3 Nabbed in Massachusetts ATM Skimming Ring

Robert Siciliano Identity Theft Expert

Police believe they may have uncovered an international ATM “skimming” ring responsible for stealing money from hundreds of local accounts. Izaylo Hristov, 28, of Ontario, Canada, a Bulgarian citizen, was arrested at an ATM in the Boston area along with Viadiclav Vladevo and Anton Venkov. Venkov had $99,100 in $20 bills in his car when he was arrested. One of them had Dunkin’ Donuts gift cards and American Express cards with post-it notes that had “PIN’’ and various numbers written on them. These cards were used to write the stolen data on, and then used to make withdrawals.

It was not too long ago that I bought an ATM north of Boston from a dude named Bob at a bar and rolled it through the streets of Boston nabbing unsuspecting users who entered their debit cards and PINS. I performed this crazy stunt to demonstrate how easy it is and how vulnerable we are. As a writer/blogger/speaker my primary motivation is to educate and inform, so the public and industry doesn’t get scammed.

Apparently a few more than a few people in the Boston area didn’t watch this on Fox Boston, or this on NBC Boston or read this in the Boston Globe. Because many of them got scammed over the course of the past few weeks. I’m trying here people. All you have to do is pay attention.

You can protect yourself from these types of scams first by covering your pin!! Scammers have a difficult time turning your 16 digit account numbers into cash without the PIN. Consider never using a debit card again, since credit cards are safer. When using an ATM, pay close attention to details, and look for anything that seems out of place. If your card gets stuck in the machine or you notice anything odd about the appearance of the machine, such as wires, double sided tape, error messages or the machine seems unusually old and run down, don’t use it. Don’t use just any ATM. Instead, look for ATMs in more secure locations. Ultimately you must pay close attention to your statements. Refute unauthorized transactions within 60 days. Check with your bank to determine what their timeframe is to refute unauthorized withdrawals. In some cases an can be as early as a week.

1. Get a credit freeze. Click on the preceding link and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in anti-virus and keep it auto-updated and check out my spyware killer IDTheftSecurty HERE

3. Go to my website and get my FREE ebook on how to protect yourself from the bad guy.

4. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing the Bulgarian ATM scammer getting busted on Fox Boston

10 Ways to Manage Your Online Social Media Reputation

Robert Siciliano Identity Theft Expert

The Internet has made our personal and professional lives very transparent. We now live in the fishbowl. Despite what many will argue, your privacy is no longer fully in your control. Your online identity is also something that others can control, and you need to do your best to manage it. Managing your online reputation and protecting it is equivalent to marketing your personal brand, YOU.


A colleague of mine is an adjunct professor of writing and communications at Boston University. He’s very intelligent and excellent at what he does. However if you were to look up his name on the web you would find some pretty horrible commentary on a professor ratings site from some of his former students, many of which flunked out of his class.


He of course, was devastated. I would be too. When awful things about you show up on the first page of search, that’s nothing to take lightly. Especially if you are submitting applications for jobs, schools, running for office or going out on date for that matter. Anyone who Googles you then sees the negativity.


Recently I was contacted by a consultant who specializes in marketing of consultants. OK, I’m listening. So I get the pitch and it sounded like a great deal. We hashed out all the terms and conditions, I checked her references and was ready to write a check. Then my security instinct kicked in. As soon as money is to leave my bank account and head towards another, I begin to think differently, its how I’m wired.  I did a search online of this consultant and the company she works for before I sent the check.


Immediately on the first page of search, reports from the Better Business Bureau, Complaints Board and the dreaded RipoffReport show up. There was also a blog set up by one very upset customer who felt slighted by this company. The blog was started over a year ago and he still contributes to it.  This company had 16 registered complaints with the BBB and only 10 were solved. Based on my research and what I had originally thought was a to good to be true offer in the first place, I chose not to do business with this company.


I know that companies with high volume and lots of customers are bound to upset someone. So there is certainly room for error. If you have a million clients and 1500 complaints, you’re doing pretty well.  Frankly, as a professional speaker I know that in most presentations I give that 5 percent of the room will absolutely loath me. They may not like my Boston accent, or I look like an ex-husband, or the bully who tortured them in school or simply because I’m breathing. But 95% want me to come back and teach them more. So you can’t please everyone.


