DNA Tech is Catching Bad Guys and its Great and Scary

In 1996, a 12-year-old Washington state girl was raped and murdered. However, it wasn’t until June 2018, that an arrest was made in the case. How did this happen? DNA technology.

The man arrested is Gary Hartman, and he is accused of killing and raping 12-year old Michella Welch. Donald Ramsdell, the Tacoma Police Chief, has said that computer modeling, police techniques, and advances in DNA identification has led his team to arresting Hartman on June 20th.

This case goes all the way back to March 26th, 1986. Welch and her sisters were in Tacoma’s Puget Park. She left her sisters there and went home to make lunch. About three hours later, Michella’s sisters noticed that her bike and lunch were at the park, but she was nowhere to be found. Just before 11pm that night, the body of Michella was found. DNA was recovered, but police were unable to solve the case…until now.

Before the arrest of Gary Hartman was made, police tried a number of methods to solve this case. For instance, in 2006, they were able to create a DNA profile of the person whose DNA was found at the crime scene. However, they were unable to match that DNA with what was in their database. It wasn’t until 12 years after that, in 2018, that detectives from the Tacoma Police department was able to work with genetic genealogists and track the DNA to family members of the, at the time, unknown suspect. The researchers then used that information, along with public records, to create a family tree. There were two members of the family, brothers, who lived in Tacoma in 1986. Both immediately became possible suspects.

On June 4, detectives began monitoring Gary Hartman. Nothing of note happened that day, but the next day, June 5, Hartman went to breakfast with a co-worker. Detectives took the napkin that Hartman used at the restaurant and sent it in for DNA testing. The DNA that was on the napkin was the same DNA found at the rape and murder scene of Michella Welch. He was arrested for the crime on June 20 after a traffic stop.

Michella’s mother is thrilled by the arrest, and Michella’s younger sister, Nicole, who was only 9-years old in 1986, described her sister like a “second mother,” and said that Hartman cut her sister’s “precious life” short.

This is all wonderful. And right out of a sci-fi movie. OK, so you have nothing to hide right? I have nothing to hide either. But I’m never throwing a napkin away again!

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Researchers Say Office of Personnel Management Hack Leads to Ransomware

In June, 2015, it was revealed by an anonymous source that the Office of Personnel Management was hacked. This office, which administers civil service, is believed to have been the target of the Chinese government. This is one of the largest hacks in history involving a federal organization.

Slowly, the motivation behind the hacking is being understood. At first, it seemed obvious, the stolen data being personally identifiable information, which is what was taken can be used for new account fraud. But in government breaches, they usually look for military plans, blueprints, and documents that deal with policy.

The question, of course, is why did the hackers focus on this information? Well, some of the data that was taken was used to launch other attackers against contractors, and this resulted in the access to several terabytes of data.

Now, those who have become victims of this attack have found themselves being the target of ransomware.

Security experts have recently noticed that the victims have been getting phishing emails, and these messages look like they are coming directly from the Office of Personnel Management. When these emails arrive, the body and subject of the message seem as if the email contains an important file. When the unsuspecting victim downloads the .ZIP file, however, they instead receive a type of ransomware called Locky.

These attacks are much more dangerous than the average phishing attack. This is mainly due to the fact that they are being received by those who have worked with the Office of Personnel Management before. Thus, they have seen the genuine emails from the office, which look remarkably similar to the fake ones. The only thing that set the two emails apart was a typo that said “king regards,” instead of “kind regards,” and a phone number that doesn’t work. These are details that many people overlook, which makes it easy for hackers to be successful with these schemes.

Who was Really Behind This Hack?

Though experts believe that the Chinese government is behind this hack, there are some facts that look a bit fishy. For instance, since personal data was taken and data has been taking hostage, this seems much more like a typical cybercrime operation instead of something that a nation would do. After all, why would China be looking for a few hundred dollars from people who want their files back?

Of course, this could be a smokescreen and someone could just be using this attack as a smokescreen…and while experts are focused on this, the real attack could be planned for the future.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Hacker for hire a rising Trend

Hackers and wannabe hackers can easily purchase cheap tools of the trade online. The security firm Dell SecureWorks Inc. confirms this in their latest report and adds that underground markets for hackers, including those from Russia, is thriving.

