Top 10 Jobs For Criminal Hackers

Identity Theft Expert Robert Siciliano

So you wanna go to the dark side? You’ve been hearing all about this hacking thing and you’d like to impress your girlfriend and show her how you can hack into corporate databases eh? Well, first if you are nodding your head, you’re an idiot. Second, chances are better than ever that you’ll get caught. Law enforcement is actually getting pretty good at finding the bad guy. In the meantime, the FBI posted the top jobs in computer crime and the bad guys are hiring.

They need:

1. Programmers: They are the dudes that write the actual viruses that end up on your PC because you were surfing porn or downloading pirated software off of torrents.

2. Carders: the most visible of criminals who distribute and sell stolen data to whoever is willing to take it and burn it onto a white card or make purchases over the internet.

3. IT Dudes: these are like any computer professionals who maintain all the hardware to keep the operation running as it should.

4. Criminal Hackers: these are the tech savvy penetration testers who aren’t legitimate penn testers but black hat hackers. They look for vulnerabilities in networks and plant code to exploit the users.

5. Social Engineers: these are the scammers and liars that think up all the different scams and communicate with people via phishing emails.

6. Hosted Systems Providers: are often unethical businesses that provide servers for the bad guy to do his dirty work.

7. Cashiers: provide bank accounts where criminals can hide money.

8. Money Mules: these may be unsuspecting Americans who act as shipping managers and do the dirty work for the bad guy and open bank accounts too. Sometimes the mule may be foreign and travel to the US specifically to open bank accounts.

9. Tellers: Help transfer and launder money through digital currency’s such as e-gold.

10. Bosses: These are the Mafia Dons. They run the show, bring together talent, manage, delegate, tell people what to do and maybe cut a head or two off.

If this whole writing, speaking and consulting thing doesn’t pan out I know who is hiring.

Invest in Intelius identity theft protection and prevention. Not all forms ows.f identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing hackers on Fox News.

Why Everyone Should Learn to Be A Hacker

I know enough about hacking to make all of my software un-usable, mess up my operating system, and crash my PC. I also know enough about hacking to re-install my operating system, re-install all my software and get my PC running fresh and relatively secure. I’m no criminal hacker. And I am not suggesting that. Nor can I program; I don’t know code but I do know enough to hack in a way that keeps me running, and again, secure.

Hacker isn’t a bad word and hacking isn’t a bad thing to do. It’s something that if everyone who plugs into a PC every day did, they’d be a heck of a lot more versed in the functionality and security of a computer.

The beauty of becoming a “do it yourself” (DIY) hacker is you don’t need to pay a dude to come to your home or office to fix your computer when it’s not working. Three hundred and twenty five years ago I used to pay someone to fix me. Now I can do most of it myself, and when I don’t know how to do it I look it up on Google. Chances are if you have had this problem, then thousands of others have too. There are a bazillion forums that you can go to and solve annoyances and real technology issues.

Once you start asking questions you begin to find people who know the answers. Next thing you know you are the person with the answers. Along the way you connect with people that are smarter than you are who actually do know code and how to really hack a system. Then keep this stable of experts on your contact list so when you are in a pinch, you reach out. But do your best to figure it out on your own first so you aren’t constantly bugging them. You’d be amazed at how capable you are once you invest the necessary time to learn this stuff.

Another great way to learn how to be a DIY hacker is through tech support of your new PC. Most computers come with a one year guarantee that includes phone support. Now many people complain about lousy support, but the hundred or so hours I’ve spent over the years with these people from all over the world has definitely upped my hack-abilities. Even when the tech support guy is wrong, you learn something.

Recently I got rid of all my old 5-6-8 year old PCs and upgraded all but one to Windows 7 boxes and couldn’t be happier. In the process, I had to go through a litany of changes that were always frustrating, but made me a better, smarter, faster DIY hacker. I’ve spent about 20 hours with tech support on the phone getting everything to work like it should and now I know how to do it myself when things go wrong.

“Why I want my daughter to be a hacker” is the title of a post that’s been making waves in the blogosphere. It doesn’t exactly make my point, but worth a read.

Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing the identity theft on CNBC.

Elderly Couple Assaulted During Home Invasion

Every day I scan the news for stories to report on. My job is to disseminate information in a way that is easily digestible and makes sense. Hopefully the reader will act on what they learn and make better decisions to protect themselves and their families.