Left unattended, the wild wild web and “search” is a relatively uncontrollable aspect of your reputation, unless of course you make and attempt to control it.


  1. Register your full name and those of your spouse and kids on the most trafficked social media sites, blogs, domains or web based email accounts. If your name is already gone, include your middle initial, a period or a hyphen. It’s up to you to decide whether or not to plug in your picture and basic bio, but consider leaving out your age or birthday.
  2. Set up a free Google Alerts for your name and get an email every time your name pops up online. If you encounter a site that disparages you, Google has advice. Get a Google Profile. It’s free and it shows up on page one.
  3. Set up a free StepRep account for your name. StepRep is an online reputation manager that does a better job than Google Alerts does of fetching your name on the web.
  4. Go to Knowem.com. This is an online portal that goes out and registers your name at what they consider the top 150 social media sites.
  5. Start doing things online to boost your online reputation. Blogging is best. You want Google to bring your given name to the top of search in its best light, so when anyone is searching for you they see good things. Bury bad stuff 20 deep. This is a combination of online reputation management and search engine optimization for your brand: YOU.
  6. Get a WordPress blog with your name in the address bar. Set up a Ping.fm account and blast your blog/Tweets to all your social media.
  7. Buy a domain name that is or is close to your real name and plaster your name in the HTML header so it comes up in search.
  8. Get a credit freeze. Click on the preceding link and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.
  9. Go to my website and get my FREE ebook on how to protect yourself from the bad guy.
  10. Invest in Intelius identity theft protection and prevention. Intelius helps to protect your identity. They monitor your credit and they scan the net looking for your data. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker with ID Analytics discussing Social Media Identity Theft on Fox Boston

419 Scams Double, Over $9 Billion in Profits

Robert Siciliano Identity Theft Expert


A recent study by Dutch investigation firm Ultrascan shows we are half as smart (or twice as dumb) as we were in 2008 as advanced fee scams doubled in losses to over $9 billion. 419 Advance Fee Fraud Statistics 2009 (PDF)


It is believed that while the scams are known to be Nigerian in nature, coined after the 419 Nigerian code making them illegal, scams were launched from 69 other countries in 2009.  The reason for the jump in the amount of victims is due to a broader reach of the scammer. Scammers aren’t just targeting English speaking nations anymore. As people in developing countries get computers and a connection to the Internet, they become susceptible to the same old scam other countries got snagged by a decade ago.


Big targets have become China, India, South Korea, Vietnam, and others. Many of the scams of the past had an “insurance fee” pitch that required a percentage of money sent in order to insure so many millions made their way to another bank somewhere. This “investment” by the victim was supposed to get them a percentage of the big pot. Once the scammer got a hold of the victims, they would build a relationship with them, in many cases romantically, to get them emotionally involved in the ruse.


However in China, the Chinese get hooked by lottery scams. And in India, a culture of hard workers, people fall for student visa and job placement scams. The hook in all these scams is the victim believes an inbound communication to be legitimate. From there, the scammers will say and do anything to get the victims to wire money. But it usually doesn’t end there. Once they get a rube on the hook, they will come up with as many reasons as possible to completely drain the victim of all their money.


Criminals aren’t any smarter than we are, but they know how to capitalize on our stupidity. They pull on emotional strings, they use greed, lust and many other human impulses to trigger us. Come on people; please just don’t be stupid, OK? And tell those in your life who are less than cognizant, just hit delete.

Protect your identity:


1. Get a credit freeze. Click on the preceding link and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in anti-virus and keep it auto-updated and check out my spyware killer IDTheftSecurty HERE

3. Go to my website and get my FREE ebook on how to protect yourself from the bad guy.

4. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)


Robert Siciliano, identity theft speaker, discusses various scams on TBS’s Movie and a Makeover.

Criminal Hackers Buying and Selling Hacked Accounts

Robert Siciliano Identity Theft Expert

Malicious software designed to gather usernames and passwords has been a boon for the criminal hacking community. Spyware as it’s commonly known records almost everything a user does on their PC. The most damaging spyware records all electronic communications via a web browser. That’s where the most damage can be done and the money is made.

Recent study shows there are as many as 70,000 variations of these keystroke sniffing programs which is double what was discovered in 2008.  Criminals have become proficient at hacking databases containing millions of credit card numbers but now have such a glut of data, they have to work hard to turn it into actual cash.