11DThe “Dark Web” is the go-to place for hackers looking for guidance and tools like malware. Yes, you can buy malware. If you don’t want to be the hacker, you can hire a hacker.

There’s any number of reasons why a non-techy person would want to hire a hacker. Maybe that person wants to make money and thus hires a hacker to create a phishing campaign that generates lots of credit card numbers and other personal data for the hacker’s client to then open credit lines in victims’ names.

Maybe another client wants revenge on an ex-lover, their current boss or neighbor; they hire a hacker to crack into the target’s Facebook account, and then the client is able to log in, impersonate the victim and post comments and images that will make the victim look frightfully bad.

Dell SecureWorks Inc., also found:

  • For $129 a hacker will steal e-mails from personal Yahoo or Gmail accounts.
  • For business accounts, however, hackers want $500 per e-mail.
  • Wannabe hackers can buy phishing tutorials as well as other tutorials for $20 to $40.
  • Gee, for just $5 to $10, you can buy a Trojan virus that you can infiltrate someone’s computer with and control it—even if you’re a thousand miles away.

So booming is the hacker for hire and hacker-in-training industry, that these cybercriminals even offer customer service. Makes you wonder why hackers are selling their knowledge, tools and providing customer service, if they can make so much more money just hacking.

Well, maybe deep down inside, these crooks have a kind heart and want to help out people, even if it means helping them commit crimes. Another explanation is ego; they’re so good at what they do that they want to share their knowledge, albeit for a fee.

What else is for sale on the Dark Web? Stolen hotel points and frequent flyer accounts. Buyers can use these to get gift cards on legitimate sites, says the report from Dell SecureWorks Inc.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

Auto Hacking is a real Thing

You’ll probably be shocked to learn that last year, thousands of cars with keyless entry technology were stolen in London, says a report from wired.com.

10DBut fact is, the more connected a vehicle is to the cyber world, the more hackable the vehicle is—and the hack could be to steal the vehicle or hurt the owner.

Rule: Anything that’s connected, especially via WiFi can be hacked.

The article notes that recently, a Jeep Cherokee was hacked with a smartphone via its Internet-connected navigation and entertainment system; the hackers remotely took control of its steering and brakes while it was on a road.

But don’t panic yet; it was an experiment conducted by good-guy hackers to demonstrate the vulnerability of a connected vehicle. The flaw was corrected after Chrysler recalled 1.4 million vehicles.

But what about getting into keyless-entry vehicles? A device is sold online for $31 that can clone the “key.” The wired.com article notes that BMW, Audi, Mercedes, Saab and Land Rover are among the models at risk.

The thief plugs this device into the vehicle’s diagnostic port. The information collected is then used to reprogram a blank fob that can start the vehicle—after the thief smashes a window to get in.

To deal with this, car makers are trying to create a key whose signal is harder to copy. Security experts point out that vehicles need additional layers of protection such as encrypted communication between them and the Internet.

The Jeep mentioned above was hacked via its navigation and entertainment system, forced to go into a ditch. But another thing a hacker could do is spoof the GPS signals that emanate from satellites, and transmit altered directions to the driver, making that person go way off course. Imagine someone doing this as revenge, perhaps on his nasty boss from work.

Or they can sit back and laugh while they create traffic jams. But it won’t just be fun and games for all hackers. Imagine what terrorists or psychopaths could do. And it’s all very possible. University of Texas researchers actually steered a super yacht off course, unknown to its captain.

Hacking into cars will be even more feasible as cars become closer to being driverless, because this feature will be dependent upon being connected.

Pay close attention to any manufacturer recalls or updates that may involve a patch to correct any vulnerabilities.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

5 ways Criminals hack your PC

Hackers are hell-bent on busting into the network of their targets. They are persistent—never giving up. When you build your defense against cyber criminals, it must be done with the idea that they WILL succeed. When you operate on this assumption rather than thinking that your anti this and anti that are all you need, you’ll have the best cyber security in place.

4DAnother mistake is to assume that hackers hound only small businesses or weak networks. The cyber criminal doesn’t care so much about vulnerabilities; he wants the goods. It’s like a burglar wanting a million dollars worth of jewels that he knows is stashed inside a mansion surrounded by a moat filled with crocodiles. This won’t stop him. It will only determine the dynamics of how he penetrates.

