Perez Hilton is a Hater and Social Media Suffers

/1 Comment/in , , , , , , , , , , /by

Robert Siciliano Identity Theft Expert

I was on CNN this week and CNN also featured Perez Hilton, who was hired by Donald Trump, to judge a beauty contest and Hilton made hateful remarks about Miss Californias beliefs. Perez is a hateful sardonic celebrity critic, and his actions are parallel to others who rant and hate, spew racist comments and even kill. Perez Hilton posts numerous videos of himself in the media, but he hasn’t posted this video on CNN to his site, because he knows he’s wrong. He is right now downgrading the story on his own site because of the heat is he getting.

CNN invited me to discuss the murder of a young woman who was stalked and harassed via social media, specifically YouTube and Facebook. She was eventually shot and killed in her college classroom by her stalker, who then put the gun in his own mouth.

Anyone who reads this blog does so because they are intent on improving their personal safety by way of information security. With almost 50,000 reads a month on a variety of portals, I’ve come to understand the reader a bit. You guys want and need news that’s going to help save you time and money by preventing criminals and scammers from trying to take it.

I got my legs in personal security as it pertains to violence prevention. I started doing this in 1992, teaching self defense. My background as a scrawny, greasy Italian kid growing up in the Boston area, fighting my way though life and meeting other victims along the way brought me to a place where teaching others how to protect themselves gave my life a purpose. As my business grew, I needed more technology. I also needed “merchant status,” which is the ability to accept credit cards, which led to even more technology. In the early 90s, I set up my IBM PS1 Consultant PC, Windows 3.1, 150mb hard drive, and became hooked on technology. Soon after, I was plugged into the Internet. Within weeks, my business was hacked. Thousands of dollars in orders and credit card information went out the window. Now, personal security meant self defense from a different kind of predator: identity thieves and criminal hackers.

My passion is personal security as it relates to violence and fraud prevention. It’s all encompassing. I talk about the things that mom and dad didn’t teach you. Lately, I’ve been discussing broad issues that no parent is prepared to discuss. Really, neither am I. But somebody’s go to do it.

I love technology. But it has a very dark side to it. And predators have rapidly figured that out. I’m not blaming technology for this. Just its users.

Social networking is changing the world. Everybody’s information is everywhere, and access is instant. Predators use these tools more than ever to stalk children online. Stalkers can anonymously harass and harangue women or men, and law enforcement’s hands are tied.

Anyone can post relatively anonymous rants and raves, saying anything they like with little or no repercussions. Simple online newspaper articles meant to provide information about some innocuous issue devolve into hateful rants against the author or the source, thanks to the first few comments on the thread. A single comment can lead people in this dangerous direction. Newspapers need eyeballs, so they rarely police these comments, and the public puts up with them. Hate, racism, sexism and overall ignorance permeate every online newspaper and social network. Not a day goes by that I don’t see something entirely inappropriate for public consumption.

With social media, everyone gets a say. The KKK used to be a bunch of cross burning hillbillies. Terrorists lived in caves. Militias and skinheads were small groups that held an occasional rally. Now, they have an international platform, which they use to promote their agendas and recruit believers. Lots of people have very bad things to say and it’s hurting a lot of people. Words incite. What we say leads to action. We become what we think about. If we are fed hate, we act hatefully.

Most school shooters have read the manifests of what occurred at Columbine. Many serial killers study other serial killers. Every story we read about the Craigslist Killer and others like him reveals a bag with a knife, duct tape, rope, and wire ties. They all consume this information.

Coming from a personal security perspective, I am seeing lots of bad things happening to good people. Bad things are being said and bad things are happening. Totally unacceptable and hateful rants have become acceptable, when 10 years ago those kinds of rants would have been unheard of. Let’s get this straight, I’m no puritan. I’m certainly no saint. I’ve been there, done that, and have plenty of skeletons in my closet. I’m capable of saying anything and doing almost anything, and nothing offends me. I’ve lived a hard life and danced with the devil on plenty of occasions.

The meteoric rise of Perez Hilton is a direct sign of what’s wrong with social media and web 2.0. Web 2.0 can be used for good, or for very bad. Perez Hilton is a hateful person with an agenda. He says horrible things and uses social media as a platform to distribute his agenda no differently than a terrorist. What’s worse is millions of people follow him. For him, its not “all in fun”, its hate.

