Posts

Cell Phone Spying Nightmare: ‘You’re Never the Same’

Robert Siciliano Identity Theft Expert

Technology makes it easier to connect with the people in your life, but it can also enable others to connect to you without your knowledge.

The engine behind this is RATs, AKA “Remote Access Trojans. RAT’s can capture every keystroke typed, take a snapshot of your screen and even take rolling video of your screen via a webcam. RAT’s covertly monitor a PC generally without the user’s knowledge. RAT’s are a criminal hackers dream and are the key ingredient in spyware. Common RAT’s are the LANRev Trojan and “Backdoor Orifice”.

Now RATs come to mobile phones. When somebody remotely activates your phone, you’re not going to know it and they can use that phone to monitor the conversations in the room you’re in. Your phone could be sitting next to you while you are watching TV, and somebody can actually log into your phone and can actually watch what you are watching on television.

Cell Phone Spying Software is Affordable and Powerful. I worked with Good Morning America (GMA) on this issue.

GMA found thousands of sites promoting cell phone spying software, boasting products to “catch cheating spouses,” “bug meeting rooms” or “track your kids.” Basic cell phone spying software costs as little as $50. Someone can easily install a spyware program on your phone that allows them to see every single thing you do all day long, via the phone’s video camera. GMA spent $350 to get the features that remotely activate speaker phones, intercept live calls and instantly notify you every time a call is made.

A virus, called “Red Browser,” was created specifically to infect mobile phones using Java. It can be installed directly on a phone, should physical access be obtained, or this malicious software can be disguised as a harmless download. Bluetooth infrared is also a point of vulnerability. Once installed, the Red Browser virus allows the hacker to remotely control the phone and its features, such as the camera and microphone. For all you techies who want to take a crack at decoding tricks for defeating SSL on mobile phones see Mobile Security Labs HERE.

If history is any indication of the future, mobile phones, just like computers, will soon be regularly hacked for financial gain. Prepare for mCrime in the form of credit card fraud, identity theft and data breaches.

To protect your mobile phone:

Spyware can be installed remotely or directly on the phone. Never click on links in a text or email that could contain a malicious link to a download.

Always have your phone with you and never let it out of your site or let anyone else use it.

Make sure your phone requires a password to have access. If your phone is password protected it will be difficult to install spyware.

If you suspect spyware on your phone re-install the phones operating system. This can be done by consulting your user manual or calling your carriers customer service to walk you through it.

And protect your identity.

Get a credit freeze and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

Invest in anti-virus and keep it auto-updated and check out my spyware killer IDTheftSecurty HERE

With your iPhone get my book as an App or go to my website and get my FREE ebook on how to protect yourself from the bad guy.

Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing Mobile Phone Spying on Good Morning America

Copy Machines Can Store Your Private Info

Robert Siciliano Identity Theft Expert

Today, copy machines, fax machines and many printers are just like computers; they’re smart and they have hard drives or flash drives and can store data that can be extracted. Peripherals in the olden days, just like when dot-com was a significant part of a person’s stock portfolio, were dumb.

Because of the increased demand of networked technologies, manufacturers of all these peripherals met the demand and built them so they can be easily accessed by everyone in the office.  These same peripherals are often wireless too.

The issue here is that these devices, sometimes, but aren’t always treated with the same considerations as a computer would have.  PCs are often locked down, access is limited and the data might be encrypted. Worse, when someone upgrades to a new PC, the old PC’s data is supposed to be removed, reformatted etc. This procedure is often overlooked on a copier/printer/fax.

Consider what kind of data is copied at your doctors, banks, mortgage broker and accountants office. Generally, there might be personal identifying information that can be used to create a new accounts or take over exiting accounts.

Where do old peripherals go? Many of them head to warehouses to be resold. Others end up on eBay. A quick search on eBay results in 7845 copiers for sale and 1130 used ones. If I can buy an ATM off Craigslist with over 1000 credit and debit card numbers on it, how much data do you think we can get from used copiers?

All the more reason to protect your identity.