IT security professional have also become better at discovering a breach and those same credit card numbers become invalid soon after.

When fully accessing a persons, or a businesses bank account, this allows the criminal hacker more time to transfer funds and write checks to themselves.  Scraping user names and passwords for Facebook, Twitter and other social media sites also allows the hacker to spread more spyware to those in the trusted circle and gives the attacker an opportunity reach out to the friends or followers of the victims to scam money in many other ways.

These same hackers are enjoying access to a persons email account which may have a trove of data leading to even more usernames and passwords either contained in attached or cloud based documents. Having access to hacked email allows the resetting of many of the victims “password resets’ on various accounts too.


Protect your identity:

1. Get a credit freeze. Click on the preceding link and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in anti-virus and keep it auto-updated and check out my spyware killer IDTheftSecurty HERE

3. Go to my website and get my FREE ebook on how to protect yourself from the bad guy.

4. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)


Robert Siciliano identity theft speaker discussing hacked Hotmail accounts on Fox News

My Identity Thief Loves Me (PTI)

Robert Siciliano Identity Theft Expert

I have a very weird job. I explore aspects of society that people read about but would never consider exploring themselves. I go places where others may be led to because they didn’t know any better. And I like too expose the flaws in the system that make us vulnerable. Much of my “research” or “antics” as some would call it is prompted by my desire to learn more about the scumbags of society or predators that prey on other people.

My research has taken me down a dark seedy road into online dating scams, where some people are at their most emotionally vulnerable. The predators work a form of 419/advanced fee scam that always involved a money wire transfer.

There is something about people with antisocial personality disorder (ASPD) that intrigues me. Antisocial personality disorder is a type of chronic mental illness in which your ways of thinking, perceiving situations and relating to others are dysfunctional. When you have antisocial personality disorder, you typically have no regard for right and wrong. You may often violate the law and the rights of others, landing yourself in frequent trouble or conflict. You may lie, behave violently, and have drug and alcohol problems. And you may not be able to fulfill responsibilities to your family, work or school. Some say at least a full 1 percent of the world has this.

I say 99 percent of all people have had ASPD for at least a day/week/month/year, except me 😉

My recent love affair was prompted by a call from a national television show producer who is newly divorced. She, like many millions of others, (about 40 million +) is subscribed to online dating services. She is in a circle of women who all are in their early 50’s, married young and now find themselves in a new chapter of their lives.

With this degree of transition and being single comes an unfair level of loneliness that is very difficult to overcome without support from others. At times in my life, early on, I experienced this can tell you first hand, loneliness often trumps common sense and facilitates bad decision making.

She and a dozen of her girlfriends all got together recently and discovered many of them were being courted, online by men from the UK. These men would say the nicest things to them. For example (and this is within 1 week):

In me sweetheart you are going to find the most passionate, loving and romantic man you have ever met. There are very few promises in life but this is one of them!. ROMANCE is the key to my happiness and to my heart and soul!. It is the single biggest reason I am single today is because I have yet to find a woman who will romance me with the passion of there heart and be a giver of there love, and not just a taker. I am a man who is very committed to the special woman I am sharing my heart and soul with. I totally dedicate and devote my life totally to this person 24/7, for her she’s my Queen and it is my belief that as long as she’s my Queen, I would treat her good and right, by putting her on a pedestal that is reserved only for a Queen and showing her with an endless amount of affection, attention, passion, and unconditional love. It is my duty as a follower of the word of God to be her provider, providing for her emotional, mental, and sexual needs. It is my responsibility as her King to take any problems and stress that she has in her life and put it on my shoulders to free her of it, for I am a man and her King!. My shoulders are bigger so it is my obligation to carry the burdens she might has in life off them, allowing her to have a healthy mind, body, and heart and soul at all times. I love and cherish this role sweetheart, and it is because I love it so much, that I feel God has a role for everyone in life, and his chosen role for me is to be that excellent lover, father, and family man, because of the way I live my life, and because of my passion to be a great lover and family man.

