Mom Was Wrong. Strangers Good. People We Know Bad.

Robert Siciliano Identity Theft Speaker

An axiom in business is that we buy from and do business with those who we know like and trust. In the 21st century we have seen CEOs, investment bankers, politicians and those in the highest positions of trust completely screw everyone who put them on their pedestal.

Madoff pleads guilty for orchestrating a 65 billion dollar Ponzi scheme and 3 rows of investors in attendance at his trial clapped, applauded and sang. These are people that bestowed an incredible amount of money in a man that is probably a psychopath.

What does this say about us as a species that trusts so much?

Charles Ponzi began his scheme 100 years ago and was caught 10 years later. The SEC stepped in and stopped him. The SEC didn’t stop Madoff. They allowed him to prosper, until his operation imploded.

Growing up most of us were schooled on “Stranger Danger” because our parents were also told not to talk to strangers. Strangers are “strange” therefore dangerous. At least that seemed to be the theory. Unfortunately I’ve seen all too often that people we know are sometimes the baddest apples in the bunch. Kids coaches, swim teacher, clergy etc.

In a Wall Street Journal article Bruce Schneier makes the point that people are over all good and generally honest. So approaching a stranger probably wouldn’t mean imminent danger. Basically true.

On the other hand if someone pursues or approaches you, they are essentially paying unwanted attention to you, or distracting you from the truth. Maybe getting ready to take advantage of you in some devious way.

We see this all the time when law enforcement sets up a 14 year old female named Dixey14 in a chatroom and she’s (or he) is quickly approached by 50 men with webcams snapping pictures of themselves. So in this sense talking to strangers is bad. Video Here

Nigerian identity theft 419 scams are based on one single principle to be successful; get to know your mark, get them to like you and they will trust you. Done. They start off a stranger, then become their victims night in shining armor coming to your emotional (and financial) rescue. Scambaiter video Here

I’ve talked over and over about insiders at a company maliciously hacking away at the network and stealing data. They aren’t strangers, they are the funny drunk dudes at the Christmas party.

You want to prevent being scammed? Prevent Data theft? Prevent identity theft? Prevent being hacked?

Do not exclusively rely on any one system to protect you. Don’t expect the government and their bazillion bureaucratic agencies to protect you. Don’t think law enforcement or any other authoritative agency will be there when a predator strikes.

All existing systems work often, and fail as much.

Security is about layers. The more layers of protection you have in place, the more difficult you make it for the bad guy to get access. Redundancy, predictive, proactive thinking.

Someone pour me a scotch. Single malt.

Oh, and I’m very excited to work with uni-ball in 2009 in a partnership to help raise awareness about the growing threat of identity theft and provide tips for protecting yourself. Check out uniball-na.com for more information

Robert Siciliano Identity Theft Expert Discussing Bernie Madoff Con Man Here

Recession Turns IT Workers Into Hackers

Robert Siciliano Identity Theft Expert

What a nasty headline for an article.

From ABCnews.com the journalist roasts IT professionals on a spit. And the comments were all inspiring.

As the recession rears its ugly head, disgruntled ex employees are in the best position to drop a bomb in the companies network or suck all the data out with a few terabyte drives.

A recent study by McAfee and Purdue University put the tally of fraud, data loss and damage done at 1 trillion dollars. A thousand billion sounds like a lot of money.

To paraphrase some of the comments;

No matter how you look at it, when heads start to roll, most people that are about to be let go feel unjust and express hostility towards the employer (often, rightly so). These are the same people who were loyal company employees for years. Unfortunately, these are no win-win situations when it comes to the downsizing and companies should take proper actions to address it.

Your system admin is the gate keeper. Anyone who has access to sensitive data can potentially abuse the privilege. The loan officer, the loan processor, the secretary, the human resources gal two cubes down the hall, the cleaning people that take out our trash at night… Without proper controls in place anybody can be the bad guy. On the other hand, with adequate management these issues can be avoided, even when it comes to IT employees.

Manage your end points, your USB devices, your computer ports, your printers… Segregate your system administration roles. Tools are there. And who is going to implement them? Your IT guy. (thank you Sashimi11)

With the incredible amount of layoffs occurring, companies are bound to layoff an employee who will exact some revenge. Some say “Companies whose knee-jerk response is to cut costs by canning employees deserve some wrath”. But, in the end, the wrath doesn’t get you your job back. (thank you Patches777)

Most are working individuals, doing what they do best. All the while staying under the radar, and afraid, just like everyone else, of the threat of layoffs. The latter doesn’t mean an internal flip is switched and they bug out and start stealing trade secrets. (thank you kyleratliff)

On another note, as budgets are cut and IT pros are let go, the show must go on.

Bill Lynch of RazorThreat said to me “We are encountering lots of very frustrated CIO’s who are caught on the horns of a dilemma…their IT budgets and headcount are being slashed but their CEO’s are simultaneously demanding that they reassure them and the Board of Directors that they are not vulnerable to the same kinds of cyber attacks that have plagued some big firms lately.

They know they cannot afford to buy complex, expensive and difficult to deploy new security software and the people to manage them and yet they have to stand before the Board and profess that their networks are secure”.

The fact is, data breaches will continue and IT will often be to blame. There is a light at the end of the tunnel. There are numerous technologies that won’t break the bank and will keep the BOD happy. Companies have to consider numerous threats of theft and mayhem. Review security policies and who has access to what and why. In the end make sure employees are let go with dignity and respect.

Robert Siciliano Identity Theft Speaker discussing Credit Card Fraud Here

Twitter Is a Security Mess

Robert Siciliano Identity Theft Speaker Expert

Mischievous Hack attacks on Twitter are increasing and it seems there is no end in sight. While twitters developers are working to make it more secure, the open nature of the application fuels mischievous and even criminal hacking.

Twitter is microblogging. In 140 characters or less you tell your followers what you are doing or point them towards something that may enhance their lives. Most Tweeple are twits and say nothing of value. Their tweets are mundane and serve no benefit to anyone.

If you don’t use Twitter thats OK. But there is a chance you eventually will. Many thought they’d never use Facebook, but millions do. Micro blogging is a weird phenom that makes sense to many, and not at all to most.

Users can get tweets via email, on your phone or via SMS texts. People have sent tweets while giving birth, in the crowd watching the Obama inauguration, celebrating New Years, and just about anything you can think of.

I’m on Twitter. I spend my energies informing my readers about security. The most effective tweets have a pithy title related to an article, blog post or TV appearance. All security related.

Since Twitters inceptions hundreds of 3rd party applications have been built around Twitter. Apps that enhance, manage or are just for fun. Much of twitters technology is an open book which has allowed hackers both good and bad to build these apps, and of course wreak havoc.

One such hack is using a Twitter accounts mobile phone number to spoof messages to the users followers.

Other Twitter hacks have included full account take over where messages were sent to all followers of Obama, Britney Speakers, Fox and a CNN anchor.

Recent studys also show that Twittersquating, when brand names are hijacked is also a problem on Twitter

So if you decide to Twitter, know that its not very secure and be cautious about plugging your mobile number into the system.

Robert Siciliano Identity theft Speaker Expert discussing Scams Cons and Schemes Here