We all need leaders to take charge. Everyone needs direction on some level. Perez Hilton leads a flock of misguided and lost souls. And he empowers them no differently than Hitler, Mussolini, Pol Pot, Saddam, Stalin, David Koresh or Jim Jones did.

Hurtful, hateful ranting isn’t freedom of speech. It’s irresponsible and it’s bad karma. It will only lead to hurt and hate. Its okay to have beliefs, but when those beliefs have a tonality of hate and you express hate in your words, the problem mushrooms.

I spend more energy not saying what I want to say. My mother and father taught me tact. And it’s taken a lifetime to apply it, believe me. I use social media to spread what I hope is a better message, tactfully. I hope you rise against what is happening here and spread a better word. Lead. Don’t be led.

Robert Siciliano Identity Theft Speaker discussing Hate on CNN

Government Agencies Engaging in Criminal Hacking Techniques

/4 Comments/in , , , , , , , , , , /by

Identity Theft Expert Robert Siciliano

This article may be a little political. However bad guys are trying to win a cyberwar against us and it’s important to understand what’s being done to protect us.

The US National Security Agency is probably the most sophisticated group of security hackers in the world. Many will argue this point. The fact is, without NSA, US STRATCOM, which directs the operation and defense of the military’s Global Information Grid, and US CERT, attacks on our critical infrastructures would be successful. We’d be living in the dark, telephones wouldn’t work, food wouldn’t be delivered to your supermarket and your toilet wouldn’t flush. These are not the same bumbling government employees you see on C-SPAN.

The Obama administration is in the process of completing aninternal cyber-security review,  announcing plans for cyber-security initiatives and determining who’s going to lead the charge.

The New York Times reports that the NSA wants the job and of course, this is raising hackles amongst privacy advocates and civil libertarians who fear that the spy agency already has too much power. I’m all for checks and balances. However, in order to detect threats against our nation and other global computer infrastructures from criminal hackers and terrorists, those in charge of cyber-security must have full and unlimited access to networks. There is certainly a legitimate concern here that any government agency with too much power can overstep citizens’ rights. However, coming from a security perspective, there are some very bad guys out there who would like nothing more for you to be dead.

Here’s a glowing example of how this power is used for good. Wired.com’s Kevin Poulsen (who should be required reading) reports on an FBI-developed super spyware program called “computer and Internet protocol address verifier,” or CIPAV, which has been used to investigate extortion plots, terrorist threats and hacker attacks in cases stretching back to before the dotcom bust. This is James Bond, Hollywood blockbuster technology that makes for a gripping storyline. The CIPAV’s capabilities indicate that it gathers and reports a computer’s IP address, MAC address, open ports, a list of running program, the operating system type, version and serial number, preferred Internet browser and version, the computer’s registered owner and registered company name, the current logged-in user name and the last-visited URL. That’s the equivalent of a crime scene investigator having fresh samples of blood for the victim and perpetrator, and 360 degree crystal clear video of the crime committed.

The FBI sneaks the CIPAV onto a target’s machine like any criminal hacker would, using known web browser vulnerabilities. They use the same type of hacker psychology phishers use, tricking their target into clicking a link, downloading and installing the spyware. They function like any illegal hacker would, except legally. In one case, they hacked a mark’s MySpace page and posted a link in the subject’s private chat room, getting him to click it. In another case, the FBI was trying to track a sexual predator that had been threatening the life of a teenage girl who he’d met for sex. The man’s IP addresses were anonymous from all over the world, which made it impossible to track him down. Getting the target to install the CIPAV made it possible to find this animal. Numerous other cases are cited in the Wired.com article, including an undercover agent working a case described as a “weapon of mass destruction” (bomb & anthrax) threat, who communicated with a suspect via Hotmail, and sought approval from Washington to use a CIPAV to locate the subject’s computer.

So while Big Brother may yield some scary power, criminals and terrorists are a tad scarier. I’ve always viewed the term “Big Brother” as someone who watches over and protects you. Just my take.

