Posts

ATM Security Threats Increase

ATM skimming alone is responsible for $350,000 of fraud daily exceeding a billion dollars in losses annually.

A recent news report of a skimming scam in Long Island, N.Y., netted thieves more than $200,000 from ATMs at five branches.

Skimming today is far more sophisticated than in the past. Skimmers can include blue tooth and texting technology that send the data to the criminal anywhere. Keypads can be compromised by devices that overlay the exiting pad and transfer the data remotely.

ATM scams and fraud go beyond skimming to crimes that are very physical such as ram raiding to remote malicious software hacks.

During the Black Hat conference a hacker demonstrated how he forced three ATMs to dispense funds by exploiting the machines’ weaknesses in the computers that operate the ATMs. He purchased machines online and discovered that the physical keys were the same for all ATMs of that type made by that manufacturer.  He used the keys to unlock a compartment of the ATM that had standard USB slots. He then inserted a program he wrote for one of the machines, commanding it to dispense all of its vault cash.

Bankinfosecurity.com published “7 Growing Threats to Financial Institutions”.

#1 Skimming; Hardware readily available online that is attached to the face of ATM records user card information and pin codes. In this case you may still be able to perform a transaction.

#2 Ghost ATMs; A card reader is blocked off and replaced with hardware that supersedes the machine and records all your data without allowing a transaction. The machine reads “Can’t complete transaction”.

#3 Dummy ATMs; In some cases an ATM is bought off of eBay (do a search) or elsewhere and installed anywhere there is foot traffic. The machine is set up for one purpose; read data. The machine might be powered by car batteries or plugged in the nearest outlet.

#4 Ram Raids; ATMs built into a wall or stand alone are being rammed by a truck and/or wrapped with chain and pulled out then loaded onto a truck. Once removed the thieves blow torch the machine taking the cash. This is a hot topic in Mexican banks, buy certainly happens everywhere. A bank would be smart to install battery backed GPS in any machine.

#5 PIN ID’s; Sophisticated criminal hackers break into a database or skim magnetic strips. They then go to an online banking site with a hacking software that plugs in various well known PINs. These PINs might be consecutive numbers, people names, pet names, birthdates, or other various simple pass phrases people use. When it finds a match it gives the criminal access to your account.

#6 Automated PIN Changes; Criminals go through the banks telephone banking system to change the customers PIN. They may try to change the customers ANI (Automatic Number Identification) is a system utilized by telephone companies to identify the DN (Directory Number) of a caller. This might be accomplished via “Caller ID Spoofing”. They use publicly available data on the card holder such as name, card account number and last four digits of the social security number to “verify” them as the banks customer.

#7 SMS Attacks; AKA Smishing or Phexting – phish texting. Customers receive a text from a bank on their Smartphone requesting login information.

#8 Malware or Malicious Software; Researchers found a virus that specifically infects ATMs and takes over the machine logging card numbers and pins.

To help combat ATM skimming, ADT unveiled the ADT Anti-Skim ATM Security Solution, which helps prevent skimming attempts and detects skimming devices on all major ATM makes and models.

ADT’s Anti-Skim Solution is installed inside an ATM near the card reader, making it invisible from the outside. The solution detects the presence of foreign devices placed over or near an ATM card entry slot, without disrupting the customer transaction or operation of most ATMs. It can trigger a silent alarm for command center response and coordinate video surveillance of all skimming activities. Also, the technology helps prevent card-skimming attempts by interrupting the operation of an illegal card reader.

How to protect yourself from ATM skimming;

  1. First and foremost; Pay attention to your statements every two weeks. Refute unauthorized transactions within a 30-60 day time frame.
  2. Pay close attention to everything you do at an ATM. Look for “red flags”, anything out of place, your card sticks, odd looking configurations on the ATM, wires, two sided tape.
  3. Use strong PINs, uppercase lower case, alpha and numeric online and when possible at an ATM and for telephone banking.
  4. Don’t reply to phishing or phexting emails. Just hit delete.
  5. Don’t just use “any” ATM. Choose ATMs at locations that are “more secure” than in the middle of nowhere. Do not drop your guard if the ATM is at a bank branch.