It’s not easy to read stories every single day about horrible things happening to good people. The frustrating part is seeing the same awful crimes happening over and over and over again. I can write about “Elderly couple assaulted during home invasion” 20 times a day and each story will be worse than the next. If you are elderly or have elderly parents, please take heed:

The man’s wife, whom he’s been married to for almost six decades, lies in the hospital. The victim says the suspect broke a window in the bedroom and appeared in their living room around 10:30pm Sunday night as they watched television. “He grabbed me around the neck, and said he would cut my throat if I didn’t do what he said,” said the husband.

THEY WERE JUST WATCHING TV!!!!!!!!!!!!!!!

“He went through the drawers, getting jewelry and whatever else he saw he wanted,” said the husband. For four hours, the homeowner says the suspect tore through their belongings while they were forced to lie face down in their bedroom. “He was very comfortable with being in here.

Any time his wife made a noise showing her fear, the suspect came back to the bedroom. “She was making noise and he didn’t want her making noise, he would kick her hard.” The victim’s wife was transported to Methodist Hospital in the Medical Center due to brain swelling from being kicked by the suspect. Her husband tells us they will monitor her overnight and she may be able to go home on Tuesday.

Locking your doors isn’t enough. Locking your windows isn’t enough. In order to prevent a crime like this the homeowner needs a comprehensive home security review. Bring in the local police to give your home a once over. Invite a local locksmith to determine what the best locks for your doors are. Call a home alarm installer to discuss a home security system. Consider taking it up a notch and installing home security cameras. Consider a do it yourself wireless home alarm system or hire a professional. But please, whatever you do, do something. The worst thing you can do is nothing.

Robert Siciliano personal security expert to Home Security Source discussing home invasions on the Gordon Elliot Show. Disclosures

Why We Need Secure Identification

New York police have served warrants dozens of times to an elderly couple looking for suspects the couple has no knowledge of. “Police have knocked on their door 50-plus times since the couple moved into their home in 2002, looking for suspects or witnesses in murder, robbery and rape cases, according to reports. The couple has been visited by law enforcement up to three times a week. Authorities are investigating the possibility that the Martins’ identities may have been stolen.”

Criminal identity theft is when someone commits a crime and uses the assumed name and address of another person. The thief in the act of the crime or upon arrest poses as the identity theft victim. Often the perpetrator will have a fake ID with the identity theft victim’s information but the imposters’ picture. This is the scariest form of identity theft.

In Mexico plans are rolling out to identify  110 million citizens into its national ID card program. “The program will be among the first to capture iris, fingerprint and facial biometrics for identification.  Similar programs around the world use biometrics for voter registration and even financial transactions. Possible uses for the card include  identification, driver licenses, collection of tolls, a travel card and an ATM card.”

In India, they are in the process of creating the Unique Identification Authority to identify their 1.1 billion citizens. A uniform ID system with biometric data, which should launch next year, will be designed to curb fraud and effectively identify their citizens. It could also make many new commercial transactions possible by allowing online verification of identities by laptop and mobile phone.

In the US, in order to end illegal immigration politicians have proposed a worker identity card and quoted from the New American “Ending Illegal Employment Through Biometric Employment Verification,” Reid, et al, set forth their chilling scheme to require all Americans to carry a 21st Century version of the Social Security Card. The national identification card will be embedded with biometric data detectable by federal agents. Specifically, the Reid plan will mandate that within 18 months of the passage of immigration reform legislation, every American worker carry the “fraud-resistant, tamper-resistant, wear resistant, and machine-readable social security cards containing a photograph and an electronically coded micro-processing chip which possesses a unique biometric identifier for the authorized card-bearer.”As if that isn’t enough to freeze the blood of any ally of freedom and our constitutional republic.”

“Chilling scheme” and “freeze the blood” or a step towards security? I wonder if the couple in New York or the millions who have had their identity stolen wish they were properly identified.

Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing the Social Security numbers on Fox News.

12-Year-Old Girl Home When Man Tries To Break In

Is it OK if I call this criminal a boob? Because he’s a dopey boob who used a pink Huffy as a getaway vehicle. And his victim, well, she’s a ROCK STAR! Read on... A 20 year old burglar breaks into a home. Twelve year old girl is home alone. I don’t know why, I think that’s illegal in some states. But she’s home alone and at least the alarm is on. Which turns out to be a very good thing.

Using a brick, burglar breaks the glass on the front door and reaches through to unlock the door. Girl sees a green latex glove coming through the window. Smart little rock star that she is; she hits the panic button on the home’s alarm system, and the thief ran off.

