Do You Spy on Your Spouse?

Robert Siciliano Identity Theft Expert

Generally in a trusting relationship spying isn’t necessary. I’m sure Sandra Bullock, Kate Gosselin or Tiger Woods wife didn’t think they needed to spy on their husbands, until they did. Reckless behavior like that can bring home a very itchy or very deadly disease.  One that victimizes the innocent.

The fact is humans have a tendency to lie.  Lying is generally done to protect people from the consequences of their actions or to protect others from the emotional hurt because of what they did.

Spying generally occurs when trust is broken or intuition kicks in and someone senses something is askew. Spying is easier today than it’s ever been. According to a recent survey polling 1,000 men and women of various ages, incomes, and locations in the United States, there’s a 38 percent chance you would spy if you’re 25 or younger.

Among respondents, 38 percent of those 25 years old or younger admitted to snooping on their boyfriend’s or girlfriend’s messages, and 36 percent of those who are married admitted to checking their spouse’s e-mail or call history.

Spying can be accomplished by simply picking up a person’s phone and looking at the incoming and out going calls and text messages. Mobile phone spyware is readily available and can monitor almost every aspect of a phones use remotely.

Small wireless cameras installed in lighters, pens, clocks, smoke detectors and just about anything else are readily available. Commercially available spyware can easily be installed on a person’s computer. Undetectable hardware called “key catchers” can be installed in the PS2 or USB ports and the person’s keyboard is piggybacked and logs all their keystrokes.

Identity thieves are using the exact same technologies.

1. Get a credit freeze and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing Facebook Hackers on CNN

Criminal Hacker Gets 20. Books, Movies and Hollywood Starlet Next

Robert Siciliano Identity Theft Expert

Albert Gonzalez and his gang of criminal hackers were responsible for data breaches in retailers and payment processors, with some estimates saying they breached over 230 million records combined. Gonzalez, considered a proficient criminal hacker, provided “dumps,” a term which refers to stolen credit card data, to “carders.” “Carders” are the people who buy, sell, and trade stolen credit card data online.

“Gonzalez and his hacking buddies hacked into computer systems and stole credit card information from TJX, Office Max, DSW and Dave and Buster’s, among other online retail outlets, in one of the largest — if not the largest — cybercrime operations targeting that sort of data thus far. They used some of the stolen numbers to remove cash from ATM machines and sold many of the other numbers to other criminals, including those in Eastern Europe.”

Gonzalez provided “sniffer” software used to intercept the credit and debit card numbers for the Russian hackers. Sniffer software or “malware” malicious software, acts like a virus attaching itself to a network and often spreading. The software allows the criminal hacker backdoor access to all the data in the server and provides remote control functionality.

Wired reports Gonzalez earned $75,000 a year working undercover for the U.S. Secret Service, informing on bank card thieves before he was arrested in 2008 for running his own multimillion-dollar card-hacking operation.

It was reported that Gonzalez buried a million dollars in the backyard of his parents’ Miami home. At one point he cracked and drew a map for investigators to find the money. WOW!

How many people in the course of history have actually dug a hole and buried a million bucks in it? I can’t wait to see the movie. I’d be happy playing a part in it. I’ll be the shovel.

Protect your identity.

1. Get a credit freeze and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing Breach of 3.3 million Social Security numbers on Good Morning America

Be careful Your PC Isn’t Held for Ransom

Computerworld reported that a hacker threatened to expose health data and demanded $10 million from a government agency. The alleged ransom note posted on the Virginia DHP Prescription Monitoring Program site claimed that the hacker had backed up and encrypted more than 8 million patient records and 35 million prescriptions and then deleted the original data. “Unfortunately for Virginia, their backups seem to have gone missing, too.” “Uh oh,” posted the hacker.

Holding data hostage is sometimes done using “ransomware” Otherwise known as “ransom software.” The software gets on your PC as the result of you downloading an infected attachment or clicking the links in the body of an email. Sometimes you can get ransomware simply by visiting a website in what’s called a “drive-by.”

Once your PC is infected with ransomeware it locks down your files in a way that prevents you from accessing them and gives the bad guy full control of your machine.  Sometimes the virus poses as a “Browser Security and Anti-adware” security application whose license has expired. Windows machines infected by the malware are confronted by a full-screen message that poses as a Windows error.

This type of an exploit not common, but it’s definitely a rising star in the malware community. The best way to avoid this is to make sure your PC is updated with the most current version of your operating system, and anti-virus definitions. It’s also very important not to click on links in the body of an email or visit rogue websites that may have viruses that inject themselves into your browser.