Robert Siciliano personal security expert to Home Security Source discussing ATM skimming on Fox Boston. Disclosures.

Using a Honeypot to Snare Home Invaders

What do you get when you cross a dozen federal Bureau of Alcohol, Tobacco, Firearms and Explosives agents and the nation’s top city for home invasions with the myth of large quantities of cocaine? Answer: 70 arrested gun toting vicious home invaders.

The term Honeypot in technology refers to a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems. In simpler terms a honeypot is a trap set for the bad guy that is so tempting, they can’t help themselves but attack.

Phoenix Arizona has had the distinction of being that famed city where home invasions are a massive problem.

ATF agents set a trap where they “leaked” word of homes with drugs and armed guards that never existed. But the suspects showed up with guns, duct tape and zip ties, ready to steal the cocaine. Instead, they were arrested.

One man had served an eight-year sentence for aggravated assault before he was released in March 2009. Three months later, he was in a car with four other armed men preparing to steal thousands of dollars’ worth of cocaine when ATF agents arrested him.

Obviously if you are reading this you probably don’t need to worry about your home being invaded because you don’t have 10 kilos of cocaine under your bed. But, the fact remains there are wacky people out there that think nothing of taking advantage of regular folk for a lot less.

Every family must have a plan for home security and home security alarm.

  • Get a trained German shepherd.
  • Another consideration is a home safe-room also known as a “panic room” where families can hide out in a relatively bullet proof, well stocked room equipped with wireless communications and wait for law enforcement to show up.
  • Never talk to strangers via an open or screen door. Always talk to them through a locked door.
  • NEVER let children open the doors. Always require and adult to do it.
  • Not all home invaders knock, some break in without warning.  Just another reason to have that home alarm on.
  • Install a 24-hour camera surveillance system. Security cameras are a great deterrent.  Have them pointed to every door and access point.

Robert Siciliano personal security expert to Home Security Source discussing Home Invasions on Montel Williams. Disclosures

Home Burglary News: Barefoot Bandit Busted

Colton Harris Moore stole a bicycle at the age of 8 and never looked back. Now 6 ft. 5 in. and 19 years old, has been busted.

He was arrested in the Bahamas after a boat chase that came to a halt when cops shot out the boats motor.

This 19 year old has never taken a flying lesson but stole a plane in Indiana and crashed it off Abaco Island and he has been hunted ever since. Then, law enforcement suspected him of stealing a 44 foot boat from a marina in Abaco.

This young adult has achieved celebrity like status with over 20,000 Facebook fans. However, Harris-Moore isn’t one to be celebrated. He steals as much from the average hard worker as he does from the dot-com rich.

But because of our sometimes warped thinking society and how fame has become an elixir, his mom hired a PR firm and got a book deal to write about her son.

Be in charge of your home security to keep burglars away:

  • Make sure your home has a “lived in” look.
    • Use indoor timers for lights, TVs and automatic shades.
  • Install security cameras that can be remotely monitored.
  • Install a home alarm system monitored by an alarm company and the police.

Robert Siciliano personal security expert to Home Security Source discussing burglar proofing your home on Fox Boston. Disclosures.

10 of the Dumbest Criminals

It’s impossible to write about home security and personal safety and not to come across with dumb criminal stories. Listverse did a great job of compiling the following; I did a decent job of summing it up:

1. – Dumb criminal robs a store at knifepoint and stole a pair of boots, gets away and then gets caught. At court he arrogantly puts his feet up on the defense table, wearing the same boots. Busted.

2. – Dumb criminal guy and two dumb criminal women in a department store stuffed their bags with curtains. As they all headed to separate exits they were busted. The store was having a convention of detectives.

3- Dumb criminal breaks into a woman’s house and robs it then assaults her. She had only a few dollars so he demanded she write him a check, to his given name.

