of infected computers may still be between 10 and 15 million. Many of those have a dormant virus that has the capability to wreak havoc, or that may have already been rendered impotent by anti-virus providers and IT administrators who have taken advantage of numerous solutions by McAfee and others.

What the public needs to understand is this infection is anything but over. The virus phones home every day looking for its next set of updates, which could still have catastrophic results if the virus ever reaches its full potential.

The risk here is that a virus of this kind has technology that can disable anti-virus software and that prevents access to numerous websites which provide automatic security updates, including Windows.

Today, Brian Krebs from the Washington Post points out the similarity’s to Y2K potential bug, just as I did last week. “In one sense, the response to Conficker could be compared to that of Y2K: A great deal of smart people threw a whole lot of resources and energy at a fairly complex problem and managed to turn a potentially very ugly situation into a relative non-event.”

The attention that Conficker brought upon itself has rallied security professionals to be on their highest guard, which is exactly where they should be.

See Robert Siciliano, identity theft speaker, discussing hacking for dollars.

I’m excited to work with uni-ball in 2009 in a partnership to help raise awareness about the growing threat of identity theft and provide tips for protecting yourself. Check out Uniball.com for more information.

Identity Theft Expert; Conficker Virus Countdown

Robert Siciliano Identity Theft Speaker

News of Conficker out of control then under control is everywhere.

60 minutes reports on everything we have discussed in these posts. Main stream media has recognized the Internet has a cancerous virus and is infected. Criminal hackers are creating viruses infecting webpages in record numbers all in the name of money.

Security professionals are losing sleep as they race against the bad guys in anticipation of the next big breach.

Conficker is big news as its infecting mainly corporate networks at an astonishing estimated 10-12 million PCs and this sleeper cell is set to get its next set of updates April 1st.

Like Al Queda operatives living amongst us, cyber terrorists waiting for their next communiqué from a remote cave, Conficker waits to strike.

Nobody knows what’s going to happen April Fools, but security professional have a plan. Do you?

By all accounts Conficker has the potential capacity to steal data or launch a massive denial of service attack which encompasses massive amounts of data, flooding the Net, bogging down mainframe servers that distribute data to our inboxes.

60 Minutes used the example of what I did on CNN describing a Facebook hack and used a Morley Safer Facebook account that may be hacked with Conficker and begins to send messages to Morleys friends. Then Leslie Stahl who is a Morely “friend” receives an email looking like it’s from Morelys Facebook account to click a video. That video has a destructive payload that infects Leslies machine and the virus replicates itself to Leslies contacts.

Now Morelys PC has a virus that records all his keystrokes and Leslie is just as vulnerable. Bank accounts are cracked, credit card log-ins are stolen, the contents of their My Documents folders are copied and sent to Turkey and identities are stolen. People who don’t have any identity theft protection face years of dealing with creditors who accuse them of being bad debtors.

Malware is showing up on thousands of websites compromised in numerous ways and infecting computer users whose defenses are down.

Most attacks can be prevented with updated anti virus like McAfee or others. But with an estimated 15,000 new infections daily it’s difficult for the every day user to protect themselves unless they are automatically downloading virus definitions. And that may not be enough.

Criminal hackers come in all shapes and colors from every corner of the world. Russian hackers are often depicted as the best of the worst. These cyber criminals are often put on a pedestal in their communities as they brag about their accomplishments, hacking wealthy hacker Americans and stealing 10s of thousands of dollars monthly and spending that money in their remote villages.

Russian authorities generally don’t prosecute and may even employ criminals to steal from greedy Americans. As long as hate and money are motivators, foreign governments will groom and incite talented 14 year olds into a life of crime.

This story is far from over.