Dudes gotta be a great lover to have that roll off his tongue. Right? Eeesh. At first, none of this seemed all that odd to them. We all like nice things said to us, and while a bit hokey, this dudes dictation ain’t all that bad.  Further, when you are lonely, even a visit from one of those crazy religious sects can be soothing. This entire scene is a perfect opportunity for a predator to strike. To be continued on “My Identity Thief Loves Me (PTII)” where you can read the actual chats with the scammer.

Protect your identity:

  1. Get a credit freeze. Click on the preceding link and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.
  2. Go to my website and get my FREE ebook on how to protect yourself from the bad guy.
  3. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing identity theft on Fox News

My Identity Thief Loves Me (PTII)

Robert Siciliano Identity Theft Expert

In “My Identity Thief Loves Me (PTI)” I brought you into my weird world of “research” into online dating scams. Here’s where I fell in love. I have been perused by “Kath Riss Green”. For whatever reason the scammers choose very WASPy names. But her picture was a hot Latina. She sent me a message via a social network I’m on. So I responded via a completely different profile I set up that had nothing to do with the original. And “she” didn’t seem to notice or care: I am “Ronn”.

1/17/10 Scammer: Hi,I saw your profile and wanted to say hello. Your very handsome and Id like to get to know you better.

1/18/10 Me: Hi back, you sent me an email on my profile. You look good to me. What is your name? Ronn.

1/19/10 Scammer: thanks for your email Ronn…..i’m kathline,i live and work in texas..i’m 30years,single and never with no kids,i love kids though.i would like to know more about you,where you from,what you do and many more…hope to read back from you, kathline

See the bad English and punctuation? The criminal hacker I wasted 4 hours with from Ghana wrote the exact same way.

1/19/10 Me: Hi Kath, I’m basically a nice guy… I want a woman to like me for who I am. I like eating pizza and I like to drink beer. I’m a little overweight.  I’m 5′ 2″ and 220 lbs, but my mom says Im handsome. What do you look like? Ronn

1/19/10 Scammer: Hello Ronn, How you doing an how was your day like?SO where you from?what do you do?are you married?got any kids?and what you ooking for?do you have any photo you can send to me?i would like you to tell me everything about yourself……….i’ve added you to my yahoo lit and hope to chat with you later on……attached are my pics.hope you will like them Kathline

1/19/10 Me: Wow, You’re very pretty! I’m from Massachusetts. My day was long I worked hard today. Gotta pay the bills! I work in an office as a word processor. Not married, one kid from when I was younger, his mom has him. Just looking for someone to love me like I love them. My camera dropped over the holidays and I need to get another one.  Do you have kids? Ronn

1/20/10 Scammer: Hi Ronn,sorry to hear about your day….wish i was there to keep your accompany….i’m also single,nerver maried with no kids..i love kids though,and i hope to have some with the right man someday..So tell me since when you’ve been doing online dating and how many woman have you meet online lately?what kind of relationship are you looking foir? Kathline

1/20/10 Me: No kids! Thats OK. Ive been doing the online dating thing for about 6 months. I just got a computer over the summer. i used to go to the library and use their computer, so Im new to this. All the women I have send messages to dont respond all that much. But you were nice to me first… Im looking for a relationship where the woman can be nice to me and treat me with respect, as I am nice to her and treat her with respect. I also wish that she can cook because I like to eat ALOT!!! LOL!!! Truly Ronn xoxoxox

I’m baiting

1/20/10: Hi Ronn,hhmmm….i guess i’m the one you’ve loking for all thiswhile…i’m someone who is loving,caring and God fearing,a down to earth type with great sense of humour..i love the out doors,i enjoy cooking,i like holding hands,kissing and cuddling….i wish things could ork out between us…..

It pisses me off when they weave the God thing in there. Heartless bastards!

1/22/10 Me: OMG THATs SO SWEET! You sound like my soul mate! Im sorry that I have not responded, I had to go away on business.  I would LOVE TO MEEET YOU!!!

1/22/10 Scammer: Ronn,I went to bed last night with a vision of you next to me. I slept like a baby all night, because I was not feeling alone.. When I awoke this morning to see if it was real or if it was a dream, realty hit me that it was only a dream. Very soon, I know that you will be right next me…i will also love to meet you for a weekend or so…..we can plan on meeting if you dont mind,i can come there but thaats if only we can both work the airfares together or what do you think?