Robert Siciliano personal security expert to Home Security Source discussing Ransomware on Fox Boston.

Is Your Facebook Friend a Fed, or Sex Offender?

When you think about it, Facebook is weird. Where else in the world do you call people who you don’t know your friends? I probably have about 10-15 friends. Most are acquaintances and the others 400 are total strangers.

There’s a lot of excessive trust in the Facebook world. People have entirely dropped their sense of cynicism when logged on. They have no reason to distrust. People who are your “Friends” are generally those who you “know, like and trust.” In this world, your guard is as down as it will ever be. You are in the safety of your own home or office hanging with people all over the world in big cities and little towns and never have to watch your back.

Reports of sex offenders on social media abound. Do you know who your child is befriending?

Many of the “strangers” came into my life as a result of what I do, and I appreciate and accept them for connecting. But I know plenty of other people who don’t write or do media and might be in college, and have 2000 friends! And they know 5 of them! Social media is weird.

Employers, potential employers and others will often friend someone for the sole purposes of getting a solid profile of that person to determine if they want to hire them. Now the AP reportsU.S. law enforcement agents are following the rest of the Internet world into popular social-networking services, going undercover with false online profiles to communicate with suspects and gather private information, according to an internal Justice Department document that offers a tantalizing glimpse of issues related to privacy and crime-fighting.”

I don’t think there is anything wrong with this; it’s a good thing actually. There is a question of legality and whether or not government agents can pose as someone else and lie, which often violates the terms and conditions of the sites themselves.

But the fact remains, there are bad people out there and they need looking after. And if it means an FBI agent posing as someone to catch the bad guy, I’m all for it. So next time you get a friend request from a stranger, they might be someone checking up on you. Guilty conscience? Hope not.

Robert Siciliano personal security expert to Home Security Source discussing social media security on Fox Boston.

Kickball is DEAD, 1 in 4 Children Hack

Robert Siciliano Identity Theft Expert

 A few months ago I interviewed a criminal hacker who hacks out of a hut in Ghana stealing data all over the world. He has children ages 9 and 12 and he stated “they hacked all over the world man.” He teaches his kids to hack. It’s not just a lifestyle, it’s an occupation. He and his kids are the most famous in their village.

 It comes as no surprise to me, but it may be to you that a survey has found that one in four school children have attempted some level of hacking.

SC Reports “Despite 78 per cent agreeing that it is wrong, a quarter have tried to surreptitiously use a victims’ password, with almost half saying that they were doing it ‘for fun’. However 21 per cent aimed to cause disruption and 20 per cent thought they could generate an income from the activity. Five per cent said that they would consider it as a career move.

Of those who had tried hacking, a quarter had targeted Facebook accounts, 18 per cent went for a friend’s email, seven per cent for online shopping sites, six per cent for their parent’s email and five per cent breached the school website. A bold three per cent had honed their skills enough to aim much higher with corporate websites under their belts.”

Children’s hacking is kids playing. Hacking is replacing dodge ball. Kids today don’t know what it means not to have the Internet. I see more articles talking about how to get your kid outside and away from the computer. Part of the problem is kickball got out a lot of the childhood angst and pent up energy out of their systems. Now they funnel that energy into using technology. For good and for bad. Kids are mischievous too. And given the opportunity will break, steal or deface whatever is in their path. I was 15 once too; but I was an Angel.

Protect your identity.

1. Get a credit freeze and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing Criminal Hackers on Fox News

Bridal Scam Shows How Vulnerable We Are

Robert Siciliano Identity Theft Expert

There are few more nuttier earthlings than the Bridezillas. Lovely women who go bonkers within 365 days of a wedding date. I blame the whole thing on Walt Disney.  The groom to-be generally wants it over as soon as possible more so because he can’t believe how much it costs. Then the entire wedding industry preys upon the delirious couple and sucks them dry of what amounts to the sum of a nice, nice car.

Been there done that. Luckily my Bride didn’t go all Zilla on me. But that didn’t stop us from spending what could’ve been a West Coast Chopper in me garage.  Pause….I’m nauseous….OK, I’m fine.  I remember the day we went for “food tasting. We ended up spending 5 figures on food. The single most expensive meal I’ll ever have. And we went out to eat after.

In Boston Mass, thousands of people were scammed by someone who modeled themselves after the weddings industry. They did exactly what the weddings industry does, but better.

Scammers set up a website advertising a bridal show luring brides and grooms to be and all potential vendors to sell them high priced stuff and services they don’t need.  The event was supposed to be held at one of the largest convention centers in Boston.