As always, invest in identity theft protection and Internet security solutions to keep the bad guys and the spyware out.

Robert Siciliano, identity theft speaker, discusses spyware.

I’m excited to work with uni-ball in 2009 in a partnership to help raise awareness about the growing threat of identity theft and provide tips for protecting yourself. Check out uniball-na.com for more information.

Identity Theft Expert; Organized Webmobs Focused on Cyber Crime

/1 Comment/in , , , , , , , , , , , , /by

Identity Theft Expert Robert Siciliano

New reports confirm what we have been seeing in the news; organized criminals have upped the ante. Global web mobs are tearing up financial institutions’ networks.

We’ve known for some time that the long-haired, lowly, pot-smoking, havoc-reeking hacker, sitting alone in his mom’s basement, hacking for fun and fame is no more. He cut his hair and has now graduated into a full time professional criminal hacker, hacking for government secrets and financial gain.

His contacts are global, many from Russia and Eastern Europe, and they include brilliant teens, 20-somethings, all the way up to clinical psychologists who are organized, international cyber criminals.

We are in the middle of a cold cyber crime war.

Their sole motivation is money and information and they either find their way inside networks due to flaws in the applications, or they work on their victims psychologically and trick them into entering usernames and passwords, or clicking links.

According to a new Verizon report, a staggering 285 million records were compromised in 2008, which exceeds total losses for 2004-2007 combined. As many as 93% of the breaches were targeted hacks occurring at financial institutions.

Hackers made $10 million by hacking RBS Worldpay’s system, then loading up blank dummy cards and gift cards, and sending mules to use them at ATMs. The entire scheme took less than one day to pull off.

Many of these hacks occur due to flaws in the design of web applications. The criminals send out “sniffers,” which seek out those flaws. Once they are found, the attack begins. Malware is generally implanted on the network to extract usernames and passwords. Once the criminals have full access, they use the breached system as their own, storing the stolen data and eventually turning it into cash.

Meanwhile, criminal hackers have created approximately 1.6 million security threats, according to Symantec’s Internet Security Threat Report. 90% of these attacks were designed to steal personal information including names, addresses and credit card details. Almost every single American has had their data compromised in some way.

Unsuspecting computer users who do not update their PC’s basic security, including Windows updates, critical security patches or anti-virus definitions often become infected as part of a botnet. Botnets are used to execute many of the attacks on unprotected networks.

The same study shows computer users were hit by 349 billion spam and phishing messages. Many were tricked into giving up personal information. It is common sense not to plug data into an email that appears to be from your bank, asking to update your account. Attacks directed towards mobile phones are also rising. “Phexting” is when a text message phishes for personal data. Just hit delete.

Much of the data stolen is out of your hands. So invest in identity theft protection, and keep your McAfee Internet security software updated.

Robert Siciliano, identity theft speaker, discusses criminal hackers who got caught.

I’m excited to work with uni-ball in 2009 in a partnership to help raise awareness about the growing threat of identity theft and provide tips for protecting yourself. Check out uniball-na.com for more information.

E-banking just got less secure

/in , , , , , , , , , , , /by

Robert Siciliano Identity Theft Speaker

There is no end to the ingenuity of the criminal hacker. They’ve figured out how to hack debit card PINS. Debit cards are linked directly to our checking accounts, which makes them tasty treats for criminal hackers.

At an ATM or cash register, most debit card users are blissfully unaware of what occurs when they swipe their cards and enter their pin numbers. A magical mystery takes place and we get to walk away with our new purchase, simply by swiping a card and tapping a few keys. The money magically disappears from our account and we celebrate by eating the Twinkie we just bought.

Whether you’re swiping your debit card at an ATM or in a store or restaurant, the process is similar. The user swipes his or her card and types in the pin number. The data is verified by a 3rd party payment processor or, in some cases, by a bank, over telephone lines or the Internet. Once the information has been validated and the payment processor confirms that the required funds exist, the money is moved from the user’s account to the merchant’s account, or is dispensed in cash.

The convenience of debit cards has led to global popularity that vastly exceeds that of handwritten checks, all the way into 3rd world countries.