Robert Siciliano Identity Theft Speaker discusses online banking security here

I’m excited to work with uni-ball in 2009 in a partnership to help raise awareness about the growing threat of identity theft and provide tips for protecting yourself. Check out uniball-na.com for more information

Identity Theft Expert and Laptop Computer Security: CTO of MyLaptopGPS Explains Why Internet-based GPS is Best for Laptop Tracking

(BOSTON, Mass. – March 30, 2009 – IDTheftSecurity.com) Stolen laptop computers almost always end up indoors and connected to the Internet, according to Dan Yost, chief technology officer of laptop computer security firm MyLaptopGPS. He further noted that these circumstances at once hamper other laptop tracking systems and call for Internet-based GPS, MyLaptopGPS’ brand of laptop trackingtechnology. 

“GPS technologies such as those found in car navigation systems are great for tracking cars and kids — both of which are often outdoors,” said Yost, who invited readers to follow MyLaptopGPS’ laptop computer security blog and laptop computer security posts at Twitter. “But stolen laptops are almost never outdoors. Thieves — or the unwitting buyers of the machines thieves steal — almost always take them indoors and connect to the Internet. This is where Internet-based GPS is best for determining the lost equipment’s whereabouts.” 

Yost’s expertise has been featured twice in CXO Europe. Furthermore, in December of 2008, he and widely televised and quoted identity theft expert Robert Siciliano co-delivered a presentation titled “Information in the Modern Age: Maintaining Privacy in an Era of Medical Record Identity Theft” at the 4th Annual World Healthcare Innovation & Technology Congress in Washington, D.C., where Former U.S. Congressman Newt Gingrich delivered the keynote address. 

The success rate for MyLaptopGPS is 99.6 percent; the theft rate for laptop computers equipped with the company’s technology is 0.4 percent, or 32 times lower than the average. MyLaptopGPS’ technology achieves this through six layers of security: 

1) Prevention: MyLaptopGPS-equipped mobile computing equipment clearly displays the technology’s presence on the machine. This is itself a major deterrent. 

2) Tracking: Internet-based GPS determines the whereabouts (via IP address) of a stolen machine shortly after the unintended user connects to the Internet. 

3) Recovery: Once the stolen machine is online, MyLaptopGPS software is able to retrieve important files silently and from a remote location. 

4) Destruction: MyLaptopGPS’ software also deletes these same files from the originating machine — again, silently and from a remote location. 

5) Tracing: MyLaptopGPS’ offers SafeTags™, police-traceable property tags designed to secure iPods™, cell phones, BlackBerry™ devices and other mobile computing property. 

6) Identification: MyLaptopGPS’ SafeRegistry™ facilitates the inventorying of entire fleets of mobile computing devices. 

“Laptop computer security is inexpensive, but a stolen laptop can cost a fortune,” said Siciliano, who endorses MyLaptopGPS and is CEO of identity theft protection firm IDTheftSecurity.com. “The choice is obvious, and with a success rate approaching one hundred percent, MyLaptopGPS is the go-to solution for organizations of all kinds looking for an affordable, effective deterrent against laptop theft.” 

YouTube video shows Siciliano on a local FOX News affiliate discussing the importance of securing mobile computing devices on college campuses, where laptop theft can run rampant. To learn more about identity theft, a major concern for anyone who’s lost a laptop computer or other mobile computing device to thieves, readers may go to video of Siciliano at VideoJug. 

Featured in Inc. Magazine and TechRepublic, MyLaptopGPS maintains the Realtime Estimated Damage Index (REDI™), a running tally of highly publicized laptop and desktop computer thefts and losses and these losses’ associated costs. A log of these high-profile laptop thefts is available at MyLaptopGPS’ website. Anyone who belongs to LinkedIn® is encouraged to join MyLaptopGPS’ laptop computer security group there. They may download a demo of MyLaptopGPS, as well, and have the opportunity to read one of two reports tailored to the type of organization they run. 