Scammers answered the phone, took orders, set up a Paypal account and even had preliminary discusssions with the function facility.

In the end 6000 people were bilked for hundreds of thousands of dollars. The beauty of this scam is that it was all done online with no exchange of tickets or anything tangible. The scammers were ghosts operating virtually using legitimate life events as the ruse, going so far as to market and sell the event and just decided not to show up the day of.

I can see if you are a couple and spend 20 bucks for tickets online and then get stiffed. I’d probably get bilked in the same scam. But if you were a vendor and had to drop 3 grand for booth space, print out custom brochures, order plane tickets, book a hotel etc.; that would hurt.

In the least it would be to the benefit of the potential vendor to vet out the event production company to make a determination as to their credibility. A website presence isn’t the sole determining factor. Are they a member of the Better Business Bureau? Have they laid down a deposit with the function facility? How many events have they already done and where?  Who else have they done business with in previous events? Before you go laying down hard cash, question authority. How much do you want to bet the scammer is a real wedding planner?

Protect your identity.

1. Get a credit freeze and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in anti-virus and keep it auto-updated and check out my spyware killer IDTheftSecurty HERE

3. Get my book as an iPhone App or go to my website and get my FREE ebook on how to protect yourself from the bad guy.

4. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing Scamming the Scammers on Fox Boston.

Hacking Humans Naiveté

Robert Siciliano Identity Theft Expert

Naiveté: A lack of sophistication or worldliness. That sums up a lot of people I know. “There’s a sucker born every minute” is a phrase often credited to P.T. Barnum (1810 – 1891), an American showman. It is generally taken to mean that there are (and always will be) a lot of gullible people in the world.

Predator: A predator is an organism that feeds on another organism. That also sums up a lot of people I know. I observe them in person and in the news daily.

There are many ways how, and motivations why, a predator stalks their prey. Often it is just their nature to do so. Control and money top the list of motivations.

In the world of Information Security the “how” is “social engineering”.

Social engineering is the act of manipulating people into performing actions or divulging confidential information, rather than by breaking in or using technical hacking techniques (essentially a fancier, more technical way of lying).

Social engineering or “social penetration” techniques are used to bypass sophisticated and expensive hardware and software in a corporate network. Smart organizations train their employees to be aware of and resist the most common attempts to trick them into letting down their guard.

The Register reports that pentesters, a.k.a ethical hackers, “regularly send client employees emails informing them that the strength of their login passwords is being tested through a new website. They are then instructed to follow a link and enter their credentials. The success rate: as high as 50 per cent.”

As the article points out, humans have a tendency to trust one another. It’s a survival instinct built on millions of years of evolution. “When one person saw that a group of his peers ate a particular berry and didn’t die, he ate the same fruit – and survived as a result.” That’s trust, and it’s exploitable.

This is where we throw around words like “naïve” and “sucker.” You don’t really need to be naïve, a sucker or stupid to respond to emails like this. Really, you just need to be nice, helpful and trusting.

I found a website called “Hacks4Sale” (a site which Norton Internet Security deems unsafe, so go there at your own peril) which employs similar tactics, but they claim are for different reasons:

A very large portion of our clients are the victims of spousal infidelity, nowadays the primary means people employ to communicate with their lover are e-mails and social networking websites, both of witch we can help you gain access to through our software. Our software solutions enable our clients to retrieve (no physical access to the user’s computer is required) the login credentials to accounts at all the major e-mail and social networking providers (Yahoo,Gmail,Hotmail,Myspace,Facebook and many others).

Recognize that the predator uses these tactics to get what they seek. They will stop at nothing and consider you their natural prey.

Always question authority or those who claim authority.

Don’t automatically trust or give the benefit of the doubt.

When the phone rings, an email comes in or you are approached, proceed with caution.

Protect your identity.

1. Get a credit freeze and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in anti-virus and keep it auto-updated and check out my spyware killer IDTheftSecurty HERE

3. Get my book as an iPhone App or go to my website and get my FREE ebook on how to protect yourself from the bad guy.

4. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing identity theft on Fox News.

High-Tech Harassment in Social Media

Robert Siciliano Identity Theft Expert

Technology keeps providing new opportunities for harassment: social media identity theft, cell phone abuse, online bullying, the list goes on.

Over a year ago, I appeared on The Tyra Show to discuss high tech harassment. I met a family from Washington, who found that several of their phones had been hacked and were being used to spy on and harass them. The hacker was able to turn a compromised phone on and off, use the phone’s camera to take pictures, and use the speakerphone to record their private conversations. Every time they rerun the episode, I get emails from more victims.