Yes, less sophisticated hackers will target more vulnerable networks, but there’s a lot of hefty hackers out there who aren’t intimidated by persistence. If cyber thieves want a goal badly enough, they’ll get into every nook and cranny to achieve their mission.

Hackers also determine ahead of time how the victim might respond to an attack. The crime ring will invest time in this, going well-beyond the intended target’s IT tactics. They’ll go as far as learning employees’ after-hour leisure activities. To make it harder for hackers to mine all this information, a company should keep things unpredictable like work routines and not embrace social media.

The hacker creeps around quietly, going undetected while spreading damage. To catch below-the-radar cyber invasions, a business should employ a system that can spot and stamp out these murmurs.

Finally, cyber criminals usually launch a secondary attack as a distraction while the major attack gets underway—kind of like that newsworthy operation of some years ago involving pairs of thieves: One would approach a woman with a baby and tell her the baby was ugly. This distracted her so much that she had no idea that the accomplice was slipping off her purse and scrambling away with it. You must anticipate decoy operations.

Remember, install layers of protection:

  • Antivirus, antispyware, antiphishing, firewall
  • Set up encryption on your wireless router
  • Use a VPN when on free wireless
  • Keep your devices software, apps, browser and OS updated

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

10 Ways you may get Hacked this Summer

Can you name 10 ways you can get hacked this summer? I can.

Hotel Hacking

4DThose hotel electronic card locks for doors aren’t as secure as you think. A criminal attaches a little electronic gizmo beneath the lock, and presto, he’s in your room. You can’t stop this, but you can make the burglary worthless by not leaving valuables in your room. Always have your door locked overnight.

Car Hacking

Forget the bent coat hanger trick — that’s for rookies. But even a dimwitted thief could hack into your car this summer. For only $5, the thief buys a “black box,” a key fob spoofer, that electronically forces car doors open. Short of disabling your keyless entry, what you can do is park your car in lighted areas and keep valuable out of it. Or have your mechanic install a kill switch.

Credit Card Skimming

Criminals set up those card readers at stores with devices that will steal your card information. If you can’t pay with cash, use a credit card since there’s a delay in payment, whereas a debit card takes money from your account at the point of purchase. Keep a close eye on your credit card statements and bank account.

Hacking a Charging Phone

Avoid charging up your phone at a public kiosk. It doesn’t take a mental giant to install malware into these kiosk plugs. Once your phone gets plugged in, it’ll get infected. Use only your plug or wall outlets.

Finders Keepers Finders Weepers

If you happen to find a CD-ROM or thumb drive lying around in public, leave it be, even if it’s labeled “Hot Summer Babes at the Seashore.” You can bet that a crook left it there on purpose and wants you to plug it into your computer. You’ll end up installing malware that will allow the thief to remotely control your computer.

Phishing for Victims

You get an e-mail with a striking message in the subject line such as “Pics of you drunk at my party!” A percentage of people for whom these messages apply to will open the e-mail and take the bait: a link to click to see the photos. The link is malware and will infect your computer.

Wi-Fi Sharing

Using a public computer is always risky, as anyone can monitor your online actions. Hackers can even “make” your device go to malicious websites that will infect your device. Stay away from public Wi-Fi or use a VPN (virtual private network) like Hotspot Shield. A VPN will protect you summertime and all time at public WiFis.

Photo Geotagging

Every time you take a picture and post online, your location will be up for grabs in cyberspace, unless you’ve disabled your device’s geotagging.

Social Media

Beware of clickjacking and XSS. Clickjackers place a phony screen over an obscured malicious link, luring you to click. The hidden link then is triggered and gives the hacker your contacts, taking you to a malicious site. XSS puts a malicious script right in your browser that will install malware. So be judicious about clicking on popular videos and whatnot.

Airplane WiFi Hacking

Connect while 35,000 feet high and you can be revealing all sorts of private goodies. Airplanes lack online security. The aforementioned VPN is your best bet when connecting to airplane WiFi

Start your summer off securely by avoiding becoming a victim of hackers.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Criminal Hackers: The Soldiers of the Web Mob

Today’s criminal hackers are very different than those who hacked for fun and fame a decade ago. Every week, I see stories about more criminals in faraway lands, making millions from various scams, emptying the bank accounts of small businesses or draining the financial reserves of entire towns.