Boom, 5 days into it and “airfare” comes up. I sound like a lonely desperate fool, I haven’t sent a picture, I’m built like a walrus. And Kath is dreaming about me. What a !@#$%^ SCUMBAG!

1/22/10 Me: Wow, this is wonderful! im flexible. I’ll do what you wish. Tell me what you would like to do.

1/23/10 Scammer: Jon said it will cost me 560$ to fly there and i cant afford it all…i dont know if you can make and half payment while i had up the rest..

Who the heck is Jon? I don’t even bother asking.

1/24/10 Me: Im happy to pay half. How do you want to do it? Ronn

1/24/10 Scammer: Awwww thanks then, i do appreciate that, just get the half down to jon so he can go ahead with the reservation, and you know we have to book in advance.. below is Jon Details for the payment. send it through western union, and get back to me with the MTCN, the name, of thw sender, and location of where money is sent. hope to read from you soon

Jon ***ardt

1325 ***pe dr,

Paris, TX 75462

One week, 2 idiots, 7 email exchanges, an opportunity to expose a complete azz@#%, PRICELESS.

Turns out, after further research “Jon” is a victim too. He is 54 and divorced. He has been duped by “Kath” as a money mule. So when the wired money goes to Jon, he sends to Kath.  Here is Kath kathlinegreen36@yahoo.com.

1/27/10 Me: Can I call you on the phone?

1/27/10 Scammer: Hello Ronn, WHy did it take you few days to get back to me?you just keep runing through my mind and my heart longfs to be with you….my phone got missing last weekend….so how you doing and how’s work being like?were you able to send the money..

Of course your “phone got missing last weekend” so how YOU doing? Jerk.

1/27/10 Me: Are you a complete scumbag scammer?

Then no more response. Was it something I said?

Protect your identity:

  1. Get a credit freeze. Click on the preceding link and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.
  2. Go to my website and get my FREE ebook on how to protect yourself from the bad guy.
  3. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing identity theft on Fox News

Crimeware: Do It Yourself Criminal Hacking

Robert Siciliano Identity Theft Expert

For $400-$700 you too can be a criminal hacker. Phishing hacking and spoofing software has been around for a few years. Heres what may be an example.

The ease and availability of this good for nothing other than crime software has made it easier, cheaper and more user friendly than ever to get into the cybercrime business.

Anyone with moderate computer skills that can navigate around the web and upload or download files is pretty much capable of accessing and implementing the crimeware.

Todays crimeware kits are designed so a person who is new to the criminal hacking business can quickly get up to speed and snare victims rapid fire.

USA Today reports they’ve been blasting out fake e-mail messages crafted to look like official notices from UPS (UPS), FedEx (FDX) or the IRS; or account updates from Vonage, Facebook or Microsoft Outlook (MSFT); or medical alerts about the H1N1 flu virus.

The faked messages invariably ask the recipient to click on a Web link; doing so infects the PC with a banking Trojan, a malicious program designed to steal financial account logons. Often, the PC also gets turned into a “bot”: The attacker silently takes control and uses it to send out more phishing e-mail.

The crimeware software business models the manufacturing and distribution of the legitimate software industry. Criminals are also getting more sophisticated in marketing their wares and doing it openly online. Just because they sell crimeware, doesn’t mean the software is illegal. It only becomes illegal when it’s used to scam people.

The fundamentals of how to prevent phishing are presented here by the Anti Phishing Work Group

  • Be suspicious of any email with urgent requests for personal financial information
    • unless the email is digitally signed, you can’t be sure it wasn’t forged or ’spoofed’
    • phishers typically include upsetting or exciting (but false) statements in their emails to get people to react immediately
    • they typically ask for information such as usernames, passwords, credit card numbers, social security numbers, date of birth, etc.
    • phisher emails are typically NOT personalized, but they can be. Valid messages from your bank or e-commerce company generally are personalized, but always call to check if you are unsure
  • Don’t use the links in an email, instant message, or chat to get to any web page if you suspect the message might not be authentic or you don’t know the sender or user’s handle
    • instead, call the company on the telephone, or log onto the website directly by typing in the Web adress in your browser
  • Avoid filling out forms in email messages that ask for personal financial information
    • you should only communicate information such as credit card numbers or account information via a secure website or the telephone

    Additionally

  1. Get a credit freeze. Click on the preceding link and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.
  2. Go to my website and get my FREE ebook on how to protect yourself from the bad guy.
  3. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing identity theft on Fox News

Meet Raoul Chiesa: UN Interregional Crime & Justice Research Inst.