In an even more shocking instance of high tech harassment, a hacker took over a woman’s Facebook account while she was on a camping trip, with no Internet and no cell phone service. The hacker impersonated this woman, but instead of attempting to scam her family and friends out of cash, he used her Facebook profile to post suicidal messages, including, “My only friend is the handgun in the back of my closet,” and, “I don’t want a funeral or memorial, I want it to be like I never existed.” After two and a half hours of Facebook drama, the victim happened to regain cell phone reception and discovered twenty voicemail messages begging her not to do “anything drastic.” By the time her son was able to get in touch with her, there were police gathered outside her home, preparing to break down the door.

In this incident, the victim was the mother of a Navy Seal who died in Iraq. It’s believed that she was targeted because of her charity work celebrating the lives of deceased military personnel.

But this can happen to anybody.

  1. Strengthen your passwords; use upper/lower case, numbers and characters. Don’t use easily guessed words from the dictionary or pets, kids, birthdates etc.
  2. Don’t access social media from libraries, internet cafes or any public computers that could have spyware.
  3. Make sure your own PC has updated virus definitions and security patches. Don’t bother with all the 3rd party apps in social media. Many are risky.
  4. Don’t click on links in emails from “friends” asking you to download a video or see pictures. This is becoming a common ruse in social media.

Invest in Intelius identity theft protection and prevention. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk.

Robert Siciliano, identity theft speaker, discusses high tech harassment on the Mike ad Juliet Show on FOX

Criminal Hackers Get to Momma and DaDa Via Children

Robert Siciliano Identity Theft Expert

I’m particularly irate about this. There’s criminal hackers, then there’s complete lowlife scumbag criminal hackers that hack children. InternetNews reports hackers took over sections of the PBS.org Web site earlier this week, installing malicious JavaScript code on the site’s “Curious George” page that infects visitors with a slew of software exploits.

For the uninitiated Curious George is a little happy go lucky bumbling monkey that continually gets himself in a pickle. His curiosity almost kills the monkey in every episode. Thank heavens for “”The Man in the Yellow Hat” which is Georges keeper and occasional life saver. A 41 year old male knows this when he waits 38 years to spawn.

Security research firm Purewire found that when visitors tried to log onto a fake authentication page they were served with an error page that took them to a malicious domain where the malware attempted to compromise users’ desktop applications.

So here you are in your kitchen making a bunt cake. You continually glance over in amazement that a 3 year old, who cant color in the lines or spell or count above 20 or even tie her own shoes, but she can navigate through an inexhaustible gaming and learning website of PBSKids. She whacks away at the keyboard from morning till evening. So intensely she hacks that when it’s time to pull her away from the computer to maybe, ahh eat? She takes a fit because you caught her mid Sid The Science Kid.

Little do you know that while little miss Mitnick was tap tap tapping away, some frigging cheesebag was trying to rifle all your data via a Clifford The Big Red Dog JavaScript reliant puzzle.  Is there no shame? Boundaries? Apparently not.

It is not immediately evident how hackers compromised the site. They may have taken advantage of a known flaw and  exploited a SQL injection vulnerability.

Kids playing were met with a pop-up message requesting authentication to enter a username and password during a game. “But DaDa, I don’t know my words yet”.  From here, no matter what was entered they were directed to an error page that had malicious code. The JavaScript then loaded malware targeting flaws in Adobe Acrobat Reader, AOL Radio AmpX and SuperBuddy and Apple QuickTime. If the affected computer was not up to date with all their critical security patches then they got the bug.

Lax security practices by consumers are giving scammers a base from which to launch attacks. USA Today reports IBM Internet Security Systems blocked 5000 SQL injections every day in the first two quarters of 2008. By midyear, the number had grown to 25,000 a day. By late fall, attacks climbed to 450,000 daily.

The key to identity theft protection and preventing your computer from becoming a zombie is to engage in every update for every browser, software and media player that you use, keeping your operating system updated and use anti-virus software such as McAfee Total Protection.

And if your 3 year old happens to engage a toothless criminal hacker from the Eastern Bloc and you haven’t been up to date, make sure you have a backup plan if your data is compromised.

1. Protecting yourself from new account fraud requires more effort. You can attempt to protect your own identity, by getting yourself a credit freeze, or setting up your own fraud alerts. There are pros and cons to each.

2. Invest in Intelius Identity Protection and Prevention. Because when all else fails you’ll have someone watching your back.