“When police arrived, they found two witnesses – one who saw a man enter the back yard of the residence, and one who saw him leave. Both provided the same description. About a block away, police saw a man matching the description riding a pink Huffy youth bicycle, and they stopped him.

According to police, the boob had several different stories about where he was going and where he had been. Police patted him down and found a screwdriver and green latex gloves, which matched with what the girl saw when the suspect’s hand came through the front door.”

First, never leave a 12 year old home alone. Maybe a 12 year old is perfectly capable, but still, that doesn’t work for me. If it’s legal in your state to have a 12 year old home alone, then at least discuss home security tips, which in this case it seems they did. She did well by hitting that panic alarm.

At least install home security cameras as another layer of protection with signage outside. Do you think this house had a sign outside that denoted the house was alarmed? If it did I bet the guy would not have broken in.

The door on this house facilitated the break in. Windows on doors aren’t secure. I prefer solid core doors. If you are going to have a window on a door, it should be very small and be at the very top of the door so the burglar can’t break it and reach in to unlock the door.

Finally, I love the fact that the neighbors saw him. This must be a neighborhood with a successful neighborhood watch program.

Robert Siciliano personal security expert to Home Security Source discussing Home Invasions on Montel Williams.

Why American’s Identities Are Easily Stolen

Identity Theft Expert Robert Siciliano

We can fix this thing, but we won’t because we don’t want to be inconvenienced. I’m introduced to amazing technologies every week that will stop this. All they need is government support and system wide adoption. Meanwhile, Chuck Schumer and Ed Markey and the rest of the grand standing politicians scream about privacy and security issues when they see an opportunity for publicity, but their follow through is less than satisfactory.

We use easily counterfeited identification, Social Security numbers that are written on the sides of buses and we rely on the anonymity of the phone, fax, internet and snail mail as a means of application.

In other countries they solve problems. They have priorities and don’t deal with the rhetoric.  They put security first, convenience second.

Cedric Pariente from B32Trust tells us that in Paris, France you need to open an account first before a loan is granted by a bank. In order to do so, you need to provide them with a printed copy of your ID card and proof that you still live where you claim to live (last electricity bill usually.) Then they can check your credit history and decide to grant you with a loan or not. Most of the time, they just check that your debt is not over 30% of your income. You have to be a bank client. Doesn’t seem they allow phone, fax, internet or snail mail transaction when granting credit.

In the UK, Keith Appleyard echoed something similar to France’s system: you have to present yourself in person with a Government-issued Photo ID such as Passport or Drivers License, plus a proof of address less than 3 months old, such as a bank statement or utility bill. Keith further explained the whole UK population had vetting their Identity Credentials and one of the last people to be vetted was the Queen of England, but she is not exempt. So she meets with her Bankers, but she doesn’t have a Passport or Birth Certificate or Drivers License. So she asks them to take a Sterling Currency note out of their wallet, points to her picture engraved on the note, and says “yes, that’s me”. So they officially recorded the Serial Number on the Currency note as being her Identity Document. I think that process may need looking into. J

In Australia, Stephen Wilson from the Lockstep Group discussed identification of customers opening bank accounts has been regulated since the 1980’s.  They have a roster of “evidence of identity” documents (passports, Australian driver licenses, government issued cards of various sorts, other bank accounts, utility bills, birth certificates, naturalization certificates …) each of which is equated to a set number of “points” reflecting broadly the quality of the document as proof of id.  You need to present 100 points total to open an account.  Usually passport + driver license suffices.

Gavin Matthews of SECCOM GLOBAL in Australia adds the system can only be compromised with forged items, which are not that easy to obtain. Like our money these days we have holographic licenses, chipped passports etc. However it does happen regularly and organized crime is the main culprit (Asian gangs, motorcycle clubs etc) and replication of stolen items probably makes up 70-80% of beating this system. There have been cases here of people working for drivers licensing authorities in various states being indicted for fraud etc and being linked back to organized crime.

In Finland, Kalle Keihanen from the Nordea Bank Finland Plc added the modern IDs are pretty tough to forge and forgeries easy to spot by professionals like bank tellers. If there is a suspected fake document the police are summoned and their database includes pictures and such of the real person.

When opening a bank account, the social security number on the ID is first mathematically verified (it has a simple algorithm built in), and then submitted electronically to a national registry, which then returns the name, address and credit info tied to that SSN. Utility bills or such are therefore not needed.