1. Get a credit freeze and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in anti-virus and keep it auto-updated and check out my spyware killer IDTheftSecurty HERE

3. With your iPhone get my book as an App or go to my website and get my FREE ebook on how to protect yourself from the bad guy.

4. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing copy machine scams on CBS Boston

She Said WHAT? On Facebook?

Robert Siciliano Identity Theft Expert

I don’t know about you, but high school was a nightmare for me. I spent a lot of my time in the assistant principal’s office for fighting. My taste for GQ style clothing along with slicked back greasy hair made me a target. My forked tongue didn’t help me any either. Not much has changed.

In Melrose, Massachusetts a woman was run down by a pack of teenagers in a car because of a dispute that started amongst high school kids on Facebook. If there was Facebook when I was in high school I would have definitely made the paper.

The feud started because of a “she saidshe said” dispute that involved a boy between 2 girls.  I always fought boys because I wasn’t tough enough to fight girls. Girls hit you with their car.

The woman hit was the mother of one of the girls in the Facebook/cat/car fight and spent the night in Mass General Hospital after she did an endo, that’s when your “end” goes over your head then over the windshield.

This same diarrhea of the mouth on Facebook is happening with employees at small to large businesses. It might not end up as violent, but it’s certainly damaging corporate brands. People are saying mean things, blabbering about how they hate their jobs, their fellow employees, their bosses or even their clients. It’s never good when an employee publicly says bad things about the company they work for.

Just as bad they are leaking sensitive information about products coming to market, product specs or new and potential clients that gives the competition an edge. This kind of transparency is causing a tremendous stir and hurting many.

People mistakenly believe that what they say around the water cooler, to a friend or spouse or even on an IM in private can be said in public on Facebook or Twitter.  They couldn’t be more wrong.

The Wall Street Journal reports to nab violators, some business owners frequently conduct Web searches of their companies’ names. Others make a habit of checking employees’ social-media profiles if they’re open to the public or they’ve been granted access. They say such strategies can be helpful for quickly doing damage control, as well as for digging up digital dirt on employees and prospective recruits.

As an employer, you must have a written policy as to appropriate and inappropriate behaviors in social media. Just because you may block access at work, doesn’t mean they are saying stuff when they get off work. As an employee, don’t be stupid. Shut up and don’t act like an idiot pack of teenage high schoolers.

Protect your identity.

1. Get a credit freeze and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in anti-virus and keep it auto-updated and check out my spyware killer IDTheftSecurty HERE

3. With your iPhone get my book as an App or go to my website and get my FREE ebook on how to protect yourself from the bad guy.

4. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing Facebook Scams on CNN

The $10,000 Fake ID

Robert Siciliano Identity Theft Expert

When I was 17, my friend “Baldo,” as he was known by all, was the Fake ID Master. He also fixed TV’s and still does today. But he didn’t actually create “fake IDs,” he altered real ones. The technology he used back then is still used today. It’s called Crayola Crayons. He would take a Massachusetts ID and heat the laminate over the stove and peel it back. Then he’d dab a premixed batch of liquid aqua green/blue crayon on the left side of an 8 to make it a 3. He’d bust out his heating iron and some wax paper and seal up the laminate. Then a 17-year-old became 22, using the same technology my 1 year old eats. Packy run, anyone?

Today is a little different. It’s not so easy to peel back the laminate. Most cards today are treated plastics: PVC, styrene, polypropylene, direct thermal, and teslin hybrids. However, while all that sounds technically challenging, it’s really not. Some of the do-it-yourself ID making machines are the size of a shoebox. It is however a tad more complicated than that. Sure you can go to your local office supply and buy ID making materials or simply buy fake IDs online, but will they pass the muster when put in front of numerous technologies that look for tampering?

That’s where the $10,000 fake ID comes in. In New York, authorities busted an identity theft ring and charged 22 people with selling driver’s licenses and other identification documents.

Among those implicated in the ring are two New York State Department of Motor Vehicles employees, who are believed to have earned over a $1 million dollars issuing more than 200 licenses and other documents over the past three years. The alleged ring leader of the group was identified as Wilch Dewalt, also known as “Sharrief Sabazz” Muhammad’ and “License Man.” Authorities say he acted as a broker who, in exchange for a fee of between $7,000 and $10,000, served as a one-stop shop for fraudulent documents.