Includes:

·         Triple Bureau Credit monitoring – monitors changes in your credit profiles from Equifax, Experian and TransUnion-includes email alerts of any suspicious changes

·         Social Security Number and Public Record Monitoring – monitors the internet and public sources for fraudulent social security number, aliases, addresses, and phone numbers

·         Junk Mail Reduction – stop identity thieves from using personal information from your mailbox, trash or even phone calls by eliminating junk mail, credit card offers and telemarketing calls

·         Neighborhood Watch – includes a sex offender report, list of neighbors and a neighbor report on each of your neighbors

·          Identity Theft Specialists  – if in the unlikely event you become a victim of identity theft our Identity Theft experts will work with you to restore your identity and good name

·         Credit Report Dispute – if you find errors on your credit report we will help you resolve them quickly

·         Protection Insurance and Specialists -Identity Protect has you covered with up to $25,000 in Identity Theft Recovery Insurance and access to Personal Identity Theft Resolution Specialists.

Robert Siciliano Identity Theft Speaker discussing soulless criminal hackers on Fox News

Cybersquatting Leads to Identity Theft

Robert Siciliano Identity Theft Expert

Ever click on a link in an email or while browsing online, and something just wasn’t right? The domain name in the address bar was off by a letter or two? Or a word was misspelled? Maybe there was a number tossed in for good measure? This is either cybersquatting or typosquatting, and it’s a problem.

Cybersquatting is the act of procuring someone else’s trademarked brand name online, either as a dot com or any other U.S.-based extension. Cybersquatters squat for many reasons, including for fun, because they are hoping to resell the domain, they are using the domain to advertise competitors’ wares, stalking, harassment or outright fraud. Social media identity theft, or grabbing someone else’s given name on social networks, is another form of cybersquatting or, when it occurs on Twitter, Twitter squatting.

In particularly malicious cases of cybersquatting, identity thieves will use a domain similar to that of a bank in order to create a spoofed website for phishing. If the domain isn’t available, typosquatting is the next best option. After Annualcreditreport.com launched, more than 200 similar domains were quickly snapped up.

This is just one more reason to actively protect yourself from identity theft.

This week, Computerworld discussed the havoc that cybersquatting can have on a brand’s reputation. Sometimes, criminals copy a brand’s entire website in order to collect usernames and passwords from unwitting visitors. Then, the hackers will test those names and passwords on other websites. Cybersquatting increased by 18% last year, with a documented 440,584 cybersquatting sites in the fourth quarter alone, according to MarkMonitor’s annual Brandjacking Index report.

Intellectual property owners can sue cybersquatters under the federal Anticybersquatting Consumer Protection Act, but it’s expensive and damages are limited to $100,000. They can try to shut down sites containing copyrighted content under provisions of the Digital Millennium Copyright Act, and in some cases, they might be able to pursue violators for trademark abuse under provisions of the Lanham (Trademark) Act.

I’ve written before about the time I was accused of cybersquatting. I wasn’t, I swear! It was the early 90’s, and I had an IBM PS1 Consultant 3.1 Microsoft operating system and a rockin’ 150 MB hard drive. I bought myself some domains. I sold some, others I regrettably gave up. And there was one that will haunt me ’till the day I die.

I owned LEDZEPPELIN.com for about 5-6 years. Led Zeppelin was and is my band, and as a fan, I bought the domain as a keepsake. I would get emails from people all over the world, saying things like, “I am Paulo from Brazil, I love the Led Zep!”

Then, when Clinton passed a law later making cybersquatting illegal, I knew it was only a matter of time. I had it for five years before anyone from the band’s team of lawyers approached me about it. And when they did, I didn’t know how to handle it. And my lawyer at the time, even less so. Ultimately, I gave it up without a fight, but I’m sure the band’s lawyers billed them for the one inch thick book of a lawsuit I was served with. Sorry, dudes. My bad.

In this case, the lawyers saw an opportunity to build a case against me, a fan who would have been happy with a stupid guitar pick from Jimmy. Instead I sat in silence for a year while they built a huge case as to why they should own the domain. When served, I freaked out and called them, yelling that they could take it, that I never wanted that.

One of few regrets. But I have a nice one inch thick souvenir all about me and the band and why I’m an idiot.

Anyway, with cybersquatting on the rise, it makes sense to claim your name, your brand name, and your kids’ names on social networking sites and domain names as soon as possible. Just in case you get famous, you don’t want to have to fight a twit like me.

Protect your identity too.

  1. Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.
  2. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk.

Robert Siciliano Identity Theft Speaker discussing stolen domain names on Fox News