Government Agencies Engaging in Criminal Hacking Techniques

Identity Theft Expert Robert Siciliano

This article may be a little political. However bad guys are trying to win a cyberwar against us and it’s important to understand what’s being done to protect us.

The US National Security Agency is probably the most sophisticated group of security hackers in the world. Many will argue this point. The fact is, without NSA, US STRATCOM, which directs the operation and defense of the military’s Global Information Grid, and US CERT, attacks on our critical infrastructures would be successful. We’d be living in the dark, telephones wouldn’t work, food wouldn’t be delivered to your supermarket and your toilet wouldn’t flush. These are not the same bumbling government employees you see on C-SPAN.

The Obama administration is in the process of completing aninternal cyber-security review,  announcing plans for cyber-security initiatives and determining who’s going to lead the charge.

The New York Times reports that the NSA wants the job and of course, this is raising hackles amongst privacy advocates and civil libertarians who fear that the spy agency already has too much power. I’m all for checks and balances. However, in order to detect threats against our nation and other global computer infrastructures from criminal hackers and terrorists, those in charge of cyber-security must have full and unlimited access to networks. There is certainly a legitimate concern here that any government agency with too much power can overstep citizens’ rights. However, coming from a security perspective, there are some very bad guys out there who would like nothing more for you to be dead.

Here’s a glowing example of how this power is used for good. Wired.com’s Kevin Poulsen (who should be required reading) reports on an FBI-developed super spyware program called “computer and Internet protocol address verifier,” or CIPAV, which has been used to investigate extortion plots, terrorist threats and hacker attacks in cases stretching back to before the dotcom bust. This is James Bond, Hollywood blockbuster technology that makes for a gripping storyline. The CIPAV’s capabilities indicate that it gathers and reports a computer’s IP address, MAC address, open ports, a list of running program, the operating system type, version and serial number, preferred Internet browser and version, the computer’s registered owner and registered company name, the current logged-in user name and the last-visited URL. That’s the equivalent of a crime scene investigator having fresh samples of blood for the victim and perpetrator, and 360 degree crystal clear video of the crime committed.

The FBI sneaks the CIPAV onto a target’s machine like any criminal hacker would, using known web browser vulnerabilities. They use the same type of hacker psychology phishers use, tricking their target into clicking a link, downloading and installing the spyware. They function like any illegal hacker would, except legally. In one case, they hacked a mark’s MySpace page and posted a link in the subject’s private chat room, getting him to click it. In another case, the FBI was trying to track a sexual predator that had been threatening the life of a teenage girl who he’d met for sex. The man’s IP addresses were anonymous from all over the world, which made it impossible to track him down. Getting the target to install the CIPAV made it possible to find this animal. Numerous other cases are cited in the Wired.com article, including an undercover agent working a case described as a “weapon of mass destruction” (bomb & anthrax) threat, who communicated with a suspect via Hotmail, and sought approval from Washington to use a CIPAV to locate the subject’s computer.

So while Big Brother may yield some scary power, criminals and terrorists are a tad scarier. I’ve always viewed the term “Big Brother” as someone who watches over and protects you. Just my take.

As always, invest in identity theft protection and Internet security solutions to keep the bad guys and the spyware out.

Robert Siciliano, identity theft speaker, discusses spyware.

I’m excited to work with uni-ball in 2009 in a partnership to help raise awareness about the growing threat of identity theft and provide tips for protecting yourself. Check out uniball-na.com for more information.

Scamming the scammers

Robert Siciliano Identity Theft Expert

Scammers and even pedophiles are getting hacked by vengeful insidious opportunists.

Who doesn’t love vigilante justice? Some readers may remember Charles Bronson, an American actor who starred in the popular series Death Wish. Bronson played Paul Kersey, a man whose wife is murdered and whose daughter raped. In response, Kersey becomes a crime-fighting vigilante. This was a highly controversial role, as his executions were cheered by crime-weary audiences.

There is a certain amount of satisfaction when the victim becomes victor, exacting justice, and the predator that violates the law is sufficiently punished by the vigilante. Anyone who has ever entertained vengeance fantasies can relate. Of course, one doesn’t need to have been victimized in order to seek justice. Security guard David Dunn, played by Bruce Willis in the movie Unbreakable, avenges a crime committed against someone else.

The Internet has spawned a new breed of opportunist predator. The anonymity of the web, coupled with the inherent naïveté of many computer users, along with development of new technology at a speed that outpaces the learning curve of most users, make confidence crimes easier than ever.