In this case, the clients who were dropping 10G on IDs were people who were hiding from the law in plain sight, including felons, a drug dealer whose claim to fame was once a cameo on “America’s Most Wanted,” and someone from the government’s No Fly List. These were people that: A) could afford it and, B) needed the best of the best in real fake identification.

In the meantime, identity theft is again the top 2009 consumer complaint, the FTC reports. The number of American identity fraud victims rose 12% last year to 11.1 million, with losses hitting $54 billion, according to an annual report from Javelin Strategy & Research.

Protect your financial identity.

1. Get a credit freeze and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in anti-virus and keep it auto-updated and check out my spyware killer IDTheftSecurty HERE

3. With your iPhone get my book as an App or go to my website and get my FREE ebook on how to protect yourself from the bad guy.

4. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Biometrics: To Be or Not to Be?

New Hampshire, USA. “Live Free or Die,” baby. The official state motto emblazoned on every NH license plate has always intrigued. The thought of someone from NH might bring to mind revolutionaries or America militia sympathizers. New Hampshire has come a long way since its motto was created in 1945 and is not much different than most states today.

I live in Boston, one click south of Newy, and all those NH people work in Boston. I see them every day driving their fancy new fanlge auto-mo-biles with their fancy stereo phonic systems. Pleeeze. If any state should adopt the “Live Free or Die” motto it’s Montana, USA. I’ve been to MT bunches of times. They sell guns and beer and fishing rods and meat at gas stations.  NH ain’t gut nuthin’ on MT.  Plus MT had Evel Knievel and he lived in Butte. Now that’s a” Live Free or Die” town.

But it comes as no surprise that Newy is back to its shenanigans again and acting out of concerns for residents’ privacy. The New Hampshire Legislature is considering a bill that would ban the use of biometrics data in identification cards. “Acting out” being the operative term. Or are they rightfully concerned?

As noted in SC, “The bill would prohibit biometrics data, including fingerprints, retinal scans and DNA, from being used in state or privately issued ID cards, except for employee ID cards. In addition, it would ban the use of ID devices or systems that require the collection or retention of an individual’s biometric data. Under the bill, biometric data would also include palm prints, facial feature patterns, handwritten signature characteristics, voice data, iris recognition, keystroke dynamics and hand characteristics.”

That doesn’t leave much left. Why don’t they just ban them-thar fo-toe-grafs too? Come on NH, the world has evolved beyond cow tipping and flaming bags of poop on your neighbor’s door step.

In response, the Security Industry Association stated “SIA firmly believes that the broad restrictions proposed by [the bill]… reflects a significant misunderstanding of the security features and privacy safeguards of this widely-adopted technology,”

I’d say that’s more than a misunderstanding. Some believe biometrics to be the “Mark of the Beast”.

“Some have suggested biometrics, themograms, or bodily ID systems, such as iris scans, fingerprints, voice patterns, facial features, etc. as the mark of the beast. Biometrics ID could not be the mark of the beast because the mark of the beast is something you “receive“. An iris scan, voice scans, fingerprints, biometrics are NOT something you receive. It’s simply part of a person’s bodily features. In this case, every one would “have” the “mark”.”

With this kind of resistance to security, it’s amazing we get anything done. Biometrics is not an invasion of privacy. I also doubt the devil plays any role in them either. They are a tool to identify. Could they be abused? Yes. Should we be concerned? Of course. Should we ban them? Of course not.

In other parts of the world effective identification is actually embraced. Privacy concerns seem to take a back seat to security interests.

Effective use of biometric data could have prevented the apparent theft of Anglo-Israelis’ identities, MK Meir Sheetrit (Kadima), the architect of the country’s Biometric ID Law, and a former minister of intelligence services, told The Jerusalem Post” This statement is in reference to a mess of a story regarding an assassination and the use of fake passports. The Register states that “all passports now issued contain ‘biometric’ details “which are unique to you – like your fingerprint, the iris of your eye, and your facial features”. In addition, “the chip inside the passport contains information about the holder’s face – such as the distances between eyes, nose, mouth and ears” which “can then be used to identify the passport-holder”.

