Make Information Security a Priority

Just about everyone has private information that should be protected. Let’s begin with something you’ve surely heard of: antivirus protection.

3DBut this isn’t enough to guard your personal data. A free antivirus service may not even update automatically, and this is very important to keep up with rapidly evolving technology. Your protection is worth the fee for Antivirus, a firewall, antiphishing software and antispyware.

When’s the last time you updated your browser? Hackers love old, outdated browsers. After you finish this article, update your browser and set your computer to automatically download any future update.

The same goes with your operating system. Update!

Don’t miss out on encryption, which scrambles data so that prying eyes can’t make sense of it. Your computer might already have the feature of encrypting folders, files or the whole disk. If not, you can get a third-party encryption program for free.

If your computer were to crash right this instant, how much data would you lose? You shouldn’t lose much if every day you back your data up on an external drive. Another option is a cloud-based storage system, which is encrypted. The fee for that may be $100 annually or less.

We all know that 123qwe is such an easy password to remember, especially if it’s for all gazillion of your accounts. You know whom else finds this very convenient? Hackers!

If it’s easy for you, it’s easy for them! Every account should have a unique password, and if this is too dizzying, then use a password manager. And choose long passwords that include various characters and exclude words that can be found in a dictionary or successive numbers/letters on a keyboard.

That wireless connection of yours is great—for your neighbor if he decides to get a free ride, or even hack into your data. A WPA2 encryption built into the router will protect you. With public WiFi, use a virtual private network like Hotspot Shield.

Your smartphone also needs protection with all the tools mentioned above, and that includes a VPN.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

A Glorious Week of Identity Theft

Robert Siciliano Identity Theft Expert

If there was ever a week to get high, totally drunk, on information security and identity theft scammers and hackers, then this is it! Media outlets everywhere have been pumping out story after story of data breaches, identity theft, criminal hackers and indictments! Yeah team! For a criminal hacker groupie, this is Woodstock!

Dark reading reports Eight defendants were arraigned in a Brooklyn court for allegedly using the stolen identities of AT&T, T-Mobile, and Asurion customers to steal some $22 million worth of wireless equipment and services. An indictment was unsealed in Brooklyn federal court yesterday morning charging Courtney Beckford and seven other defendants. When identity theft defendants named Courtney, Gabe, Marsha, Saul and Ron are involved in a $22 million identity theft scheme, then you know it’s just a matter of time until someone named Britney or Brad will get busted too! It’s the identity theft apocalypse!

ABC News reports that a former informant for the Secret Service was one of three men charged with stealing credit and debit card information from 170 million accounts in the largest data breach in history. The former informant, Albert Gonzalez of Florida, A.K.A “Segvec”, “SoupNazi,” and “j4guar17,” whose motto was ”Get Rich or Die Tryin’” was alleged to have been the ringleader of the criminal hacking operation of a prolific network that spans over five years of serious criminal activity.

Information week reports in the first half of 2009, the number of computer users affected by malware engineered to steal personal information has risen by 600% compared to the January through June period in 2008, according to PandaLabs. In quantitative terms, Panda reports identifying 391,406 computers infected with identity-theft malware in the first six months of the year. Identity thieves are also seeking sensitive information through a more diverse set of targets. Where previously financial data thieves focused on spoofing online bank sites to dupe users into entering login information, they have recently been targeting a variety of services where payment account information may be stored or entered, like PayPal, Amazon, eBay, or charity sites.

Cnet reports Rogue Facebook apps steal log-in data, send spam. Security firm Trend Micro warned on Wednesday that a handful of rogue Facebook apps are stealing log-in credentials and spamming victims’ friends. So far, six malicious applications have been identified: “Stream,” “Posts,” “Your Photos,” “Birthday Invitations,” “Inbox (1),” “Inbox (2)” according to a blog post by Trend Micro researcher Rik Ferguson. The activity started earlier in the week with a Facebook notification Ferguson says he got from an app called “sex sex sex and more sex!!!,” which has more than 287,000 fans. The notification said that someone had commented on one of his posts. That app doesn’t appear to be malicious and may have been compromised somehow to begin the distribution of the spam, he said.

USA Today reports Hackers harness Twitter to do their dirty work.  A cyber gang has begun experimenting with setting up free Twitter accounts, then sending out Tweets from the popular micro-blogging service that are really coded instructions to botted PCs to carry out criminal activities. Anti-virus maker Symantec has isolated several samples of infected PCs carrying a unique new infection, dubbed “Sninfs.”

The PCs most likely got infected when their users unwittingly clicked to a tainted web page or on a corrupted link carried in an email or social network message, says Marc Fossi research and development manager at Symantec Security Response.

Protect yourself;

Don’t just sit back and get hacked. Arm yourself with anti-virus that runs automatically in the background and prevents “Courtney, Marsha and SoupNazi” from stealing your identity. Pick up McAfee’s Total Protection software and take control of your PC security.

Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

Invest in Intelius identity theft protection and prevention. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk.

Robert Siciliano identity theft speaker discussing the sad state of cyber security on Fox News and check washing and campus security on ABC News.

Social Security Numbers Cracked, Creates Identity Theft Risk

Robert Siciliano Identity Theft Expert

SearchSecurity.com reports that researchers at Carnegie Mellon University have developed a reliable method to predict Social Security numbers using information from social networking sites, data brokers, voter registration lists, online white pages and the publicly available Social Security Administration’s Death Master File.

Originally, the first three numbers on a Social Security card represented the state in which a person had initially applied for their card. Numbers started in the northeast and moved westward. This meant that people on the east coast had the lowest numbers and those on the west coast had the highest. Before 1986, people were rarely assigned a Social Security number until age 14 or so, since the numbers were used for income tracking purposes.

The Carnegie Mellon researchers were able to guess the first five digits of a Social Security number on their first attempt for 44% of people born after 1988. For those in less populated states, the researches had a 90% success rate. In fewer than 1,000 attempts, the researchers could identify a complete Social Security number, “making SSNs akin to 3-digit financial PINs.” “Unless mitigating strategies are implemented, the predictability of SSNs exposes them to risks of identify theft on mass scales,” the researchers wrote.

While the researchers work is certainly an accomplishment, the potential to predict Social Security numbers is the least of our problems. Social Security numbers can be found in unprotected file cabinets and databases in thousands of government offices, corporations and educational institutions. Networks are like candy bars – Social Security numbers can be hacked from outside the hard chocolate shell or from the soft and chewy inside.

The problem stems from that fact that our existing system of identification is seriously outdated and needs to be significantly updated. We rely on nine digits as a single identifier, the key to the kingdom, despite the fact that our Social Security numbers have no physical relationship to who we actually are. We will only begin to solve this problem when we incorporate multiple levels of authentication into our identification process.

The process of true and thorough authentication begins with “identity proofing.” Identity proofing is a solution that begins to identify, authenticate and authorize. Consumers, merchants, government don’t just need authentication. We need a solution that ties all three of these components together.

Jeff Maynard, President and CEO of Biometric Signature ID, provides a simple answer to a complicated issue in four parts:

Identify – A user must be identified when compared to others in a database. We refer to this as a reference identity. A unique PIN, password or username is created and associated with your credential or profile.

Authenticate – Authentication is different than verification of identity. Authentication is the ability to verify the identity of an individual based specifically on their unique characteristics. This is known as a positive ID and is only possible when using a biometric. A biometric can be either static or dynamic (behavioral). A static biometric is anatomical or physiological, such as a face, a fingerprint or DNA. A dynamic biometric is behavioral, such as a signature gesture, voice, or possibly gait. This explains why, when authentication solutions incorporate multiple factors, at least two of the following identifiers are required: something you have, such as a token or card, something you are, meaning a biometric identifier, and something you know, meaning a pin or password.

Verify – Verification is used when the identity of a person cannot be definitely established. These technologies provide real time assessment of the validity of an asserted identity. When we can’t know who the individual is, we get as close as we can in order to verify their asserted identity. PINs, passwords, tokens, cards, IP addresses, behavioral based trend data and credit cards are often used for verification. These usually fall into the realm of something you have or something youknow.

Authorize – Once the user has passed the identification test and authenticated their identity, they can make a purchase or have some other action approved. Merchants would love to have a customer’s authenticated signature to indicate his or her approval of a credit card charge. This is authorization.

Effective identification results in accountability. It is being achieved in small segments of government and in the corporate world, but not systematically. Unfortunately, we are years away from full authentication.

1. Get a credit freeze. Go online now and search “credit freeze” or “security freeze” and go to consumersunion.org and follow the steps for the state you live in. This is an absolutely necessary tool to secure your credit. In most cases it prevents new accounts from being opened in your name. This makes the SSN useless to the thief.

2. Invest in Intelius Identity Theft Protection. While not all forms of identity theft can be prevented, you can effectively manage your personal identifying information by knowing what’s buzzing out there in regards to YOU.

Includes;
Personal Identity Profile – Find out if you’re at risk for identity theft with a detailed report of your identity information, including a current credit report, address history, aliases, and more.

24/7 Identity Monitoring and Alerts – Prevent identity theft with automatic monitoring that scans billions of public records daily and alerts you to suspicious activity.

Identity Recovery Assistance – Let professionals help you recover your identity if you ever become a victim of identity theft.