What I find most disturbing are parents with young families who allow their children full, unsupervised Internet access. Fox News reports that in the past 5 years, federal agents have set up honeypots of agents posing as minors to attract pedophiles and have caught upwards of 11,000 in their nets. If they caught 11,000, there must be multitudes that haven’t been caught. What most people don’t realize is that there are over a half million registered sex offenders in the United States, and over 100,000 more sex predators unaccounted for.

“Don’t talk to strangers” used to be the extent of our personal security training. Now, a stranger can be in your 12-year-old daughter’s bedroom at 2 am, chatting on his or her webcam, or even under the covers on the iPhone that he bought her in order to evade her parents’ grasp.

Now, a new form of vigilante justice is occurring: scammers are illegally scamming, blackmailing and extorting other scammers.

The FBI recently caught up with one couple who has been posing as minors, engaging sexual predators in explicit online conversations and then adding a twist. This tech savvy couple are also hackers who engage in black-hat activities. As the predators attempted to gain the trust of the supposed “minors,” the couple was actually gaining access to the predators’ computers, sending numerous files that, when opened, launched an executable and granted full and unauthorized access to the kiddy-fiddlers’ computer systems. After gaining access to the predators’ computers, the couple learned their names, addresses, family members’ contact information, places of employment, and the user names and passwords for all of their financial accounts. Once armed with this type of data, the fun began. The couple would access the pedophiles’ bank, eBay and Paypal accounts. They would also blackmail their victims, threatening to expose their deviant behaviors to anyone who would listen if they didn’t cough up some cash. In one instance, after financial demands were made and not met, the couple accessed the user name and password of a New York teacher who didn’t comply and posted the explicit chats to the teacher’s school’s intranet.

In another example, 3 men apprehended in Kentucky set up a fake child pornography website, then extorted money out of their customers. When arrested, the men confessed to the crime but claimed that they were doing it to punish child pornographers.

Call this blackmail, call it extortion, or call it vigilante justice. You decide.

Robert Siciliano, personal security and identity theft speaker discusses online predators.

Protect your identity and your child’s identity. Install McAfee security software on your PC to prevent predators from intruding. And install child monitoring software to watch your kids online.

I’m excited to work with uni-ball in 2009 in a partnership to help raise awareness about the growing threat of identity theft and provide tips for protecting yourself. Check out uniball-na.com for more information.

WWW. Weird Wild Web Goes Nutty

Robert Siciliano Identity Theft Expert

Every day new reports of another flaw and another breach. Today we learn attacks rise 33 percent. I’m not surprised.

Credit card details of 19,000 Brits have been found on a cached Google page, where they had been accidentally published by fraudsters. Silly criminal hackers need to tighten up their data security controls and not publish sensitive data like that!

Reuters reports – Fraud on the Internet reported to U.S. authorities increased by 33 percent last year, rising for the first time in three years, and is surging this year as the recession deepens, federal authorities said.

Internet fraud losses reported in the United States reached a record high $264.6 million in 2008, according to a report released on Monday from the Internet Fraud Complaint Center, run by the FBI and the National White Collar Crime Center.

CNBC reports Online scams originating from across the globe—mostly from the United States, Canada, Britain, Nigeria and China—are gathering steam this year with a nearly 50 percent increase in complaints reported to U.S. authorities in March alone.

About 74 percent of the scams were through e-mail messages last year, especially spam, while about 29 percent used websites. But criminals were increasingly tapping new technologies such as social networking sites and instant messenger services.

The report highlights one new ‘significant’ identity-theft scam involving e-mail messages that give the appearance of originating from the FBI but seek bank account information to help in investigations of money being transferred to Nigeria.

Recipients of the e-mails are told they could be richly rewarded by cooperating. Duh.

Criminal hackers are going hog wild.

Invest in identity theft protection and secure your PC with anti-virus protection such as McAfee

Meanwhile two scumbag criminal hackers are arrested while spying on children between the ages of 14 and 17 using the child’s personal Web cam. The degenerates worked together to extort money from teenagers in exchange for stolen images.

They allegedly gained access to computers using a variety of e-mail addresses and screen names.

Conficker is spawning new hacks such as Scareware as Scammers are taking advantage of the huge interest in the impending “activation” of the Conficker superworm by poisoning search engine results.