And they were tampered with, which means a failure of epic proportions. So, is NH right?

Meanwhile, CNN reports “in the name of improved security a hacker showed how a biometric passport issued in the name of long-dead rock ‘n’ roll king Elvis Presley could be cleared through an automated passport scanning system being tested at an international airport. Using a doctored passport at a self-serve passport machine, the hacker was cleared for travel after just a few seconds and a picture of the King himself appeared on the monitor’s display.”

Some stuff to chew on. Identity Proofing is the “ultimate” solution. Identity proofing simply means proving that individuals are who they say they are. Identity proofing often begins with personal questions, like the name of a first grade teacher or the make and model of a first vehicle that only the actual person would be able to answer. Of course, this technique is not foolproof, and now that personal information is so readily available over the Internet, knowledge-based authentication is probably on its way to extinction. The next step is documentation, such as a copy of a utility bill or a mortgage statement. These types of identifying documents can be scavenged from the trash, but they are more effective proof when combined with personal questions. Biometric features, such as fingerprints or iris scans, can help further authenticate an individual’s identity.

Authentication is the ability to verify the identity of an individual based on their unique characteristics. This is known as a positive ID and is only possible by using a biometric. A biometric can be either static (anatomical, physiological) or dynamic (behavioral). Examples of each are: Static – iris, fingerprint, facial, DNA. Dynamic – signature gesture, voice, keyboard and perhaps gait. Also referred to as something you are.

Verification is used when the identity of a person cannot be definitely established. Technologies used provide real time assessment of the validity of an asserted identity. We don’t know who the individual is but we try to get as close as we can to verify their asserted identity. Included in this class are out of wallet questions, PINS, passwords, tokens, cards, IP addresses, behavioral based trend data, credit cards, etc. These usually fall into the realm of something you have or something you know.

Allz I know is we guts to do something to fix this thing.

Protect your financial identity.

1. Get a credit freeze and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in anti-virus and keep it auto-updated and check out my spyware killer IDTheftSecurty HERE

3. With your iPhone get my book as an App or go to my website and get my FREE ebook on how to protect yourself from the bad guy.

4. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Assassin or Identity Theft Victims?

It made a little buzz in the States, but over in  Dubai, as more details become available about the assassination of senior Hamas terrorist Mahmoud al-Mabhouh in Dubai, it is becoming apparent to some (depending on which side of the wall you live on) that the assassins stole the identities of several Israelis carrying foreign passports.

Apparently, the purported identity theft stems the accessibility of passport data from Israelis who hold dual citizenship from Israel, Britain, Australia and other countries. “Six more Britons had their passports cloned by the killers of a senior Hamas official, “ Dubai police said yesterday as they revealed a total of 15 new suspects in the assassination. One of the victims/accused assassin stated “I was in total shock. I don’t know what’s happening – I don’t know how they got to me or my information. I haven’t left the country in about two years, and I’ve never been to Dubai. I don’t know who was behind this. It’s just scary, because powerful forces are involved in this.”

The Dubai police went ahead and released information on 26 suspects in the assassination. The pictures of the suspects were also released. One of the accused, after his mother saw him on the news stated, “Even my mother asked if I’d been abroad.”

Freaky Stuff.

I was interviewed in a yet to be released AP story from Jerusalem about how something like this can happen. It seems simple to me. If in fact the accused are what I would label as criminal identity theft victims, then we are all susceptible to this type of crime. I’ve always believed this to be the scariest of all identity theft and if the above story concludes as factual, then it’s a perfect example.

In the USA, we have as many as 200 forms of ID circulating including passports from state to state, plus another 14,000 birth certificates and 49 versions of the Social Security card. These are paper and plastic documents that can be recreated with a PC, scanner, printer and laminator. We use numerical identifiers that aren’t physically associated with us. Pictures are attached to some documents that may not look like us. Especially if there are eye glasses involved, beards, hair coloring or hair removal, weight gain or loss. Some identification documents are absent of a photo.  This is not effective authentication. World wide, the system isn’t much more secure.