High-tech crimes can be committed by lone individuals, by small groups, or by organized web mobs. These web mobs structurally resemble the longtime operation of the Russian and Italian mafias, the Irish mob, the Bandidos, and the Hells Angels.

The Anti-Phishing Working Group has noted the success of Avalanche, a particularly large and successful web mob with an emphasis on phishing: “Phishing has always been attractive to criminals because it has low start-up costs and few barriers to entry. But by mid-2009, phishing was dominated by one player as never before—the ―Avalanche phishing operation. This criminal entity is one of the most sophisticated and damaging on the Internet, and perfected a mass-production system for deploying phishing sites and crimeware– malware designed specifically to automate identity theft and facilitate unauthorized transactions from consumer bank accounts.”

Avalanche was responsible for two-thirds of all phishing attacks launched in the second half of 2009, and for the overall increase in phishing attacks across the Internet.

Cybercrime of this magnitude requires a carefully ordered hierarchy. The players include:

  • Programmers, who write the viruses that will infect victim’s PCs
  • Carders, who sell stolen credit card data
  • IT guys, or black hat computer professionals, who maintain the hardware necessary to keep the operation running
  • Hackers, who look for vulnerabilities in networks and plant malicious code
  • Social engineers, who come up with the scam and write phishing emails to send to potential victims
  • Money mules, who are often foreign, traveling to the US specifically to open bank accounts, and who may also launder money
  • Bosses, who run the show, bring together talent, manage, and delegate

All of this is very real and it is happening right now. Even though data security hasn’t been in the media spotlight this year, we should all be aware of these risks.

To protect yourself from the bad guy, make sure your PC is fully updated with critical security patches, antivirus software, anti-spyware software, a secure wireless connection, and a two-way firewall. Check your online account statements frequently, and consider investing in identity theft protection that monitors your credit reports and monitors your information on the internet’s back ally chat rooms.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses hackers hacking wireless networks on Fox Boston. Disclosures

Criminal Hackers Create 3 Million Fraudulent Websites Annually

A recent study shows that organized criminals create approximately 8,000 malicious websites every day, or over 57,000 each week.

These malicious websites model legitimate websites that we visit every day, such as bank websites, online shopping sites, and eBay. According to this study, the most frequently impersonated companies include Visa, Amazon.com, PayPal, HSBC, and the United States Internal Revenue Service.

People are typically directed to these scam sites in one of three ways:

1. Often, potential victims end up visiting these spoofed websites via phishing scams. Phishing, of course, occurs when you receive an email that appears to be sent from your bank or other trusted entity, and a link in the email brings you to a website that is designed to steal your login credentials.

2. Scammers lure victims to their scam sites via search engines. When a website is created and uploaded to a server, search engines index the scam sites as they would any legitimate site. Doing a Google search can sometimes lead you to a website designed to steal your identity.

3. Social media sites like Facebook and Twitter are free, and this gives scammers an advertising platform. Criminals simply post links in status messages, on group pages, or fan message boards, using the legitimate appearance of the site to gain credibility.

Once a computer user clicks one of these links, he or she ends up on a website that is riddled with malicious software, which may install itself on the victim’s computer even if the victim doesn’t click or download anything on the scam site. This tactic is called a “drive by.” Or, users may be tricked into clicking links to download files. Either way, the ultimate goal is to gather usernames, passwords, and, if possible, credit card or Social Security numbers in order to steal identities.

By understanding how these scams work, PC users can begin to learn what to do while online and, more importantly, what not to do.

Never click on links in the body of an email. NEVER. Always go to your favorites menu or manually type the address into the address bar. This means that you should never copy and paste links from emails, either.

When searching out a product or service, be aware that you could be led to a scam site. A properly spelled web address is one indicator of an established, legitimate site. Try to restrict your business to sites you know and trust. Also, before entering credit card information, look for “https://” in the address bar. This means it’s a secure page and less likely to be a scam.

Just because a link for a tempting deal appears on a popular social networking website doesn’t mean it’s legitimate. I’d shy away from clicking links. Use your common sense. If it seems too good to be true, it is.

Forewarned is forearmed.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses phishing on NBC Boston. Disclosures

Criminal Hackers Steal Victims Home

A sophisticated scam left an Australian business man with a half million dollars stolen when criminals sold 2 properties and almost a 3rd using his stolen credentials. This kind of scam is happening in the U.S. too.