### 

About MyLaptopGPS

Celebrating 25 years in business, Tri-8, Inc. (DBA MyLaptopGPS.com) has specialized in complete system integration since its founding in 1984. From real-time electronic payment processing software to renowned mid-market ERP implementations, the executive team at MyLaptopGPS has been serving leading enterprises and implementing world-class data systems that simply work. With MyLaptopGPS™, Tri-8, Inc. brings a level of expertise, dedication, knowledge and service that is unmatched. MyLaptopGPS™’s rock-solid performance, security, and reliability flow directly from the company’s commitment to top-notch software products and services. 

About IDTheftSecurity.com

CEO of IDTheftSecurity.com, Robert Siciliano is a member of the Bank Fraud & IT Security Report‘s editorial board and of the consumer advisory board for McAfee. Additionally, in a partnership to help raise awareness about the growing threat of identity theft and provide tips for consumers to protect themselves, he is the 2009 nationwide spokesperson for uni-ball (uniball-na.com provides for more information). A leader of personal safety and security seminars nationwide, Siciliano has been featured on “The Today Show,” CNN, MSNBC, CNBC, “FOX News,” “The Suze Orman Show,” “The Montel Williams Show,” “Maury Povich,” “Sally Jesse Raphael,” “The Howard Stern Show,” and “Inside Edition.” Numerous magazines, print news outlets, and wire services have turned to him, as well, for expert commentary on personal security and identity theft. These include ForbesUSA TodayEntrepreneur, Woman’s DayMademoiselleGood HousekeepingThe New York TimesLos Angeles Times,Washington TimesThe Washington PostChicago TribuneUnited Press InternationalReuters, and others. For more information, visit Siciliano’s Web siteblog, and YouTube page. 

The media are encouraged to get in touch with any of the following individuals: 

John Dunivan

MyLaptopGPS Media Relations

PHONE: (405) 747-6654 (direct line)

jd@MyLaptopGPS.com

http://www.MyLaptopGPS.com 

Robert Siciliano, Personal Security Expert

CEO of IDTheftSecurity.com

PHONE: 888-SICILIANO (742-4542)

FAX: 877-2-FAX-NOW (232-9669)

Robert@IDTheftSecurity.com

http://www.idtheftsecurity.com 

Brent Skinner

President & CEO of STETrevisions

PHONE: 617-875-4859

FAX: 866-663-6557

BrentSkinner@STETrevisions.com

http://www.STETrevisions.com

http://www.brentskinner.blogspot.com

Identity Theft Expert; Anatomy of a Hack

Robert Siciliano Identity Theft Expert

There is a battle going on round the clock, between the bad hackers and the good hackers. Most of the time, the good guys lose. Here we have an example of the bad guy actually getting caught.

At age 19, an Israeli criminal hacker named Ehud Tenebaum made news as “The Analyzer,” (a great tag for a criminal hacker) after he cracked and penetrated the Pentagon, NASA and even Hamas computer networks.

He then went silent and is believed to have embarked on a 10 year long international conspiracy to hack networks of United States and Canadian banks and other financial institutions. Losses are estimated at $10-12 million.

The Analyzer’s hacking technique is believed to be “SQL injection,” a tactic that I’ve blogged about previously, which exploits vulnerabilities in software development.

A forensic analyst who investigated breaches in both countries found a common thread in each hack. Servers in Virginia owned by HopOne, an ISP, were used as a routing point, receiving their commands from another set of servers at a Dutch hosting company.

Here’s where Big Brother is watching, and in this case, for good reason.

Last spring, US investigators working with Dutch authorities requested that all data traffic from the Dutch servers on route to Virginia be intercepted through wiretapping and provided to authorities.

During this time, criminal hackers from all over the world used the stolen data to create ATM white cards and prepaid gift cards loaded with cash. They withdrew cash from ATMs on three continents to the tune of approximately $450,000.

According to Wired, the wiretapped traffic included email discussions between numerous criminal hackers, regarding their accomplishments. One email address, Analyzer22@hotmail.com, provided investigators with their smoking gun. The Hotmail address had Ehud Tenebaum’s name and age registered along with it. Not too smart, E.T.