Robert Siciliano Identity Theft Expert

In my quest to learn more about what makes a criminal hacker tick, I came across Mr Chiesa when he commented on a blog post I wrote “How I Wasted 4 Hours with a Criminal Hacker”. He warned me I was treading on dangerous ground due to the fact that when communicating with the blackhat, I used my real name and provided my web address. His concern was a revenge hack that would clear the hackers name amongst his hacker peers.

I’ve danced with the devil a few times in my life and don’t mind the occasional walk on the ledge. And I’ll heed his advice in the future. After a closer look, I learned he is from the United Nations, based in Italy. (Road trip anyone?). That’s a cat I want to talk to who is fighting the battle 24/7/365 against the bad guy.

What do you do?

Since 2005 I’ve worked with the United Nations Interregional Crime & Justice Research Institute (UNICRI), where I am a Senior Advisor on Cybercrime Issues & Strategic Alliances. We develop new strategies, techniques and methodologies in order to support the Member States fighting cybercrime-related issues, supporting policy-makers, end-users and States.

I’m also an entrepreneur in the Information Security arena. I run 2 vendor-neutral consulting firms, specialized in Penetration Testing, Audit & Compliances, while the second firm supplies Digital Forensics services. I’m into IS since 1997, while I began my interest in it – and the hacking’s underground – back in 1986.

Why do you do it?

Mainly it’s because of the passion. I love my job, I love what I do everyday…and this is not so common so…I’m feeling really lucky. Talking about my role at UNICRI, I decided to join them in order to support a neutral organization that is really trying to achieve important goals.

What’s your process?

Mainly building an international network of contacts; attending a huge amount of IT events all around the world, often as a speaker; trying to build an “informal communication and alert network” among LEAs, in order to simplify and speed-up the process of information exchange. We’re working on various R&D projects, that help and benefit the IT and ICT community all around the world. Our main research is HPP – Hackers Profiling Project (http://www.unicri.it/wwd/cyber_crime/hpp.php), where we’ve been able to interview more than 1200 hackers from five different continents. It’s a really huge research program, that will last five years more. It’s something never done before.

What are the “politics” with it world wide?

Politics – especially USA and EU – are driving towards issues related to privacy, Lawful Interception, copyright, etc. I’m a technical guy, with a technical background: I don’t like politics, though it’s clear to me that it’s something we need, somehow.

In my humble opinion, the common mistake when politics meet IT, is that politicians are obviously not IT people, they do not have an IT background, and often they misunderstand the logistics of IT…in this scenario, (big or small) mistakes may always happen.

What is next? What’s the future look like?

We are observing in incredible rise in cybercrime. New profiles of attackers arrived in the so-called “hacking underground”, and the hacking world – sometimes – is meeting with organized crime and State-sponsored attacks. The world is changing and, basically, the keyword is “the information”. In today’s world, “Information is the Power”, that’s the sole reason why all of this is happening.

Sum up a profile of the criminal hacker today vs. 10 years ago.

There are huge differences between hackers in the past and hackers nowadays. Hackers from the past were not “mandatory” criminals. While their actions were illegal (note: during the 80’s and the 90’s, “hacking” was not a crime in many countries of the world. I.e. in Italy it became a crime only in 1993/1994), the global approach was much more on the “challenge”, the “curiosity”, as well as “teens actions”.

21st century hacking has moved towards criminality. This leads us to Cybercrime, that is de-facto composed by many different “subsections”, where hacking is often related. I am talking about spam, carding, zero-day attacks (and all the black-market there connected), obviously Identity Theft, scams & economical fraud, that leads us to the so-called “Underground Economy”.

The on-going economical global crisis too has something to do with this: each time there’s a global crisis, criminality raises up. This is exactly what’s happening now, since 2009, and that will continue in 2010: people that basically are NOT criminals, may be forced/pushed to “accept” a crime deal, linked to cybercrime actions.