We’ve known for some time that low-tech skimming at ATMs and gas pumps has been a point of compromise. Now, Wired reports that the transaction itself puts your PIN number at risk. Academics discovered this flaw years ago, but didn’t think it would be possible to execute in the field. Criminal hackers, however, have come up with the holy grail of hacks, stealing large amounts of encrypted and unencrypted debit card and pin numbers. And they have figured a way to crack the encryption codes.

The first signs of PIN tampering were recognized when investigators studied the processes of the 11 criminals who were caught after the TJX data breach. That breach involved 45 million credit and debit cards. The crime ring needed PIN codes to turn that data into cash. An investigation into this breach reported that the hacks resulted in “more targeted, cutting-edge, complex, and clever cyber crime attacks than seen in previous years.”

This revelation has some saying that the only cure for this type of hack is a complete overhaul to the payment processing system.

The compromise occurs in a device called a hardware security module (HSM), which sits on bank networks. PIN numbers pass through this device on their way to the card issuer. The module is tamper-resistant and provides a secure environment for encryption and decryption for PINs and card numbers. Criminal hackers are accessing HSMs and tricking them into providing the decrypting data. They are installing malware called “memory scrapers,” which capture the unencrypted data and use the hacked system to store it.

The PCI Security Standards Council, a self regulating body that oversees much of what occurs regarding payment card transaction, said they would begin testing HSMs. Bob Russo, general manager of the global standards body, said that the council’s testing of the devices would “focus specifically on security properties that are critical to the payment system.”

I don’t own a debit card and never have and never will. Simply put, if my debit card were hacked, that money would be coming directly from my bank account. A compromised ATM or point of sale transaction often fails to exhibit evidence of hacking. This means that I’d have to go through the arduous process of convincing my bank that it wasn’t me who withdrew thousands of dollars from my account. Whereas if a credit card is compromised, the zero-liability guarantee kicks in and I’m cured much more quickly.

Your ultimate responsibility here is to check your statements very closely and look for unauthorized activity. Read your statements online biweekly as opposed to relying solely on your monthly paper statement, and refute unauthorized charges immediately. Consider using a credit card instead of a debit card.

While this type of fraud is generally out of your control it’s still imperative you invest in internet security software such as McAfee and consider identity theft protection.

Identity Theft Expert discussing flawed card transactions

I’m excited to work with uni-ball in 2009 in a partnership to help raise awareness about the growing threat of identity theft and provide tips for protecting yourself. Check out uniball-na.com for more information.

Scamming the scammers

/in , , , , , , , , , /by

Robert Siciliano Identity Theft Expert

Scammers and even pedophiles are getting hacked by vengeful insidious opportunists.

Who doesn’t love vigilante justice? Some readers may remember Charles Bronson, an American actor who starred in the popular series Death Wish. Bronson played Paul Kersey, a man whose wife is murdered and whose daughter raped. In response, Kersey becomes a crime-fighting vigilante. This was a highly controversial role, as his executions were cheered by crime-weary audiences.

There is a certain amount of satisfaction when the victim becomes victor, exacting justice, and the predator that violates the law is sufficiently punished by the vigilante. Anyone who has ever entertained vengeance fantasies can relate. Of course, one doesn’t need to have been victimized in order to seek justice. Security guard David Dunn, played by Bruce Willis in the movie Unbreakable, avenges a crime committed against someone else.

The Internet has spawned a new breed of opportunist predator. The anonymity of the web, coupled with the inherent naïveté of many computer users, along with development of new technology at a speed that outpaces the learning curve of most users, make confidence crimes easier than ever.

What I find most disturbing are parents with young families who allow their children full, unsupervised Internet access. Fox News reports that in the past 5 years, federal agents have set up honeypots of agents posing as minors to attract pedophiles and have caught upwards of 11,000 in their nets. If they caught 11,000, there must be multitudes that haven’t been caught. What most people don’t realize is that there are over a half million registered sex offenders in the United States, and over 100,000 more sex predators unaccounted for.

“Don’t talk to strangers” used to be the extent of our personal security training. Now, a stranger can be in your 12-year-old daughter’s bedroom at 2 am, chatting on his or her webcam, or even under the covers on the iPhone that he bought her in order to evade her parents’ grasp.