The low identity theft figures in Finland are mostly due to the SSN, where the system does real-time checks on the status of the identity, combined to a difficult-to-forge array of ID papers (passport, driver’s license, national id). Also, nearly 100% of Finns always carry a picture ID, since the law requires “every person of age 15 and up to be able to reliably prove their identity to the authorities.” Thus, there is a “chain of picture identity papers” starting from childhood in the national registry and any new ID application is verified against previous ones and the photos in the database, making applying for an ID with a stolen identity extremely difficult. You can only apply for an ID to replace one that is broken or expiring. Stolen or lost IDs are always submitted for criminal investigation before a replacing ID is issued.

While none of these systems are perfect, they are a step in the right direction and far better than the US’s honor based system. At least we have corporations that are providing what the government won’t. But that still doesn’t fix the problem.

Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing the criminal hackers on Good Morning America.

Secret Service: ATM Card Skimming Five Times Higher This Year

Identity Theft Expert Robert Siciliano

ATM skimming is approaching a billion-dollar issue. ATM skimming is happening coast to coast and there seems to be no end in sight. Skimming devices have been found recently at ATMs at a Bank of America in Daytona Beach and one weekend last month people came and went from the automated teller machine outside a Chase Bank in Escondido, California. They slipped in their cards, took their money and left.

In Boston, police uncovered an international ATM skimming ring responsible for stealing money from hundreds of local accounts. Izaylo Hristov, 28, of Ontario, Canada, a Bulgarian citizen, was arrested at an ATM in the Boston area along with Viadiclav Vladevo and Anton Venkov. Venkov had $99,100 in $20 bills in his car when he was arrested. One of them had Dunkin’ Donuts gift cards and American Express cards with post-it notes that had “PIN’’ and various numbers written on them. These cards were used to write the stolen data on, and then used to make withdrawals. Apparently a few more than a few people in the Boston area didn’t watch this on Fox Boston, or this on NBC Boston or read this in the Boston Globe.

A spate of recent news reports highlight growing ATM fraud. Law enforcement in New York City reported a gang had stolen $500,000 from bank accounts via ATM skimming. They installed cameras and skimming devices on the machines, and recorded the magnetic strips and the PIN numbers.

Don’t expect the banks employees to protect you. At a bank in NY an alert customer pulled a skimmer off the ATM and brought it into the bank manager who had never seen a skimmer.  She thanked him. He came back in moments later with the small wireless camera. She thanked him again then she shut down the ATM.

Generally, if you can pull something off the face of the ATM where you’d slide your card through, that’s probably an ATM skimming device see pictures here.. Banks are investing in new technologies, such as internal hardware that can jam the signal of skimming devices. But customers need to be aware of the problem and keep an eye out for devices affixed to the front of ATMs or cameras mounted near small mirrors or on brochure holders.

To help combat this type of crime, ADT unveiled the ADT Anti-Skim ATM Security Solution, which helps prevent skimming attempts and detects skimming devices on all major ATM makes and models. ADT’s anti-skim solution is installed inside an ATM near the card reader, making it invisible from the outside.

See more skim demonstrations on Extra TV.

The solution detects the presence of foreign devices placed over or near an ATM card entry slot, without disrupting the customer transaction or operation of most ATMs. It can trigger a silent alarm for command center response and coordinate video surveillance of all skimming activities. Also, the technology helps prevent card-skimming attempts by interrupting the operation of an illegal card reader.

You can protect yourself from these types of scams first by covering your pin!! Scammers have a difficult time turning your 16 digit account numbers into cash without the PIN. Consider never using a debit card again, since credit cards are safer. When using an ATM, pay close attention to details, and look for anything that seems out of place. If your card gets stuck in the machine or you notice anything odd about the appearance of the machine, such as wires, double sided tape, error messages or the machine seems unusually old and run down, don’t use it. Don’t use just any ATM. Instead, look for ATMs in more secure locations.

Ultimately, you must pay close attention to your statements. Refute unauthorized transactions within 60 days. Check with your bank to determine what their timeframe is to refute unauthorized withdrawals. In some cases an can be as early as a week.

Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing the Bulgarian ATM scammer getting busted on Fox Boston.

4 Month Old Baby and Parents Rob Homes

When someone breaks into a home, their primary motivation is generally money. In the case of parents bringing their 4 month old along for the heist, its probably for money to support a drug habit. These burglars obviously have issues.

