Weekly News Wrap-Up for 25 June 2010
Posted by: Neal OFarrell on June 25, 2010
You’ve been breached, again!
Yesterday I received yet another notice that my personal information had been compromised in a data breach, someone is being sued, and I’m getting a year’s worth of free credit monitoring for my troubles blah, blah, blah…
Seems like I’ve received so many of these notices and offers of free credit monitoring, I’ll probably never have to pay for credit monitoring again.
But apart from the fact that the last time we shopped at that store was more than three years ago, and, therefore, the thieves are long gone with my information, it does raise the troubling issue of how used to and how immune we’ve become to these data breach notices. And that’s not a good thing.
According to research firm Javelin Strategy & Research more than one in four of all U.S. consumers have received a data breach notification, and at least 28% of all consumers received a replacement debit or credit card in 2009 due to security concerns.
Hardly surprising, considering there were hundreds of reported data breaches last that together exposed more than 300 million personal records.
To make matters worse, Javelin maintains that fraud victims who have been notified of a data breach experience fraud at nearly five times the rate of fraud victims who have not notified of a breach.
And according to Robert Vamosi, a fraud and security analyst and author of the Javelin report, “Consumers who receive notifications that their personal information may have been breached are not connecting the dots. They don’t seem to understand that this puts them at an increased risk for other types of fraud and at an increased need for identity protection services such as fraud alerts, security freezes and credit and identity monitoring.”
Lessons learned?
- Be careful with whom you share your personal information with. No one is immune to a breach.
- If you receive a data breach notice, rather than ignore it, take extra precautions like checking your credit report to make sure you haven’t been victimized multiple times.
Protect your computer or face the consequences
Nobody wants to blame the victim, but when it comes to the growing problem of cybercrime and in particular banking Trojans, maybe it’s time to take the kid gloves off.
I’ve argued for years that the end user is one of the weakest links in security. They typically know the least about security, don’t have experts looking over their shoulder, and in many cases create security risks not just for themselves but for complete strangers and even the nation.
Unprotected or poorly protected personal computers are a major headache and one of the most popular back doors for everything from organized crime gangs to cyber terrorists. They can be used to plant banking Trojans to attack the individual user’s own bank account. They can be used to spread malware to other computers. And they can be harnessed by enemy governments in large scale attacks against U.S. interests.
So what do we do about it? In a recent story in Network World, security experts commented that banks are increasingly concerned that the customer computer is increasingly the weak link in the chain of trust.
In response to the problem, some banks have started offering browser and PC security services that will protect the customer’s computer, and especially their login to their bank accounts. They may even run scans of customer computers to weed out any hidden malware.
In Australia, the House of Representatives is going one step further, proposing laws that would require Internet Service Providers (ISP’s) to act as the security gateway for internet users, and not only block users that don’t have up-too-date security on the computer, but also remotely scan the user’s computer for malware and also block internet access if they find anything they don’t like
Might seem a little extreme, and there are lots of challenges, but I don’t think it’s such a bad idea. There are still many users accessing the internet whose poor security habits put other users and the nation at risk to cyber threats. I still come across many users who don’t have any virus protection on their computers, don’t’ see any reason why they should, and have no clue about the risk they expose themselves and others to.
The challenge, as usual, is in the implementation of such draconian measures. But if careless users won’t take responsibility for their computer and behavior, and the risks they expose others too, then maybe we should look at other ways to enforce proper online etiquette.
Lessons learned?
- Take the time to make an honest evaluation of your own security habits. Both the time and the money spent to make yourself and your computer safer are resources well invested.
- Don’t be the weak link. Layer every computer you use with as much security as you can, so at least you can rest easier that you’ve done your part. Just don’t drop your guard afterwards and get complacent.
Banking’s big dilemma: How to stop cyberheists via customer PCs
Have you received a foreclosure email lately?
Ever received one of those emails about a property you owned or just lived at, offering you a refinancing option, home loan, or even foreclosure help? Every day I get four or five of these to one of my regular email addresses, and offering to help me refinance a property that I only rented, and for just six months, nearly 10 years ago.
While most of this spam email is just a scam, it does raise a worrying question. How do the spammers know that I lived at that address and that this is my email? Now I can understand them having just one of those pieces of information – the fact that I lived at a certain address is widely available in thousands of databases. And my email address is also probably on thousands of spammer lists.
But how did they connect the two? Well, chances are I might have:
- Inquired about a home loan or mortgage at some time in the past
- Rented a property
- Applied for a job
- Posted my resume online
- Had a bank or credit card account
- Bought something online
- Or worked someplace
And the folks who said they’d look after my information let me down badly.
Another possibility is that someone just sold my information to a spammer or scammer because that was the only way they could make money from it. In my case, I’m pretty sure the company I rented the property from just didn’t do enough to protect my information. And given that I also provided them with my Social Security number so they could run a credit check, I could assume they were no more careful with that.
There are other possible explanations and scenarios too, none of them good. Whatever the reason, it’s a painful reminder about how easy it is for crooks to piece our lives and history together with very little effort, and then try to use that against us.
Lessons learned?
- Don’t worry about your information “getting out there.” It’s already “out there.” Worry about what you can do to stop the thieves from harming you with it.
- If you have to provide information online, don’t include your email address if you don’t have to. Many web sites just want it for marketing purposes, and that is how it ends up in the hands of spammers.
U.S. not ready for cyber attacks
In another disturbing admission, the United States is still nowhere near prepared to prevent the growing onslaughts of cyber attacks from cyber criminals and enemy governments.
The division of the Department of Homeland Security that monitors cyber attacks and probes against the U.S. says it doesn’t have enough people and resources and can do little to protect the nation.
In fact, an article in the Wall Street Journal concluded that “the U.S. government’s ability to counter cyber attacks against its non-military computer systems is largely ineffective.”
Scary stuff. It’s long been known that the U.S. Government has never been very good at cyber security, mainly because it’s unable to hire the best security minds. And America’s enemies seem to know this, as they invest heavily in hiring the best hackers on the planet and offering them huge financial incentives to attack the U.S.
Brings me back to my earlier commentary on the importance of personal security, and why it’s so important for every individual who uses a computer or accesses the internet to do everything they can do make sure their behavior or decisions don’t expose others to cyber threats.
U.S. Hampered in Fighting Cyber Attacks, Report Says
http://online.wsj.com/article/SB10001424052748703280004575309243039061152.html
Teens make millions teaching hacking tricks
Two teenagers, age 17 and 18, were recently arrested in London after it was discovered they were operating one of the biggest online forums dedicated to teaching users how to make money from cybercrime.
When the site was busted recently it had more than 8,000 members, a clear sign of the enormous demand from individuals and gangs wanting to hone their cybercrime skills.
The forum offered tutorials and advice on more than 30 different topics, including how to steal information electronically, how to commit credit and debit card fraud, how to acquire passwords and other secret information on the web, and how to create malware.
In addition to schooling the next generation of cyber thieves, the duo also had on sale more than 60,000 stolen credit card numbers with a street value in excess of $10 million.
Two teenagers held over £8m ‘crime tutorials’ on the internet
Read Neal’s blogpost, Profile of a Teenage Hacker
http://www.idguardian.com/profile-of-the-teenage-hacker/
Related posts:
No Comments to "Weekly News Wrap-Up for 25 June 2010"
Write Comment
IDGuardian reserves the right to remove any comments it deems to be offensive
Follow us on Twitter
Join us on Facebook