Now, a new form of vigilante justice is occurring: scammers are illegally scamming, blackmailing and extorting other scammers.

The FBI recently caught up with one couple who has been posing as minors, engaging sexual predators in explicit online conversations and then adding a twist. This tech savvy couple are also hackers who engage in black-hat activities. As the predators attempted to gain the trust of the supposed “minors,” the couple was actually gaining access to the predators’ computers, sending numerous files that, when opened, launched an executable and granted full and unauthorized access to the kiddy-fiddlers’ computer systems. After gaining access to the predators’ computers, the couple learned their names, addresses, family members’ contact information, places of employment, and the user names and passwords for all of their financial accounts. Once armed with this type of data, the fun began. The couple would access the pedophiles’ bank, eBay and Paypal accounts. They would also blackmail their victims, threatening to expose their deviant behaviors to anyone who would listen if they didn’t cough up some cash. In one instance, after financial demands were made and not met, the couple accessed the user name and password of a New York teacher who didn’t comply and posted the explicit chats to the teacher’s school’s intranet.

In another example, 3 men apprehended in Kentucky set up a fake child pornography website, then extorted money out of their customers. When arrested, the men confessed to the crime but claimed that they were doing it to punish child pornographers.

Call this blackmail, call it extortion, or call it vigilante justice. You decide.

Robert Siciliano, personal security and identity theft speaker discusses online predators.

Protect your identity and your child’s identity. Install McAfee security software on your PC to prevent predators from intruding. And install child monitoring software to watch your kids online.

I’m excited to work with uni-ball in 2009 in a partnership to help raise awareness about the growing threat of identity theft and provide tips for protecting yourself. Check out uniball-na.com for more information.

Identity Theft Expert and Laptop Computer Security: CTO of MyLaptopGPS Reiterates that a Mobile Computer is Stolen Every 12 Seconds

/in , , , , , , , , , , /by

(BOSTON, Mass. – April 13, 2009 – IDTheftSecurity.com) The single most important thing a laptop computer owner should assume is that he or she could be the next victim of laptop computer theft, according to Dan Yost, chief technology officer of laptop computer security firm MyLaptopGPS. A laptop computer is stolen every 12 seconds, noted Yost, who pointed out that the single most effective laptop theft deterrent is laptop tracking technology such as MyLaptopGPS’, which is powered by Internet-based GPS.

“A mobile computer is stolen every 12 seconds,” said Yost, who invited readers to follow MyLaptopGPS’ laptop computer security blog and laptop computer security posts at Twitter. “Once laptop owners process and accept this fact, they will realize that their machines could very well be next. Laptop computer owners who comprehend this will see their instincts and common sense doing an amazing job of helping to protect their assets. They’ll be far ahead of the curve.”

Yost’s expertise has been featured twice in CXO Europe. Furthermore, in December of 2008, he and widely televised and quoted identity theft expert Robert Siciliano co-delivered a presentation titled “Information in the Modern Age: Maintaining Privacy in an Era of Medical Record Identity Theft” at the 4th Annual World Healthcare Innovation & Technology Congress in Washington, D.C., where Former U.S. Congressman Newt Gingrich delivered the keynote address.

The single most effective action any laptop computer owner can take to protect a machine is to equip it with laptop computer security technology, noted Yost, who added that simple strategies and tactics help to further deter laptop thieves. These include, according to Yost, stowing a laptop away from outside view when leaving it in a locked vehicle and keeping a laptop carrying case’s strap close to the shoulder, placing a hand on the case itself at all times.

Featured in Inc. Magazine and TechRepublic, MyLaptopGPS maintains the Realtime Estimated Damage Index (REDI™), a running tally of highly publicized laptop and desktop computer thefts and losses and these losses’ associated costs. Since the beginning of 2008, 3,279,909 data records associated with laptop theft have been lost, according to the REDI at MyLaptopGPS’ website. A log of these high-profile laptop thefts is available.

