Nuclear Weapons, CyberSecurity and an Unlocked Door.

/0 Comments/in , , , , , , , , , , , , , , , , /by

Robert Siciliano Identity Theft Expert Speaker www.IDTheftSecurity.com

What happens when you have an unlocked door at the home of and employee at the top U.S. nuclear weapons laboratory? How about 3 stolen computers with yet to be disclosed data, that was said to be non-classified. We hope. Were the computers stolen to be resold for crack? Or for nuclear weapons secrets? We may never know. Or we may find out the hard way.

At the Los Alamos National Laboratory in Santa Fe New Mexico dozens more (67 total) systems are currently listed as missing. Officials are conducting a full review of the lab’s policies and procedures governing the use of official computers at employees’ homes.

Situations like this are common in every industry with every conceivable form of data. We just wish it wasn’t data from a nuclear weapons facility.

Its important to point out that the facility has as many as 40,000 computers including desktops, laptops, PDAs, printers and so on. Do the math, less than a .25 percent lost or stolen. The lab has been documented at a better than 99.5 accountability rate.

We know there is no such thing as 100% security whether protecting from hardware or data thieves. Security is an ongoing, never ending, consistent, on your toes, don’t let your guard down, vigilant process.

And its not just criminal hackers causing big problems, lowly burglars looking for their next bag of dope stole a laptop computer from the home of a government employee containing 26.5 million Social Security Numbers, a US primary identifier. This $500 laptop cost millions.

Can you say your organization has a 99.5% success rate?

What policies do you have in place to foster a security minded culture? Here are just a few bullets as examples for you to add too.

# Cover all organizational systems used for processing, storing or transmitting personal information.

# Security risks faced assessed in the development of the policy

# Cost-effective measures devised to reduce the risks to acceptable levels

# Monitored and periodically reviewed.

# Staff and management made aware of the protective security policies and how to implement them.

Robert Siciliano discussing another hack Here

Bank Robberies Spike, Blame The Economy?

/0 Comments/in , , , , , , /by

Robert Siciliano

Often I’m called to provide perspective on breaking news as it relates to personal security, violence and fraud. Tonight it was bank robbery. In Boston a white male suspect in his 20’s has robbed at least 4 banks since Feb. 3rd and two of those were done today within a few miles of each other.

In the first, he went up to a teller who was in training, startled, she said she did not have any money in the drawer and he left the bank without trying. Obviously he did not have an alternative plan.

Each time he has passed a note demanding money and implies a weapon, but no weapon is shown.

The local police department talked to the media about how more and more suspects are desperate because of the economy and not experienced bank robbers. They also said that a lot of them don’t care about the survelliance cameras or the jail time that they might face if caught. The FBI and local police departments are investigating these robberies.

In New York City Bank robberies have risen 54 percent compared with last year, with criminals committing more than 430 in the past year, according to the NYPD.

New Yorks Police commissioner was quoted saying “They’ve turned banks into cash machines”

Numerous studies certainly show crimes tends to rise when times are tough. Right now its pretty tough and getting uglier for many. But rob a bank? I know plenty of people who have hit hard times. I can’t think of one who had the epiphany “Today I’ll rob a bank”.

I saw a story recently about a guy who walked out of a grocery store and stole a full a cart of food to feed his family and was caught. He was quoted saying “it was worth the risk to feed my family”.

Illegal, wrong, understandable.

What’s more likely is people who are robbing banks have committed crimes before. Bank robbery is a desperate and aggressive act. Chances are this individual is like most, suffering from addiction, heroin, Oxy-contin, and is desperate for his next hit. People who rob banks have an equal amount of desperation and stupidity as they do huge balls.

Banks Robbers aren’t Robert De Niro in Heat or Jim Carey in Dick and Jane

I think it’s safe to say that while the economy may have people all jittery, you won’t see many executives from failed investment firms who were laid off go and rob a bank. This person hasn’t robbed four banks to pay his cable bill. He’s a mess.

These arent well thought out, rational, previously employed people. These are people who have been involved in criminal acts their whole lives and this is the next step for them.

I would gather that someone is doing a study somewhere and will conclude that in-fact there is a spike in robberies during hard times. We see the same thing around the holidays. People are emotional, they feel pressure and go a bit nutty.

Why not every bank on earth is equipped with an access control vestibule so criminals are prevented from entering with guns or trapped like this idiot

Robert Siciliano discussing bank robbers motivations Here

Quarter Million Dollar Bounty for Criminal Hacker

/0 Comments/in , , , , , , , , , , /by

Robert Siciliano Identity Theft Speaker and Expert

In a Microsoft press release a global bounty has been offered for the arrest and prosecution of whoever has created and released the “conficker” virus.

Conficker was released in the last quarter of 2008 and has infected a wide estimate of 2 million to 10 million PCs. After issuing patches, Microsoft estimates approximately 3 million PCs globally are still compromised.

However none of the PCs infected with the conficker are displaying any of the characteristics generally exhibited by the recent spate of viruses offering a remote control component and often used to host spoofed websites and other malicious fraud related activities.

Although, this virus is designed to constantly ping some 250 different domains that were most likely controlled by the criminal hackers that created it. The virus acts like any software calling home looking for an update, checking time/dates stamps and what version is running.

It is widely believed that conficker is waiting for its next set of updates to unleash the endgame its writers had in mind. BRILLIANT!

Many who study conficker as it phones home have been monitoring the 250 domains looking for the next “update”.

Each of these top level domains include .com, .net and .org. All of which fall under Internet Corporation for Assigned Names and Numbers (ICANN), who heads up the domain registration industry. ICANNs rules prohibit such reserving of domains. ICANN then worked with registrars in heading off any future registration of conficker sought domains.

What has been out of the control of ICANN has been .ws and .cn (China) based domains and due to the ferocity of conficker and negocitions by ICANN, China and other global registrars have agreed to make it difficult for conficker to continue to control its 250 base domains or seek others along the string.

What we are seeing here is a global effort by international agency’s, security professionals from around the world and Microsoft working together to defeat an unknown attacker, that if left un-matched, could infect a significant portion of the worlds computers.

This story is not over.

Robert Siciliano Identity Theft Expert-Speaker video discussing rise in identity theft Here