Washington Post reports experts have discovered a security hole in the computer code that powers the Conficker worm, an aggressive contagion that has spread to more than 12 million Microsoft Windows systems worldwide.

Stay tuned…

Robert Siciliano Identity Theft Speaker discusses credit card scams here

I’m excited to work with uni-ball in 2009 in a partnership to help raise awareness about the growing threat of identity theft and provide tips for protecting yourself. Check out uniball-na.com for more information.

Identity Theft Expert and Speaker on Personal Security: Save Money on Rising Costs of Data Breaches by Spending it on Better Security That Costs Less

(BOSTON, Mass. – Dec. 19, 2007 – IDTheftSecurity.com) A national news organization’s analysis of the year’s data thefts has found that the number of these has tripled in 2007 over the previous year, and end-of-year research showed that the associated costs also rose. According to Robert Siciliano, a widely televised and quoted personal security and identity theft expert, organizations could save money by spending it on security that costs less.

"Whenever data is stolen, an identity thief is not too far behind," said Siciliano. "With a threefold increase this year over the number of data breaches in 2006 — already a year rife with data thefts — industry leaders have an enormous problem on its hands. Security needs to improve, and quickly."

CEO of IDTheftSecurity.com and a member of the Bank Fraud & IT Security Report‘s editorial board, Siciliano leads Fortune 500 companies and their clients in workshops that explore consumer education solutions for security issues. An experienced identity theft speaker and author of "The Safety Minute: 01," he has discussed data security and consumer protection on CNBC, on NBC’s "Today Show," on FOX News, and elsewhere.

On Dec. 9, USA Today presented its own analysis of the year’s data breaches, reporting a greater than 300 percent increase in the number of sensitive data records lost in 2007 vs. the previous year, from 49.7 gone missing in 2006 to more than 162 million in 2007. Furthermore, according to the Ponemon Institute’s "2007 Annual Study: Cost of a Data Breach," announced on Nov. 28, the cost per lost record for organizations that experience data breaches has risen by more than 8 percent, from $182 last year to $197 in 2007. Significantly affecting the increase, customers took their business elsewhere in greater numbers following data breaches this past year, the study found.

Concerns over widespread identity theft follow any large data breach. On Dec. 18, Vancouver, Canada’s "News 1130 All News Radio" reported that the Better Business Bureau named identity theft as one of the top ten scams of 2007. In a year replete with fraud and scams, news reports in December provided yet more anecdotal evidence to support this. For instance, on Dec. 3, vnunet.com reported that authorities had identified "more than 100 websites…selling account information for U.K. bank customers." The sites contained customers’ account details, PINs, and security codes.

"It is through data breaches that thieves acquire inventories of sensitive information such as bank account numbers and the associated PINs and security codes," said Siciliano. "This data is worth big bucks on the black market. Why else would data breaches be growing in their frequency? If more than 162 million unique data records have gone missing this past year, the only responsible thing to do is to conclude that 162 million unique data records are now in the hands of thieves all over the place."

Readers may view YouTube video below of Siciliano on "FOX News," explaining how the ubiquity of Social Security numbers as universal identifiers helps thieves online and off-line. Those wishing to learn how to protect themselves against identity theft, a major concern for anyone who has fallen prey to online scammers, may view video of Siciliano at VideoJug.

###

About IDTheftSecurity.com

Identity theft affects us all. Robert Siciliano, CEO of IDTheftSecurity.com and member of the Bank Fraud & IT Security Report‘s editorial board, makes it his mission to provide consumer education solutions on identity theft to Fortune 500 companies and their clients.

A leader of personal safety and security seminars nationwide, Siciliano has been featured on "The Today Show," CNN, MSNBC, CNBC, "FOX News," "The Suze Orman Show," "The Montel Williams Show," "Maury Povich," "Sally Jesse Raphael," "The Howard Stern Show," and "Inside Edition." The Privacy Learning Institute features him on its Website. Numerous magazines, print news outlets, and wire services have turned to him, as well, for expert commentary on personal security and identity theft. These include Forbes, USA Today, Entrepreneur, Woman’s Day, Good Housekeeping, The New York Times, Los Angeles Times, Washington Times, The Washington Post, Chicago Tribune, United Press International, Reuters, and others.

Visit Siciliano’s Web site, www.IDTheftSecurity.com; blog, www.realtysecurity.com/blog; and YouTube page, http://youtube.com/stungundotcom.