4. – Dumb criminal walks into a store, gets groceries and plunks down $10.00 on the counter. When the clerk opened the register he grabbed the tray and ran. Apparently the clerks were changing shifts because he got $4.37. Which meant the shorted himself $5.63.

5. – Dumb criminals descend on a safe and use what they think are cutting torches in the form of a welder. They welded the safe shut.

6. – Dumb criminal on a motorcycle robs store with his helmet on. Clerk gives him the money and he leaves. He forgot his name was inscribed on the face of his helmet.

7. – Dumb criminal steal a woman’s purse and is caught. At trial he forgoes his lawyer and represents himself. When cross examining the victim he says “Did you get a good look at my face when I took your purse?”

8. – Dumb criminal is arrested for armed robbery and pleads not guilty. At trial as a witness is being questioned he gets up and accuses her of lying and says “I should have blown your head off!” “If I’d been the one that was there.”

9. – Dumb criminals try to steal a car then get chased off by the owner. Owner hails a police car and the criminals hop a fence. The fence surrounded the property of San Quentin prison.

10. – Dumb criminal breaks into a bar and accidently shoots himself in the foot. He leaves the bar and also leaves a trail of blood right to his house.

Robert Siciliano personal security expert to Home Security Source discussing Home Security on Fox Boston. Disclosures.

Home Invasion Was ‘Worst of the Worst’

A woman and her boyfriend and 2 other people robbed 5 people during a home-invasion robbery. The woman was given the maximum sentence of 19 years and four months in prison.

She was convicted of robbery, burglary, making a criminal threat and assault with caustic chemicals. The judge said “As robberies go this case is the worst of the worst,” The judge called it a cruel and callous, said the Prosecutor.

The boyfriend tied up five victims, doused them in lighter fluid and threatened to set them ablaze. One of the victims was sexually assaulted.

Predators don’t play by the same rules as you or I do. Their thought process is one that revolves around controlling others and manipulation. They take and take and what they give back is misery.

Locking your doors isn’t enough. Locking your windows isn’t enough. In order to prevent a crime like this the homeowner needs a comprehensive home security review. Bring in the local police to give your home a once over. Invite a local locksmith to determine what the best locks for your doors are.

Call a home alarm installer to discuss your home security. Consider taking it up a notch and installing home security cameras. Consider a do it yourself wireless home alarm system or hire a professional. But please, whatever you do, do something. The worst thing you can do is nothing.

Robert Siciliano personal security expert to Home Security Source discussing home invasions on the Gordon Elliot Show. Disclosures

10 Ways to Prevent Social Media Scams

The trouble with social media revolves around identity theft, brand hijacking and privacy issues.  The opportunity social media creates for criminals is to “friend” their potential victims in order to create a false sense of trust and use that against their victims in phishing or other scams.

It was big news when someone had their Facebook account jacked by someone who impersonated the victim, claiming to have lost their wallet in the UK and begging for a money wire. Now it’s old news, but it’s still happening.

  • Register your full name and those of your spouse and kids on the most trafficked social media sites. If your name is already gone, include your middle initial, a period or a hyphen. You can do this manually or by using a very cost effective service called Knowem.com
  • Get free alerts. Set up Google alerts for your name and kids names and get an email every time someone’s name name pops up online. You want to see if someone is talking about you or using your name.
  • Discuss social media with your kids. Make sure they aren’t providing their “friends” with personal information that would compromise their security or your families.
  • Monitor what they do online. Don’t sit in the dark hoping they are acting appropriately online. Be prepared to not like what you see.
  • Maintain updated security. Whether hardware or software, anti-virus or critical security patches, make sure you are up to date.
  • Lock down settings. Most social networks have privacy settings that need to be administered to the highest level.
  • Always delete emails you receive in social media from those who you don’t know. I’m messaged all the time by scammers and I’m sure you are too.
  • Don’t enter all the “25 most amazing things about you” or whatever other games that extract your personal information. Nothing good can come from that.
  • Always log off social media sites when you walk away from the PC. If you are ever at someone else’s home or on a public PC, this habit will save lots of aggravation. My sister-in-law, a Boston Bruins fan, left her Facebook open on the family PC. I changed her Facebook picture to the Philly Flyers and wrote Go Phillys! as her status. Bruins lost that night. I blame her.
  • Do not activate geolocation services that tell the world your every move. Nothing good can come out of allowing anyone in the world to stalk your every move.