The business man had been overseas for a while and his neighbor contacted him at one point because his home was on the market and being sold. When the business man started investigating the non-permissioned sale, that’s when he realized the other properties had been sold and were no longer his.

The thieves, were believed to be Nigerian, and had enough information on the man to allow the real estate transactions to go through.  It is believed the criminal hackers got into his email account and obtained his personal identifying information along with his property documents which enabled the criminals to sell the houses.

Reports state the transactions were made virtually via email, telephone and fax, without any physical contact between the owner and anyone else. In this scam the owner, the real estate agent, banks, and various government agencies were all duped.

The system of checking and verifying identities in this case and in others often fails.

Advice to prevent this type of crime is often directed towards real estate agents who are used as the pawn in the transaction and do the dirty deed for the scammer.

In the very least agents should request a photocopy of a driver’s license or passport before listing a home for sale when doing business virtually. Other suggestions might be verify signatures using a notary or checking existing documentation and compare signatures. Look at deeds for alterations and get them from the title company.

More importantly it is essential that the homeowner meet the real estate agent for a face to face meeting. Airfare can’t cost more than a few thousand dollars and when doing a half million dollar transaction it makes sense for everyone involved to make this a priority.

But the best thing and probably the most effective solution when doing a full blown virtual transaction is to contact a lawyer wherever the seller may be and require the seller to verify themselves through a competent lawyer or other professional who can review and certify the sellers credentials.

Homeowners have a different set of responsibilities.

First and foremost make sure to invest in title insurance. Title insurance should cover legal bills associated with this type of scam. Check the policy.

If you plan on leaving your home or investment property vacant for any period of time get friendly with your neighbors and request they alert you in case your property goes on sale.

Do the same with local real estate agents and request they do an occasional drive by. Have that same real estate agent check the MLS listing occasionally looking for your property to show up on the market.

Invest in technology. A home security camera solution that alerts you to any activity on the home can give you a sense of there is any mischief. Motion sensitive cameras can alert you to any activity via text or email and can be viewed remotely via a mobile phone or internet connection.

Robert Siciliano personal security expert to Home Security Source discussing burglar proofing your home on Fox Boston. Disclosures.

Giving Your Credit Card to a Hotel? Watch Your Statements.

Personally, I don’t particularly enjoy staying in hotels. Sure, after a long day of travel, the hotel is a relief, but in most cases, I’d much rather sleep in my own bed. Criminal hackers, on the other hand, love hotels.

According to a recent study, 38% of all credit card breaches occur in hotels. Despite several high profile breaches that recently affected payment processors and banks, the financial services industry only accounts for 19% of breaches. Retailers came in third at 14%, and restaurants fourth at 13%.

Over the past five years or so, I’ve noticed a trend in which criminals go after the most likely targets, and those victims beef up their defenses in response. So the bad guys move on to the next most likely target – one that hasn’t learned from others’ mistakes.

Hotels are easy targets because they are all credit card-based. It is possible to reserve a room without providing a credit card number, but they don’t make it easy. And hotels themselves certainly aren’t fortresses designed to keep bad guys out. They’re designed to be open and inviting, with, at best, a bellman whose focus is assisting guests rather than guarding the front door. Maybe that mentality exists in hotels’ IT security departments, too.

The root of the issue is the hotel industry’s insufficient security measures to prevent data breaches. Many rely on older point of sale terminals and outdated operating systems, which are more vulnerable to hackers. When the recession hit, many hotels cut back and decided to hold off on upgrades. While their defenses were down, hackers slithered into their networks to steal guests’ personal financial data. Once thieves have accessed this data, they can clone cards with the stolen numbers and use them to make unauthorized charges.

As a consumer, your only recourse is to pay close attention to every single penny charged to your credit card, and dispute any fraudulent or incorrect transactions, no matter how small. Check your statements frequently and be sure to dispute all unauthorized charges within two billing cycles, or 60 days.

Canada and Mexico have adopted smart cards, which use “chip and PIN” technology, making the credit card data useless to potential identity thieves. Eventually we may see the adoption of smart cards in the U.S., which would put an end to this madness.

Robert Siciliano, personal security adviser to Just Ask Gemalto, discusses hackers hacking hotels on CNBC. (Disclosures)