This is criminal identity theft waiting to happen.

At least protect your financial identity.

1. Get a credit freeze and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in anti-virus and keep it auto-updated and check out my spyware killer IDTheftSecurty HERE

3. With your iPhone get my book as an App or go to my website and get my FREE ebook on how to protect yourself from the bad guy.

4. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker video hacking P2P getting lots of fun data.

When FTC Sends a Warning, Data Theft Has Jumped the Shark

When Fonzie jumped the shark on his HOG, that spelt the end of Happy Days.

The FTC sending a warning to 100 companies and agencies that their employees are leaking client  and sensitive data on the web via Peer to Peer file sharing (P2P) is the single most pathetic and embarrassing communication to come across the desk of an IT professional. It’s over, Johnny IT’S OVER!

The FTC certainly has their hands full with the mess of information security that we call identity theft. I’ve met some from the FTC. These are smart people who are doing the best they can with what they have to work with. But government is usually the last to be on top of what is new and ahead of what is next. Especially, with technology issues. Generally, they are reactive and fix it after it’s broke. They step in when there is a problem and work to fix it so it’s not a problem in the future.

How is it that after hundreds of data breaches and numerous articles that all point to leaks via P2P; there are still companies who allow the installation of technology that opens a big hole in your network, big enough for a car bomb?

As Byron Acohido eloquently stated The Federal Trade Commission today finally voiced concern about the long-known problem of data leaking into criminal hands via LimeWire, BearShare, Kazaa and dozens of other  peer-to-peer (P2P)  file sharing networks.” The operative word here being “FINALLY!” Why are we having this conversation?

For the under a rock crowed, P2P has been around since before the days of Napster. Peer to peer file sharing is a great technology used to share data over peer networks. It’s also great software to get hacked.

Last year the House Committee on Oversight and Government Reform responded to reports that peer to peer file sharing allows Internet users to access other P2P users’ most important files, including bank records, tax files, health records, and passwords. This is the same P2P software that allows users to download pirated music, movies and software.

An academic from Dartmouth College found that he was able to obtain tens of thousands of medical files using P2P software. In my own research, I have uncovered tax returns, student loan applications, credit reports and Social Security numbers. I’ve found family rosters which include usernames, passwords and Social Security numbers for entire family. I’ve found Christmas lists, love letters, private photos and videos (naughty ones, too) and just about anything else that can be saved as a digital file.

Installing P2P software allows anyone, including criminal hackers, to access your data. This can result in data breaches, credit card fraud and identity theft. This is the easiest and frankly, the most fun kind of hacking. I’ve seen reports of numerous government agencies, drug companies, mortgage brokers and others discovering P2P software on their networks after personal data was leaked.

Blueprints for President Obama’s private helicopters were recently compromised because a Maryland-based defense contractor’s P2P software had leaked them to the wild, wild web.

  • Don’t install P2P software on your computer.
  • If you aren’t sure whether a family member or employee has installed P2P software, check to see whether anything unfamiliar has been installed. A look at your “All Programs Menu” will show nearly every program on your computer. If you find an unfamiliar program, do an online search to see what it is you’ve found.
  • Set administrative privileges to prevent the installation of new software without your knowledge.
  • If you must use P2P software, be sure that you don’t share your hard drive’s data. When you install and configure the software, don’t let the P2P program select data for you.

Protect your identity.

1. Get a credit freeze and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in anti-virus and keep it auto-updated and check out my spyware killer IDTheftSecurty HERE

3. With your iPhone get my book as an App or go to my website and get my FREE ebook on how to protect yourself from the bad guy.

4. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker video hacking P2P getting lots of fun data.

RATs Are Committing Identity Theft Via Webcams

A webcam is certainly one way the bad guy can get intelligence about you. They can use it to spy on you. They can listen into everything you say all day. They know when you are home or not, whether or not you have an alarm, they watch you. But in my opinion, the real issue here isn’t the webcam, but the technology that allows for full remote control access to your network.