“Once a laptop computer owner realizes his or her machine could be the next one stolen, many commonsense habits will become second nature,” said Siciliano, who endorses MyLaptopGPS and is CEO of identity theft protection firm IDTheftSecurity.com. “No tactic is foolproof, but aware laptop owners are much more likely to do the kinds of things that will keep their mobile computers out of thieves’ hands. And people whose mobile computers are out of laptop thieves’ reach are, frankly, people whose confidential data is much less likely to be within identity thieves’ reach, as well.”

YouTube video shows Siciliano on a local FOX News affiliate discussing the importance of securing mobile computing devices on college campuses, where laptop theft can run rampant. To learn more about identity theft, a major concern for anyone who’s lost a laptop computer or other mobile computing device to thieves, readers may go to video of Siciliano at VideoJug.

Anyone who belongs to LinkedIn® is encouraged to join MyLaptopGPS’ laptop computer security group there. They may download a demo of MyLaptopGPS, as well, and have the opportunity to read one of two reports tailored to the type of organization they run.

###

About MyLaptopGPS

Celebrating 25 years in business, Tri-8, Inc. (DBA MyLaptopGPS.com) has specialized in complete system integration since its founding in 1984. From real-time electronic payment processing software to renowned mid-market ERP implementations, the executive team at MyLaptopGPS has been serving leading enterprises and implementing world-class data systems that simply work. With MyLaptopGPS™, Tri-8, Inc. brings a level of expertise, dedication, knowledge and service that is unmatched. MyLaptopGPS™’s rock-solid performance, security, and reliability flow directly from the company’s commitment to top-notch software products and services.

About IDTheftSecurity.com

Identity theft affects everyone. CEO of IDTheftSecurity.com, Robert Siciliano is a member of the Bank Fraud & IT Security Report‘s editorial board and of the consumer advisory board for McAfee. Additionally, in a partnership to help raise awareness about the growing threat of identity theft and provide tips for consumers to protect themselves, he is nationwide spokesperson for uni-ball in 2009 (uniball-na.com provides for more information). A leader of personal safety and security seminars nationwide, Siciliano has been featured on “The Today Show,” “CBS Early Show,” CNN, MSNBC, CNBC, FOX News, “The Suze Orman Show,” “The Montel Williams Show,” “Tyra” and “Inside Edition.” Numerous magazines, print news outlets and wire services have turned to him, as well, for expert commentary on personal security and identity theft. These include Forbes, USA Today, Entrepreneur, Good Housekeeping, The New York Times, Los Angeles Times, Washington Times, The Washington Post, Chicago Tribune, United Press International, Reuters and others. For more information, visit Siciliano’s Web site, blog, and YouTube page.

The media are encouraged to get in touch with any of the following individuals:

John Dunivan

MyLaptopGPS Media Relations

PHONE: (405) 747-6654 (direct line)

jd@MyLaptopGPS.com

http://www.MyLaptopGPS.com

Robert Siciliano, Personal Security Expert

CEO of IDTheftSecurity.com

PHONE: 888-SICILIANO (742-4542)

FAX: 877-2-FAX-NOW (232-9669)

Robert@IDTheftSecurity.com

http://www.idtheftsecurity.com

Brent Skinner

President & CEO of STETrevisions

PHONE: 617-875-4859

FAX: 866-663-6557

BrentSkinner@STETrevisions.com

http://www.STETrevisions.com

http://www.brentskinner.blogspot.com

Week of FUD; Hackers breach electric grid, Conficker sells out, Obama has a plan

/in , , , , , , /by

Robert Siciliano Identity Theft Expert

They say adversity university and the school of hard knocks makes your stronger, faster and streetsmart.  And if it doesn’t kill you it makes you stronger. Lately, I’ve been killing my readers with lots of deadly data so I bet your security muscles are getting huge!

The security community has bombarded the media with fascinating claims of gloom and doom. (I’m guilty of it, too.) The hype hasn’t entirely met the hyperbole. There have been no major catastrophic issues. The power hasn’t gone out, and data breaches haven’t occurred in the 3-15 million PCs that have been compromised by Conficker.

But that doesn’t change the fact that there are still real problems that need solving. The security community and the media are getting better at discovering these new hacks, reporting on them and taking decisive action to fix them before they get worse.