This happens because cybercrime does not involve “straight” criminal actions such as killing somebody with a knife or a gun, stealing a mobile phone from somebody’s hands, etc… It’s a not-physical crime, involving actors to think that they are not doing anything “bad”. Also, cybercriminals ALWAYS think that they will “never be busted”, since they rate themselves “much better, more skilled” than LE agents.

Last issue (of a really huge, huge picture!) is related to State Sponsored attacks. Recent attacks from China, Estonia and Georgia are showing us how much hacking techniques are involved in all of this. Governments are starting to hire hackers (USA, UK, China, Korea, Iran….) and set up Information Warfare: this will be one of the hottest keywords in the near future.

More info on our book on Hackers Profiling: http://www.amazon.com/Profiling-Hackers-Science-Criminal-Applied/dp/1420086936

Raoul Chiesa, OPSA, OPST, ISECOM International Trainer, CLUSIT, ISECOM, TSTF, OWASP Italian Chapter: Board of Directors Member Osservatorio Privacy & Sicurezza – OPSI-AIP, Comitato Esecutivo

Thank you Raoul. We appreciate your contributions.

  1. Get a credit freeze. Click on the preceding link and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.
  2. Go to my website and get my FREE ebook on how to protect yourself from the bad guy.
  3. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing identity theft on Fox News

10 Business Identity Theft Risks in 2010

Robert Siciliano Identity Theft Expert

Advancements in technology over the past decade have created a tremendous amount of opportunity for the savvy businessperson. Whether it’s mobility, streamlined processes, marketing, or the ability to sell to a global market, there’s never been a better time to be in business.

Like anything good, there is always a negative. While there are certainly many negatives in technology, like the headaches when something doesn’t work correctly and the constant learning curve we must all endure, the biggest negative is security issues.

So for the SMB (that’s you, the savvy businessperson), here are ten considerations for the new decade:

Back up your back up. Numerous reports of cyber-war, thousands of new viruses weekly, and even Mother Nature reeking havoc on the Internet, have caused concern among industry professionals. Doing business in the cloud is fantastic; however, make sure you have redundant local backups of your data.

Anti-virus will not fully protect you. The sheer volume of attacks and new viruses created will keep the anti-virus vendors busy. But there is no way they can keep up the pace 100% of the time. There are numerous technologies that will immunize your PC and make whatever virus or spyware impotent, and any data on your machine typed in a browser useless to the thief.

Social media identity theft is the act of creating a blog or social media site that models your day to day operations. At any time someone can register domains or social media sites with your brand as the face. They then sell product that they never ship and/or do things to damage your brand. Scoop up your social media identities with Knowem.com

Social network nitwits. One of the easiest ways into your companies’ networks is via social media. The explosion of “I just made a tuna” communications has brought out the dumb in many people. The simple act of setting up a group on Facebook and getting your employees to join can open up a treasure trove of data that can facilitate social engineering attacks. Create policies and procedures that involve appropriate use.

Social engineering, the ruse of a confidence man, is back in full force. It never really went away, but with the amount of security in place, sometimes the path of least resistance is simply asking your cleaning crew for the keys to the building. By gaining the trust of employees over the phone, via email or in person, a con-man can get almost anything he needs to get whatever he wants. The best defense is effective policies coupled with ongoing awareness training.

Insider identity theft can ruin your business. Most companies have done their due-diligence to keep the bad guy from hacking from the outside. But many organizations have neglected the risks associated with employees gone bad and the internal damage that can be done. Numerous technologies monitor and control access to sensitive information. But preventing bad employees from doing bad things starts with not hiring bad people.

Phishing scams still work. Despite consumer and employee awareness, a carefully crafted and well designed email that looks like its coming from another employee is probably the most effective spear phish. Going after the CEO or high level executive or “whaling” can often be even more successful. The bigger they are the harder they fall as they say. From my experience it’s often the smartest ones in the room that lack all common sense. Test your employees; see what they will fall for. Then test them again.

Tighten up employee remote access. Allowing Suzy Admin to access the companies VPN from a home PC that Suzy’s son Steve uses to play games on servers hosted in North Korea will end up bad. Malware on a home computer can compromise usernames and passwords resulting in spyware on the network. Set up Suzy with her own laptop that’s fully locked down and prevents Steve from doing anything fun.