Robert Siciliano personal security expert to Home Security Source discussing Facebook Jacking on CNN. Disclosures.

“Grim Sleeper” Gets Nabbed

In La La Land aka Los Angeles where everyone is a waiter or waitress and wants to be Tom Cruise  or Julia Roberts, they captured a serial killer dubbed “Grim Sleeper” named as such due to the fact there was a lull in his murderous killing spree.

The Los Angeles Police Department had been hunting the man who had stalked South Los Angeles since 1985, killing at least 10 women. Lonnie David Franklin Jr. was at one time was an employee for the LAPD. Detectives pulled DNA from the crime scenes and had the information for years.

Recently the LAPD arrested his son for an unrelated charge. From that arrest they pulled his DNA, (I don’t know why) and it was a partial match to the DNA found at the crime scenes in the 80’s. This is called “familial DNA”, like father/son, mother/daughter or twins. However the son was too young to commit the crimes back then so detectives searched out his social network and on a hunch determined his father would more than likely be the closest match to the sons DNA. Based on where dad lived in proximity to the murders, dad fit the killers profile.

Detectives followed him to a pizza joint and let him finish up then went in and grabbed a few hunks of crust and a drinking glass and did a DNA test on it and they found their match.

Real life “crime scene investigation” stuff. Law enforcement got their man. Nice to see the good guys win one.

The chance of you ever coming face to face with a serial killer is extremely slim. However, there is an extremely slim chance you’d ever get struck by lightning too. But I’ll bet you wouldn’t go climbing a metal flag pole in a lightning storm.

The key is to understand your options and know your strengths if you’re ever faced with an attacker. My favorite form of self defense is running away. Like Muhammad Ali would say “I’m too pretty”. Do you really want to get punched in the face? RUN!

Also take a self defense training program. The best self defense training technique is called “adrenal stress training”, learn as much about it as you can and find a course in your area.

Robert Siciliano personal security expert to Home Security Source discussing self defense on some cool station in Virginia. Disclosures.

What is “Swatting” And How Do I Protect My Family

Swatting is making prank calls to emergency services with the intent of sending those services to the victim’s home. Emergency services, such as a 911 operator may dispatch an emergency response team, and depending what the story is being told by the prank caller, the operator may dispatch a SWAT team. SWAT is Special Weapons and Tactics. Those are the guys and gals in all black with the headgear and big guns.

Caller ID spoofing technologies are used as a tool to disguise the caller and send law enforcement officers on bogus calls. Caller ID spoofing is the practice of causing the telephone network to display a number on the recipient’s caller ID display which is not that of the actual originating caller. 911 systems operators and the technology behind 911 calls have been tricked by calls placed from cities hundreds of miles away.

Most people trust caller ID and are unaware of caller ID spoofing. This is obviously a flawed system ripe for fraud.

MSNBC reports Doug Bates and his wife, Stacey, were in bed around 10 p.m., their 2-year-old daughters asleep in a nearby room. Suddenly they were shaken awake by the wail of police sirens and the rumble of a helicopter above their suburban Southern California home. A criminal must be on the loose, they thought.

Doug Bates got up to lock the doors and grabbed a knife. A beam from a flashlight hit him. He peeked into the backyard. A swarm of police, assault rifles drawn, ordered him out of the house. Bates emerged, frightened and with the knife in his hand, as his wife frantically dialed 911. They were handcuffed and ordered to the ground while officers stormed the house.

WOW!! IMAGINE!! Whatever happened to asking if the store had Prince Albert in a can?

Swatting is dangerous and can end up deadly for both the homeowner and law enforcement.