If you are a cave dwelling uni-bomber you may have missed the story about the family who is already involved in numerous civil judgments (litigious bugs me) suing their sons school for spying on him with the school issued laptop. Apparently, it’s not OK to spy on students who are issued a school laptop.

The school apparently installed laptop tracking software that is designed to find a stolen laptop. Laptop tracking is often IP and GPS based that provides location based detection when plugged into the Net. The trick to this particular laptop tracker was a peeping Tom technology called a RAT. AKA “Remote Access Trojans.”

RAT’s can capture every keystroke typed, take a snapshot of your screen and even take rolling video of your screen via a webcam. But what’s most damaging is full access to your files and if you use a password manager they have access to that as well.

RAT’s covertly monitor a PC generally without the user’s knowledge. RAT’s are a criminal hackers dream and are the key ingredient in spyware. Common RAT’s are the LANRev Trojan and “Backdoor Orifice”. This RAT allowed the school district full remote access to the student’s laptop, and at his home and in his bedroom.  Creepola!.

Now the FBI is in the fray. According to the original complaint, the student was accused by his school’s assistant principal of “improper behavior in his home” and shown a photograph taken by his laptop as evidence. That kind of backdoor slap in the face for bad behavior certainly raises an eyebrow. For every action there is a reaction as they say.

Installing RAT’s can be done by full onsite access to the machine or opening an infected attachment, clicking links in a popup, installing a permissioned toolbar or any other software you think is clean. More ways include picking up a thumb-drive you find on the street or in a parking lot then plugging it in, and even buying off the shelf peripherals like a digital picture frame or extra hard drive that’s infected from the factory. The bad guys can also trick a person when playing a game as seen here in this YouTube video.

There are plenty of remote access programs that use legitimate back door technology that we consume every day. Examples include LogMeIn and GoToMyPC remote access. Your desktop has “remote desktop” which acts in a similar way. There are a dozen iPhone Apps that do the exact same thing.

Considerations:

An unprotected PC is the path of least resistance.  Use anti-virus and anti-spyware. Run it automatically and often.

A PC not fully controlled by you is vulnerable. Use administrative access to lock down a PC preventing installation of anything.

Many people leave their PC on all day long. Consider shutting it down when not in use.

Unplug your webcam if you are freaked out by it. If it’s built into your laptop cover it up with tape. You may also be able to disable it on start-up and uninstall it and remove the drivers that make it work.

And invest in identity theft protection.

Protect your identity.

1. Get a credit freeze and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in anti-virus and keep it auto-updated and check out my spyware killer IDTheftSecurty HERE

3. With your iPhone get my book as an App or go to my website and get my FREE ebook on how to protect yourself from the bad guy.

4. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing Webcam Spying on The CW New York

EFT Point of Sales Hackers Net $50 Million

Robert Siciliano Identity Theft Expert

Readers of these posts are familiar with ATM skimming. ATM skimming is a billion dollar problem and growing. A relatively new scam over the past few years is electronic funds transfers at the point of sale (EFTPOS ) skimming. People commonly swipe both credit and debit cards through the in-store machines to pay for goods and services at these outlets. In Australia, Fast-food, convenience and specialist clothing stores are bearing the brunt of the crime. McDonald’s is among the outlets whose EFTPOS machines have been targeted.

Last year, legitimate EFTPOS devices at McDonald’s outlets across Perth Australia were replaced with compromised card-skimming versions, with 3500 customers cheated of $4.5 million. They actually replaced the entire device you see at the counter when you order your Big Mac!

Officials say the problem is so bad they urged people to change credit and debit card pin numbers weekly to avoid the possibility of having their account balances wiped out, as it was likely more cases would be identified.

In the United States a similar scam was pulled off at the Stop and Shop Supermarket chain.