For good reason, President Obama ordered a cyber-security review earlier this year. And he announced plans to appoint a top cyber-security czar, who will coordinate government efforts to protect the country’s networks. This is a response to years of inaction, culminating in millions and millions of breached records by cyber criminals toying with our critical infrastructures and corporate networks.

The Register points out, “According to the Wall Street Journal – which cites unnamed national security officials – electro-spooks hailing from China, Russia, and ‘other countries’ are trying to navigate and control the power grid as well as other US infrastructure like water and sewage.” That could get messy. Let’s make sure the Cyber Security Czar gives the sewage situation his undivided attention. CNET reportsthat the Pentagon has spent over $100 million on its networks in the past 6 months in response to attacks on the government’s computers. This is part reactionary and part proactive.

Wired reports that Conficker is now a lame spambot, selling fake Internet security software in the form ofscareware. I’m going to shut up about Conficker, for the most part, unless this thing does something that impresses me.

Bob Sullivan points out today in “Why all the cyber-scares?” (as I did earlier this week) that, “Security experts use the term ‘spreading FUD’ – fear, uncertainty, and doubt – to criticize the sales tactics of firms that use hyperbole to scare customers into overpaying for security products. The Conficker incident appears to a be a classic example of FUD.”

I’m all done with this week and I’m going to paint eggs.

For an Easter treat, identity theft speaker Robert Siciliano provides you with a hilarious rare glimpse of someone he loves walking for the first time. (I am human, you know.)

And a big THANK YOU to uni-ball because I cant do what I do without them. I’m excited to work with uni-ball in 2009 in a partnership to help raise awareness about the growing threat of identity theft and provide tips for protecting yourself. Check out uniball-na.com for more information.

Conficker flexes muscles, phones home

/in , , , , , , , , , , , /by

Identity Theft Expert Robert Siciliano

The internets number one virus Conficker, called home and sent its next set of updates to its global botnet.

Conficker’s botnet, which includes anywhere from 3 to 15 million PCs, has a peer to peer (P2P) feature that allows each PC on the network to talk to one another. Each PC has the ability to become the command server. This characteristic allows Conficker to fluidly update each PC on the network.

The latest variant shows that Conficker is updating via P2P, as opposed to pinging a website for its updates. This makes Conficker “self reliant.”

botnet is a robot network of zombie computers under the control of a single leader. The concept behind a botnet is strength in numbers. Botnets can attack websites, send spam, and log data, which can lead to data breaches, credit card fraud and identity theft, and ultimately clog a network until it shuts down.

CNET reports that researchers have observed Conficker making its first update, which they believe to be a keystroke logger, a form of spyware designed to log usernames and passwords. This new update also tells the zombies to seek other PCs that have not been patched with Microsoft’s update. The worm also pings websites including MySpace.com, MSN.com, eBay.com, CNN.com and AOL.com in order to determine whether that PC has Internet access.

The Register reports that Conficker is now pinging what’s known as a Waledac domain, which contacts a new server if the current one is blacklisted by ISPs for spamming. This allows the virus to download more updates.

In 2007 and 2008, the Storm Worm was thought to have infected over 50 million PCs. Waledac is using the same technology as the Storm Worm,which means two things. First, this may get ugly fast. And second, whoever is controlling Waledac must be the same criminal hackers that built Storm Worm.

All this means that Conficker is about as dangerous as a virus can be, with the best of the best technologies, both old and new. While the virus has yet to strike, it is definitely gearing up.

 

Identity theft speaker Robert Siciliano discusses criminals using viruses to hack credit cards.

To protect yourself, be sure you have updated Internet security software, and consider an identity theft protection service.

I’m excited to work with uni-ball in 2009 in a partnership to help raise awareness about the growing threat of identity theft and provide tips for protecting yourself. Check out uniball-na.com for more information

Confickers copycat evil twin

/in , , , , , , , , /by

Identity Theft Expert Robert Siciliano

Both Microsoft Certified Professional and Computerworld report on a variation of Conficker known as “Neeris.” Neeris is a 4 year old virus that has resurfaced and is now behaving like a Conficker wannabe. It is believed that the criminal hackers who created Conficker and Neeris are either the same person or are working together, double teaming the computer security community.

Neeris began showing up on March 31st into April 1st which, as we know, was supposed to be the launch date for the next set of Conficker updates.