  • If ever you awaken to sirens outside your home it is always best to call your local police department to find out what is going on. There could be a fire, an escaped convict or a killer walking the streets. An open line of communication with the authorities might avert a tragedy.
  • Stay in your house if there is a lot of commotion outside. You can see everything you need to through the windows. Police will generally secure the perimeter before they ram the entranceways. This may give the homeowner an opportunity to straighten out a potentially messy situation…through the window or over the phone.
  • I’ve never been a big fan of lethal weaponry for civilians without proper training. When a cop sees anyone for any reason come out of their home with a gun or knife, they will consider that person armed and most likely consider that person dangerous.

To ensure home security, install a home security system to alert you to anyone entering your home and install home security cameras so you can watch and record all the action from your home office on your PC. You might get a chuckle out of watching the video some day. NOT!

Robert Siciliano personal security expert to Home Security Source discussing personal security and self defense on Fox Boston. Disclosures

Keeping Kids Safe Online

It is no surprise that cybercriminals are taking advantage of the Internet and the people who use it. The Internet is like a bad neighborhood with bad guys around every corner. Any parent with an ounce of sensibility should recognize that when your child is on the wild wild web, they are at the same risk as they would be walking through the red light district in any big city.

I’m not saying this because I want to instill fear and panic, I’m bringing this up because sex offenders, pedophiles, criminal hackers and identity thieves treat the online world as if it was the physical world and use the anonymity of the web and the easiness of approach to seduce your children into doing things they wouldn’t normally do.

The Secret Online Lives of Teens, a survey conducted by McAfee, reveals that tweens and teens are relatively clueless about online privacy. The study sheds light on this generation’s tendency to use the Internet in ways that translate to danger in the real world.

There always has, is, and will be a predatory element out there. Generally, most people don’t want to think about that or even admit that it’s true. Instead of acknowledging the risks, most people completely discount this reality, telling themselves, “It can’t happen to me or my kids.”

The good news is you can do something about it. As soon as a family member becomes active online, it’s time to educate them—no matter what age they are—about cyber safety.

  • Set up the computer in a high-traffic family area and limit the number of hours your children spend on it.
  • Be sure you have computer security software with parental controls.
  • Decide exactly what is okay and what is not okay with regard to the kinds of web sites that are appropriate to visit
  • Use only appropriate monitored chat rooms
  • Never log in with user names that reveal true identity or that are provocative
  • Never reveal your passwords
  • Never reveal phone numbers or addresses
  • Never post information that reveals your identity
  • Never post inappropriate photos or ones that may reveal your identity (for example: city or school names on shirts)
  • Never share any information with strangers met online
  • Never meet face-to-face with strangers met online
  • Never open attachments from strangers

Once you have established the rules, make a poster listing them, and put it next to the computer.

Robert Siciliano personal security expert to ADT Home Security Source discussing Home Security and Identity Theft on TBS Movie and a Makeover. Disclosures.

Police Arrest Six People in Ritzy Robbery Ring

Burglars broke into more than 50 homes in the high end areas of Miami and Palm Beach. Most of the victims were out to dinner and some were victims of home invasions.

The perps may have had a network in place of valets, waiters/waitresses or others who had an idea of who the victims were, their addresses and what their schedules were. Most importantly, someone on the inside of this network would inform the thieves when the victims would be gone from the home.

The thieves would enter the homes through locked or unlocked sliding doors generally in the back of the home. Their targets included high end jewelry, watches, gold and diamonds. Losses could be as high as 2 million dollars.

Getting the stolen jewelry back is often next to impossible. Jewelry is the quickest and easiest to fence.

“Police have dubbed the six people arrested for their participation in a burglary ring spanning three counties as the “Dinner Crew Set.”  Home surveillance video captured one of the thieves in action — a masked man with a two way radio.”

It’s obvious that most of these homes did not have home alarms or home security cameras. Many of these burglaries could have been prevented with simple investments that equate to a dollar a day for your family home security.

It’s amazing to me how people go out and spend all this money on expensive items but don’t lock them in a safe or protect them with a home security system.

Robert Siciliano personal security expert to ADT Home Security Source discussing Home Invasions on Montel. Disclosures.