Robert Siciliano Identity Theft Speaker discussing identity theft

Perez Hilton is a Hater and Social Media Suffers

Robert Siciliano Identity Theft Expert

I was on CNN this week and CNN also featured Perez Hilton, who was hired by Donald Trump, to judge a beauty contest and Hilton made hateful remarks about Miss Californias beliefs. Perez is a hateful sardonic celebrity critic, and his actions are parallel to others who rant and hate, spew racist comments and even kill. Perez Hilton posts numerous videos of himself in the media, but he hasn’t posted this video on CNN to his site, because he knows he’s wrong. He is right now downgrading the story on his own site because of the heat is he getting.

CNN invited me to discuss the murder of a young woman who was stalked and harassed via social media, specifically YouTube and Facebook. She was eventually shot and killed in her college classroom by her stalker, who then put the gun in his own mouth.

Anyone who reads this blog does so because they are intent on improving their personal safety by way of information security. With almost 50,000 reads a month on a variety of portals, I’ve come to understand the reader a bit. You guys want and need news that’s going to help save you time and money by preventing criminals and scammers from trying to take it.

I got my legs in personal security as it pertains to violence prevention. I started doing this in 1992, teaching self defense. My background as a scrawny, greasy Italian kid growing up in the Boston area, fighting my way though life and meeting other victims along the way brought me to a place where teaching others how to protect themselves gave my life a purpose. As my business grew, I needed more technology. I also needed “merchant status,” which is the ability to accept credit cards, which led to even more technology. In the early 90s, I set up my IBM PS1 Consultant PC, Windows 3.1, 150mb hard drive, and became hooked on technology. Soon after, I was plugged into the Internet. Within weeks, my business was hacked. Thousands of dollars in orders and credit card information went out the window. Now, personal security meant self defense from a different kind of predator: identity thieves and criminal hackers.

My passion is personal security as it relates to violence and fraud prevention. It’s all encompassing. I talk about the things that mom and dad didn’t teach you. Lately, I’ve been discussing broad issues that no parent is prepared to discuss. Really, neither am I. But somebody’s go to do it.

I love technology. But it has a very dark side to it. And predators have rapidly figured that out. I’m not blaming technology for this. Just its users.

Social networking is changing the world. Everybody’s information is everywhere, and access is instant. Predators use these tools more than ever to stalk children online. Stalkers can anonymously harass and harangue women or men, and law enforcement’s hands are tied.

Anyone can post relatively anonymous rants and raves, saying anything they like with little or no repercussions. Simple online newspaper articles meant to provide information about some innocuous issue devolve into hateful rants against the author or the source, thanks to the first few comments on the thread. A single comment can lead people in this dangerous direction. Newspapers need eyeballs, so they rarely police these comments, and the public puts up with them. Hate, racism, sexism and overall ignorance permeate every online newspaper and social network. Not a day goes by that I don’t see something entirely inappropriate for public consumption.

With social media, everyone gets a say. The KKK used to be a bunch of cross burning hillbillies. Terrorists lived in caves. Militias and skinheads were small groups that held an occasional rally. Now, they have an international platform, which they use to promote their agendas and recruit believers. Lots of people have very bad things to say and it’s hurting a lot of people. Words incite. What we say leads to action. We become what we think about. If we are fed hate, we act hatefully.

Most school shooters have read the manifests of what occurred at Columbine. Many serial killers study other serial killers. Every story we read about the Craigslist Killer and others like him reveals a bag with a knife, duct tape, rope, and wire ties. They all consume this information.

Coming from a personal security perspective, I am seeing lots of bad things happening to good people. Bad things are being said and bad things are happening. Totally unacceptable and hateful rants have become acceptable, when 10 years ago those kinds of rants would have been unheard of. Let’s get this straight, I’m no puritan. I’m certainly no saint. I’ve been there, done that, and have plenty of skeletons in my closet. I’m capable of saying anything and doing almost anything, and nothing offends me. I’ve lived a hard life and danced with the devil on plenty of occasions.

The meteoric rise of Perez Hilton is a direct sign of what’s wrong with social media and web 2.0. Web 2.0 can be used for good, or for very bad. Perez Hilton is a hateful person with an agenda. He says horrible things and uses social media as a platform to distribute his agenda no differently than a terrorist. What’s worse is millions of people follow him. For him, its not “all in fun”, its hate.

We all need leaders to take charge. Everyone needs direction on some level. Perez Hilton leads a flock of misguided and lost souls. And he empowers them no differently than Hitler, Mussolini, Pol Pot, Saddam, Stalin, David Koresh or Jim Jones did.

Hurtful, hateful ranting isn’t freedom of speech. It’s irresponsible and it’s bad karma. It will only lead to hurt and hate. Its okay to have beliefs, but when those beliefs have a tonality of hate and you express hate in your words, the problem mushrooms.

I spend more energy not saying what I want to say. My mother and father taught me tact. And it’s taken a lifetime to apply it, believe me. I use social media to spread what I hope is a better message, tactfully. I hope you rise against what is happening here and spread a better word. Lead. Don’t be led.

Robert Siciliano Identity Theft Speaker discussing Hate on CNN