“One reason POS machines are so vulnerable is that nearly all of the estimated 12 million devices in the U.S. employ a 40-year-old magnetic stripe technology that industry experts say is largely defenseless against the high-tech wizardry available to fraudsters today. These experts say that thieves can buy skimming gadgetry on the open market. Right now you can walk into a computer store in Malaysia and buy one of these devices for about $200”

The solution to this type of crime may be with authenticating the card or the card holder. Today this is out of the hands of the consumer. There are a number of new technologies that if banks/retailers/industries adopt to identify the actual card/user at the POS or even online, then most, if not all, of the card fraud problems will be solved. There is a race going on right now to see who gets there first. In the next 1-5 years we may see new cards being issued such as “chip and pin” which are standard in Europe. Or no new cards at all but changes in the system that identifies a fraudulent card making the data useless to the thief, or a 2 card system that requires a second swipe of another authenticating card the hacker doesn’t have access to. We will see how this all plays out.

You can’t protect yourself from these types of scams. However, by paying attention to your statements and refuting any unauthorized transactions within 60 days, you can recover your losses. When using any POS, pay close attention to details, and look for anything that seems out of place. If your card gets stuck in the machine or you notice anything odd about the appearance of the machine, such as wires, or error messages, don’t use it.

1. Get a credit freeze. Click on the preceding link and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in anti-virus and keep it auto-updated and check out my spyware killer IDTheftSecurty HERE

3. Go to my website and get my FREE ebook on how to protect yourself from the bad guy.

4. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing ATM skimming on ExtraTV

Citizens Need to be More Involved in Cybersecurity

Robert Siciliano Identity Theft Expert

In the University of Cincinnati’s Journal of Homeland Security and Emergency Management, the authors write “The general population must be engaged as active security providers, not simply beneficiaries of security policy, because their practices often create the threats to which government responds.” Somebody is saying to take personal responsibility and start doing things securely opposed to expecting it to all be done for you. What a revelation!

Just because everyone has access to the Internet, doesn’t mean they are using it securely. If a person decides to login, they should take some basic courses or read about how to login securely. And the education doesn’t stop there. New scams pop up every day and one has to be aware of their options. I write almost every day and there is never a shortage of topics for me to discuss.

The Internet can be a dangerous neighborhood with bad people around every corner. I got an email from a colleague today who is in the security business. He asked me if the email he received from Facebook to change his password was a fake or real. This is a smart guy, who obviously never heard of the Facebook phishing scam before.

NetworkWorld reports They cite the coordinated attack that overwhelmed U.S. and South Korean government sites last July as being the type of attack that individuals can unwittingly participate in by allowing their computers to be taken over by botnets, the authors say. The awareness they call for has to go beyond simply “if you do not protect yourselves bad things will happen to you” and create a sense that cyber security is a civic duty. Most users remain unaware that not only is their computer data vulnerable, but that their insecure access to cyberspace can be exploited by others turning them into unwitting agents of coordinated cyber threats [both criminal and disruptive attacks],”they say. “Cybersecurity must become a national civic responsibility.”

Frankly, we as citizens HAVE TO do something. Richard Clarke, the president’s cybersecurity adviser, recently wrote that the Department of Homeland Security “has neither a plan nor the capability” to protect the U.S.’s cyber infrastructure. He said companies and individuals “almost uniformly believe that they should fund as much corporate cybersecurity as is necessary to maintain profitability and no more.”

Whether you realize it or not, your computer is one of the biggest threats to your personal security. The Obama administration believes that your computer is also one of the biggest threats to national security.

The message is: Think before you click. Know who’s on the other side of that instant message. What you say or do in cyberspace stays in cyberspace — for many to see, steal and use against you or your government.

1. Get a credit freeze. Go online now and search “credit freeze” or “security freeze” and go to consumersunion.org and follow the steps for the state you live in. This is an absolutely necessary tool to secure your credit. In most cases it prevents new accounts from being opened in your name. This makes the SSN useless to the thief.

2. Invest in  Intelius identity theft protection and prevention. While not all forms of identity theft can be prevented, you can effectively manage your personal identifying information by knowing what’s buzzing out there in regards to YOU. (Disclosures)

3. Make sure your anti-virus is up to date and set to run automatically.

4. Update your web browser to the latest version. An out of date web browser is often riddled with holes worms can crawl through.

5. Check your bank statements often, online, at least once a week.

6. Visit US-Cert here

Robert Siciliano identity theft speaker discussing the mess of data security on Fox News