The media are encouraged to get in touch with Siciliano directly:

Robert Siciliano, Personal Security Expert
CEO of IDTheftSecurity.com
PHONE: 888-SICILIANO (742-4542)
FAX: 877-2-FAX-NOW (232-9669)
Robert@IDTheftSecurity.com
www.idtheftsecurity.com

The media may also contact:

Brent W. Skinner
President & CEO of STETrevisions
PHONE: 617-875-4859
FAX: 866-663-6557
BrentSkinner@STETrevisions.biz
www.STETrevisions.biz

Identity Theft Can Lead to the Most Devastating Instances of Mortgage Fraud—Identity Theft Expert and Speaker on Personal Security

(BOSTON, Mass. – April 4, 2007 – IDTheftSecurity.com) The Federal Bureau of Investigation and the Mortgage Bankers Association (MBA) have recently added to their joint efforts against mortgage fraud. Robert Siciliano, a widely televised and quoted personal security and identity theft expert, encouraged their cooperation and pressed for more action. According to Siciliano, identity thieves can be behind the most devastating instances of mortgage fraud.

“The most devastating instances of mortgage fraud are mixed with identity theft,” said Siciliano. “Imagine not only having to beware of shyster mortgage lenders, but of someone else getting a home in your name. I encourage law enforcement agencies and the banking industry to take as much action as possible.”

President of IDTheftSecurity.com, Siciliano leads Fortune 500 companies and their clients in workshops that explore consumer education solutions for data security issues. On its Web site, the Privacy Learning Institute has featured Siciliano, a longtime identity theft speaker. Author of “The Safety Minute: 01,” He has discussed identity theft and data security on CNBC, on NBC’s “Today Show,” FOX News, and elsewhere.

In response to a near doubling of yearly mortgage fraud–related Suspicious Activity Reports (SARs) since 2004, the FBI and the MBA entered into an agreement to combat Mortgage Fraud. According to a March 8th news release, the law enforcement agency and lending association will make a Mortgage Fraud Warning Notice available.

Mortgage fraud received much attention in March:

On March 29th Associated Press reported that Beazer Homes USA Inc. had “received a grand jury subpoena for documents as part of a federal investigation of possible fraud in the company’s mortgage lending practices and other financial transactions.”

A report to be released in April by the Mortgage Asset Research Institute is expected to show increases in mortgage fraud across the nation. According to a March 28th article in The Salt Lake Tribune, the report will rank Utah as No. 1 in mortgage fraud for 2006 (the year the report analyzes).

The March 28th edition of the Boston Herald reported statements from the Massachusetts Attorney General Martha Coakley. Under existing laws in the state, lenders that are not banks commit only a civil offense with mortgage fraud. The AG’s proposal, if adopted, would subject these lenders to criminal charges for a widespread form of the activity.

A March 13th article in The Sun News reported that South Carolina’s Department of Consumer Affairs has called for a “crackdown on mortgage fraud.”

“These and other efforts to put a stop to mortgage fraud are commendable,” concluded Siciliano. “But we must take more action. The prevalence of identity theft makes recent increases in the filing of SARs all the more worrisome. We must track down, and shut down, not only mortgage fraudsters, but identity thieves. The last thing we want is for the two to exploit their synergies.”

###

About IDTheftSecurity.com
Identity theft affects us all, which is why Robert Siciliano, president of IDTheftSecurity.com, makes it his mission to provide consumer education solutions on identity theft to Fortune 500 companies and their clients. A leader of personal safety and security seminars nationwide, Siciliano has been featured on CNN, MSNBC, Fox News, “The Suze Orman Show,” “ABC News with Sam Donaldson,” “The Montel Williams Show,” “Maury Povich,” “Sally Jesse Raphael,” and “The Howard Stern Show.”

Visit Siciliano’s Web site, www.IDTheftSecurity.com; blog, www.realtysecurity.com/blog; and YouTube page, http://youtube.com/stungundotcom.

The media are encouraged to get in touch with Siciliano directly:

Robert Siciliano
Personal Security Expert
PHONE: 888-SICILIANO (742-4542)
FAX: 877-2-FAX-NOW (232-9669)
Robert@IDTheftSecurity.com
www.idtheftsecurity.com

The media may also contact:

Brent W. Skinner, President
STETrevisions
PHONE: 617-875-4859
FAX: 866-663-6557
BrentSkinner@STETrevisions.biz
www.STETrevisions.biz