Peer to Peer (P2P) file sharing is a fantastic way to leak company and client data to the world. Obamas helicopter plans, security details and notes on congress members being deposed were all leaked on government controlled computers via P2P. Setting admin privileges and installing numerous technologies that will prevent P2P is essential.

Identity theft will get worse before it gets better. And whether it’s your identity, your families or your employee’s identity that is stolen, it can be a huge time suck and a costly event. The best defense involves a 3 legged stool. First, awareness training of all the scams that lure people in, and how to appropriately respond to numerous communications. Second involves a little time and investment in a “credit freeze” or “security freeze”. Learn how to do it HERE. Third is an annual investment in identity theft protection. In today’s cyber crime climate, and with the recession making people desperate to make money any way they can, NOT investing in identity theft protection is, in my opinion, irresponsible. The worst thing you can do is nothing.

Go to my website and get my FREE ebook on how to protect yourself from the bad guy.

Robert Siciliano Identity Theft Speaker discussing identity theft on Fox News

Forget Privacy, Think Security

Robert Siciliano Identity Theft Expert

Everywhere you go there is a privacy advocate screaming to protect your privacy. Privacy advocates, bless them, are a dying breed. They fight for whatever privacy rights there are left and do their best to remain watchdogs. If your gig is privacy, my guess is you have lost all your hair and are popping Prozac to relieve the stress of todays anti-private society. And you are fully employed and very very busy.

My gripe, people are freaking about full body scanners at the airports and the privacy issues involved. This isn’t a privacy issue, it’s a security issue. If you have to show a black and white image of your bum bum to avoid the plane from being blown up, so be it. Otherwise don’t fly.

“Privacy is dead, deal with it,” Sun MicroSystems former CEO Scott McNealy was widely reported to have declared over a decade ago. Scott hit the nail on the head and shortly after Tila Tequila became a famous lesbian pinup on MySpace, the Real World of reality TV was born, and we’ve been tweeting tuna sandwiches ever since.

Mark Zuckerberg CEO of Facebook who was around 13 years old when McNealy made his statement recently re-affirmed it by saying  “… in the last 5 or 6 years, blogging has taken off in a huge way and all these different services that have people sharing all this information. People have really gotten comfortable not only sharing more information and different kinds, but more openly and with more people. That social norm is just something that’s evolved over time.”

The fact is, “Privacy is an illusion, said Robert Siciliano CEO of IDTheftSecurity.com, “the focus today should be security, not privacy” he continued. That right there is a ready made quote for you to copy/paste and make me a sage like my two counterparts :)~

Think of it like this: from birth you have a medical and birth record. These docs follow you everywhere in life and are filed and viewed by many. You can’t get admissions to schools, jobs or insurances without presenting these records. You are granted a Social Security number shortly after birth and that IS your National ID. Nine numbers that are connected to every financial, criminal and insurance record that makes up who you are and what you’ve done. But none of these docs are connected to you physically, which results in identity theft, a security issue.

Further, every time you visit a website with cookies enabled, use an ATM, credit card, RFID transponder on the highway toll, public transportation pass, make a call on a mobile phone, order a pizza over a home phone or simply use a computer to denote you ate that tuna, chances are – someone, somewhere – is recording that transaction and determining your location.

If you want to participate in society you have no choice but to give up your privacy. Fundamentally this is a trust issue. Humans lie and can’t be automatically trusted. We have considerable checks and balances in place to prevent lying from going unnoticed. Anonymity is dead due to the fact that bad guys try to hide or not pay. Transparency makes their chances of getting caught more likely. If you kill someone then drive down the highway, your chances of getting caught increase because your license plate is recorded through the toll. This is a good trade off for the family of the victim.

Knowing all this and understanding technologies impact on what you thought was privacy, should make you resigned to the fact that privacy is in-fact dead and an illusion. Now your focus needs to be security. Secure your financial identity so no-one can pose as you. Secure your online social media identity so no-one can pose as you. Secure your PC so no-one can take over your accounts.  And please, there is no sense in telling the world what you are doing and where you are every minute of the day. When you do this, you aren’t relinquishing privacy; you are compromising your personal security.

  1. Get a credit freeze. Click on the preceding link and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.
  2. Go to my website and get my FREE ebook on how to protect yourself from the bad guy.
  3. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano identity theft speaker discussing cookies and privacy issues on FOX News