Conficker and Neeris both include auto-run and remote call features that allow it to slither into external storage, including cameras, USB drives, external hard drives and other memory-based devices. Furthermore, it is feared that the “call home” feature will eventually enable either virus to update their abilities to wreak havoc and compromise data.

What’s troubling is that Microsoft created a critical security update specifically for Conficker, labeled the MS08-067 patch. Now, Microsoft Certified Professional states that Neeris is able to “poke holes in” this patch, indicating that the patch is no match for Neeris.

However, as stated in Computerworld, “Due to the similarities to Conficker, most of the mitigations that were mentioned also apply here. Make sure to install MS08-067 if you haven’t done so yet, and be careful to use only autoplay options you’re familiar with, or consider disabling the Autorun altogether.”

Regardless, update critical security patches and run the latest McAfee anti-virus definitions.

Robert Siciliano Identity Theft Speaker discussing viruses slithering into memory based devices here

I’m excited to work with uni-ball in 2009 in a partnership to help raise awareness about the growing threat of identity theft and provide tips for protecting yourself. Check out uniball-na.com for more information.

Credit card fraud is Americans number one concern

/in , , , , , , , , , , , /by

Identity theft Expert Robert Siciliano

A recent study conducted by the Unisys Corporation shows that identity theft as it pertains to credit card fraud is Americans’ number one concern.

When people ask me, “How do I protect myself from credit card fraud?” I tell them, “Cancel the card, or never use it.” Because that’s the only way.

Personal security (as it pertains to violence) and national security have always been a concern. However, this new study shows that people are more concerned with fraud, and the risk of having their savings depleted by scammers. Not so hard to believe, what with the number of data breaches, and the Madoffs of the world fleecing their unsuspecting investors.

75% of Americans feel that the recession has increased their chances of being victimized by criminal hackers and thieves. Most are also concerned their “private” information on a corporate or bank network may be compromised.

FBI’s Internet Crime Complaint Center’s 2008 Annual Report determined that online fraud increased by 33.1% last year. Dollar losses resulting from online fraud increased to $265 million.

Overall, these concerns are valid, due to flaws in the system of issuing credit that facilitate new account fraud. Furthermore, account takeover requires nothing more than access to credit card numbers, which are available in hacked databases or susceptible every time you hand your card over to a gas station attendant.

Viruses in spam or phishing emails continue to plague consumers and as scammers get more sophisticated, the chances of getting hooked increase.

Banks and business will continue to feel the pressure as criminals target their clients’ data.

Credit card skimming at ATMs and gas pumps makes it impossible to protect yourself when you could essentially be handing your digits over to a criminal.

Skimming is one of the financial industry’s fastest-growing crimes, according to the U.S. Secret Service. The worldwide ATM Industry Association reports over $1 billion in annual global losses from credit card fraud and electronic crime associated with ATMs.

Marite Ferrero, a blogger with Finextra, adds, “In Europe, the points of compromise are everywhere: ATM, gas pumps, parking, DVD rentals, movie tickets, food kiosks, tolls, buying metro tickets, and the list goes on… Because of chip and pin implementation, the proliferation of stand-alone terminals that accept chip and pin has provided a profitable playground for fraudsters.”

While the card holder is generally only responsible for the first $50.00 in losses, which is often waived by a “zero liability policy,” card holders who don’t pay attention to their statements often let these charges pass and eat them.

There are many technologies available to secure credit cards, such as “smart cards” and “chip and pin.” However, due to the nature of a credit card transaction, once the data leaves the card, it’s up for grabs. Whatever card security their may have been is now gone.

Check your credit and banking statements carefully. Scrutinize every charge and refute any unauthorized charges within 30-60 days. Call your bank or credit card company immediately if you see any fraudulent activity.

Invest in identity theft protection. Credit freezes or fraud alerts help prevent new account fraud. Protect your PC with McAfee, or other Internet security software.

Robert Siciliano, identity theft speaker, discusses credit card fraud.

I’m excited to work with uni-ball in 2009 in a partnership to help raise awareness about the growing threat of identity theft and provide tips for protecting yourself. Check out uniball-na.com for more information.