279 years ago I dated a girl who worked at a bank. She developed herself a little coke problem. Her coke problem turned into a theft from the bank problem to support her habit. Drugs drive people to do awful things. Eventually this girl was found out, faced some consequences, got into a few 12 step programs and today’s she’s very successful and a mother of 3.  So the subjects in this story aren’t horrible, they’re actually sick. Addiction is an extremely difficult disease to cope with for everyone involved.

A couple accused of going on a home break-in spree last week have been charged with child abuse for allegedly bringing along a 4-month old child. Deputies said the suspects ages 28, 23 and 25, were arrested after a citizen spotted them leaving the scene of one of the crimes, followed the vehicle and called 911 to assist deputies in locating the vehicle.”

Desperate people do desperate things. And when someone is under the influence of a narcotic or desperate to get some, they will say and do anything. Often these crimes can lead to violence. If you think “it can’t happen to me” then you are delusional. Burglary happens all day every day in the “most secure” communities because people have “issues” and the victims don’t lock their doors and don’t invest in their home security.

Take responsibility for your home security. Install a home security system complete with monitored alarm and home surveillance cameras. Have the cameras monitor motion connected to a DVR. Set the alarm while you are home during the day, sleeping and when you are gone.

Robert Siciliano personal security expert to Home Security Source discussing burglar proofing your home on Fox Boston. Disclosures

Personal Knowledge or “Qualifying Questions” as Authenticators

How many times have you forgotten a password? Fortunately the website you were on only needed your username or an email address and they would respond with a few questions for you to answer. Once you responded with what was in the system you then re-set your password and you’re in.  Easy peazy.

What’s your favorite food? Where did you honeymoon? Your first pets name? Name of your first car? The name of your elementary school?  Your fathers middle name? All these questions are meant to replace that used-to-be-secret-obscure word that only you and your parents would know the answer too – your mothers maiden name.

Then came Ancestry.com, Geneology.com, Google and for crying out loud Facebook. Now much of this information is available by doing a quick search online via public records or it’s easy to guess if the “hacker” is an acquaintance.

I’m a member of an organization in which I have been granted access to a bank account we have. But I haven’t accessed the account in months.  Since the last time I logged in the bank instituted a qualifying question as another layer of protection. Instead of calling the other person who was also managing the account I simply guessed the answer. “Where did you go to high school?” I didn’t know where this person went to high school but I knew where his mother lived. I entered the name of the town and BOOM, I was in.

It shouldn’t be that easy.

1. Get a credit freeze and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing hacked email on Fox News.

A Great Way to Ruin an Online Reputation

I’m all about transparency. But that’s just me. Not everyone is so forthright. Most people prefer to fly a click or more below the radar and never have a light shine on them. I prefer to make sure what’s being said, is said by me and not some troll. My brother used to say “the worst thing that can happen to a person is to end up on one of those stupid talk shows.” Then I proceeded to do every talk show including Howard Stern. But that’s just me.

My only regret was doing the Maury Povich show. That guy just played me and took advantage of me and used me as a pawn on his show. He would ask the audience leading questions adverse to my sound advice and continually allow the stupidest person in the room to answer. Controversy is fine, but bad, potentially deadly advice isn’t.

My point in all this? Things are heading in a direction that if you aren’t transparent, if you aren’t doing things to boost your credibility, if you aren’t “open” and someone decides to use the internet to slam you, then they automatically have the upper-hand. Today a person has less control over what is said about them than ever.

Unvarnished is a new website, in beta, you need to be invited. Users connect with Facebook. PC World seems to allude to anonymous posting on Unvarnished that can only happen if someone fakes a Facebook profile. Anything in the form of anonymous posting doesn’t benefit the common good.

For example, when I read the comments in newspapers or blogs, I often see people throwing up all over everyone and saying the meanest, rudest and most hateful things. These cowards can easily do this anonymously. But none of them have the nerve to assign their actual name to it.

PC World reports Unvarnished functions like other social networking sites–especially the popular professional social networking site, LinkedIn. Users can create a profile with their resume and work information, and request reviews from their professional colleagues. The difference, of course, is that users can also “create” a profile for non-Unvarnished users–if you, say, want to leave a review of that shoddy intern from two summers ago and he/she doesn’t have a profile–no worries, you can still leave the review. Shoddy intern can then claim said profile later, if he/she so desires.

The best way to gain more control over this kind of site is to set up your own profile. It’s a start. Then build positive commentary. Another tool for managing online reputation management is to go to Knowem.com and grab up all the social media sites and get your name.

And protect your identity.

1. Get a credit freeze and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing Facebook Hackers on CNN.