Ehud Tenebaum owned and operated a Canadian computer security company called Internet Labs Secure. One of the IP addresses used to access the Hotmail account was registered to Tenebaum’s business. E.T. phoned home and got caught.

This is one example of high tech organized criminals taking advantage of numerous flaws in the technology we use every day.

Be warned, there are plenty more to take E.T.’s place. Chances are, someone moved right in where he left off.

Invest in identity theft protection. Install and update Internet security software such as McAfee. Check your bank and credit card statements online bi-weekly and make sure to refute unauthorized charges within a 30 to 60 day period.

I’m excited to work with uni-ball in 2009 in a partnership to help raise awareness about the growing threat of identity theft and provide tips for protecting yourself. Check out uniball-na.com for more information.

Identity Theft Speaker Robert Siciliano discussing credit card hacks here

Identity Theft Expert; Scareware Scares You Into Paying

Robert Siciliano Identity Theft Expert

If one could have a favorite scam, for me it would be “scareware.” My reasoning for this is thats it’s one of the few scams that actually gets through to me. My defenses are pretty good, but I still see scareware. They’ve even taken my blog posts and used my name to launch scareware in Google News Alerts. I got some criminal hacker’s attention and he created scareware in honor of lil’ ole me!

Web pages may be infected or built to distribute scareware. The goal is to trick you into clicking on links. After landing on a page, pop-ups bombard you and warn that your PC is infected with an Ebola- like virus and your PC will die a horrible death with fluids running from all ports if you don’t fix it immediately for $49.95.

Shutting off this pop-up is often difficult and any buttons you press within this pop-up could mean downloading the exact virus they warned you of. BRILLIANT!

Criminals are even using Google Ads, and have posted ads on well known sites such as E-Harmony and Major League Baseball.

I’m online all day, every day and do a ton of research, which means I click lots of links, and see scareware often. If I wasn’t aware of IT security and what this ruse was about, I’d have been bilked of $49.95 long ago. Many people take the bait, more than you can imagine.

Studies show that organized criminals are earning $10,000.00 a day from scareware! That’s approximately 200 people a day getting nabbed. Some “distributors” have been estimated to make as much as $5 million a year.

What makes the scam so believable is there is actual follow through of the purchasing of software that is supposed to protect you. There is a shopping cart, an order form, credit card processing and a download, just like any online software purchase.

The software is sometimes known as “AntiVirus2009” “WinFixer,” “WinAntivirus,” “DriveCleaner,” “WinAntispyware,” “AntivirusXP” and “XP Antivirus 2008.” These are actually viruses or spyware that infect your PC, or just junk software that does nothing of value.

A report by the Anti-Phishing Working Group, released in March 2009, found 9,287 bogus anti-malware programs in circulation in December 2008 – a rise of 225% since January 2008. That’s simply because the scam works so well.

Teams of criminal hackers each have their own tasks and responsibilities. Team 1 creates pages loaded with scareware and works those pages into the search engines, while others infect legitimate websites. Team 2 creates the junky or spyware-ridden software you are scared into buying. Team 3 creates the infrastructure to process your credit card.

Protect yourself. Invest in anti-virus software, such asMcAfee. Make sure your browser has a pop-up blocker turned on, to avoid having to be “scared.” If you get a pop-up, you can close it by clicking the red X in the upper right corner, just don’t click on anything in the body of the pop-up. I suggest shutting down your entire browser, however, to be safe.

Make sure your PC is updated with critical security patches and most of all, be smart.

See Robert Siciliano, identity theft speaker, discuss Ransomeware, a form of scareware here.

I’m excited to work with uni-ball in 2009 in a partnership to help raise awareness about the growing threat of identity theft and provide tips for protecting yourself. Check out uniball-na.com for more information.