Showing posts with label biggest identity theft. Show all posts
Showing posts with label biggest identity theft. Show all posts

Saturday, September 26, 2009

Identity Theft Protection Tips For the Digital Age


As a small business owner, can you honestly say that your workplace is as safe from exposure to identity theft as possible? It’s a fact that the issue of identity theft is an increasing problem that is already quite widespread. It’s a good idea to periodically do a checkup on your business security policies and procedures to ensure that you have taken every possible step to keep your company’s data safe from identity thieves, as well as personally identifiable information that belongs to your employees and your customers.

1. Be Careful What You Throw Away

Identity thieves are skilled dumpster divers. If you or your employees throw away papers that include bank account numbers, social security numbers, and other information that can be used to perpetuate fraud, there’s a good chance that the data could end up in the hands of unscrupulous characters. Make it a firm policy to shred all waste paper that has any information that could possibly be used by people who might be looking to steal someone else’s identity.

If you only have a small quantity of this type of documentation, it will probably be feasible to handle shredding in-house, with shredders placed in strategic locations around your place of business. If your business generates a large quantity of documentation that contains protected information, it may be better for you to hire a document shredding company to take care of destroying throw away documents that may contain sensitive information.

2. Take Steps to Protect Data Stored on Company Computers

Verify that the virus protection and firewall software installed on your computer system remains current at all times. Make sure that you are using a quality virus protection program and set it up to run daily scans so that you can be as safe from computer viruses as possible. It’s also important to check for updates to your virus software and install them as soon as they become available.

It’s also a good idea to set up every desktop computer and laptop so that a password is required for login. This can help protect stored data in the event that the equipment is lost or stolen and ends up in the wrong hands. This is not a foolproof protection, of course, because skilled hackers can find their way around password protection in many cases. However, it’s certainly better than leaving computer equipment unprotected.

When your company upgrades computer equipment, it’s essential to dispose of your old equipment responsibly. Simply deleting files from your old hard drive is not sufficient to keep identity thieves from stealing your confidential data if the equipment is not properly disposed of. The only truly safe way to get rid of data from your old computer is to shred the hard drives. The same companies that provide document shredding services typically also offer hard drive recycling.

American Banking News

Sunday, August 23, 2009

Profile of a hacker: How the "soupnazi" did it

The man allegedly behind the biggest identity theft ever did it through a fairly simple ploy...
Monday, one of the most brazen hackers in American history was indicted in federal court in New Jersey. Federal authorities allege that Albert Gonzalez, along with two unnamed Russian associates, engineered one of the largest credit card and identity theft schemes in history. But this is hardly Gonzalez's first run-in with authorities over cyber-crimes. Here's a snapshot of Gonzalez and his short but startling history of plaguing American businesses and consumers.

Profile of a hacker:
Name: Albert Gonzalez
RedditAge: 28
Online pseudonyms: segvec, soupnazi, Cumbajohnny and j4guar17
Current co-conspirators: Two men from Russia who authorities did not identify by name.
Past criminal affiliations: Leader of Shadowcrew, an online credit-card hacking ring. In 2004, 26 of the 4,000 members of the hacking crew were arrested and convicted.

Gonzalez's hacking timeline:
2003: Gonzalez was arrested for hacking but not charged with a crime because he agreed to work as an informant for the Secret Service on cyber-crimes. Yet, according to the Justice Department, he was again engaging in illicit activities fairly soon after his arrest.

October 2004: The government arrests members of the Shadowcrew. Gonzalez was the alleged leader of this hacking group.

November 2004: Gonzalez is allowed by the government to move from New Jersey to Florida. He then begins his hacking of Dave & Buster's restaurant chain.

October 2006-May 2008: Gonzalez and his associates targeted Fortune 500 companies with network security problems. He allegedly stole over 130 million credit and debit card numbers from Heartland Payment Systems Inc., a credit card payment processor, 7-Eleven, a national convenience store chain, and Hannaford Brothers Co., a supermarket chain. He was indicted for his leadership in this hacking ring Monday. Heartland is the world's 9th largest credit card processor.

May 2008: Gonzalez has been in custody since May 2008 when he was arrested for data theft at Dave & Buster's.

August 2008: Gonzalez is indicted for improperly probing the networks of many major U.S. retailers including TJX Companies (owner of TJ Maxx), BJ’s Wholesale Club, OfficeMax, Boston Market, Barnes & Noble, Sports Authority, Forever 21 and DSW. At the time, it was thought to be the largest individual instance of credit card data theft via the hacking of private computer systems, as nearly 40 million card numbers were stolen. Authorities have said the breach cost TJ Maxx close to $200 million.

August 2009: Gonzalez and two unnamed associates are charged in federal court in New Jersey with running the largest credit card and identity theft hacking operation ever prosecuted. Gonzalez was already awaiting trial in New York for his hacking of the network at Dave & Buster's restaurants and in Massachusetts for his penetration of TJX Companies.

How he did it:
By all accounts, what makes Gonzalez's success so terrifying for consumers is that his alleged hacking ring was not very sophisticated. Officials have said Gonzalez used a technique called "wardriving," in which he and his associates travel to different areas searching for accessible wireless Internet networks. They then hacked into these networks, installing "sniffer programs" and "malware" software that allowed them to steal credit and debit card numbers from retailers. Gonzalez exploited holes in the SQL programming language used by many databases.

In the charges brought against Gonzalez on Monday, authorities said that once Gonzalez and his co-hackers captured the personal data, they'd send the information to computer servers in California, Illinois, Latvia, the Netherlands and Ukraine. Gonzalez would either then sell the numbers online or make purchases or unauthorized withdrawals from the banks the cards were linked to.

Gonzalez and his associates face anywhere from 35 years in prison to possible life sentences if convicted on all the charges currently brought against them. They also may have to pay more than a $1 million in fines.

What consumers should know:
•According to identity theft experts, restaurants are particularly attractive for hackers because they seldom update their anti-virus software and other computer security systems.

•Not all states require companies to notify consumers once their information has been compromised. It is unknown whether those affected by Gonzalez's heist were ever even alerted.

•If you're worried about identity theft, you should check the government's site here: FTC Id Theft

Salon

Actor Antwon Tanner pleads guilty in scheme in NYC


NEW YORK – "One Tree Hill" actor Antwon Tanner has pleaded guilty to selling more than a dozen Social Security numbers for $10,000. Tanner told a federal judge in Brooklyn on Friday that he was a middleman, selling numbers someone else provided. He and his lawyer didn't comment on how he got involved in the scheme.
Tanner is expected to get as much as a year in prison at his sentencing, set for Nov. 20.
The 34-year-old actor was charged in April with selling 16 Social Security numbers and three bogus Social Security cards.
Tanner plays the character Skills in the CW series. Representatives for the network didn't immediately return a telephone call Saturday.
Tanner also appeared in the 2005 movie "Coach Carter," starring Samuel L. Jackson.
AP

Saturday, August 22, 2009

FTC Announces Expanded Business Education Campaign on 'Red Flags' Rule



To assist small businesses and other entities, the Federal Trade Commission staff will redouble its efforts to educate them about compliance with the "Red Flags" Rule and ease compliance by providing additional resources and guidance to clarify whether businesses are covered by the Rule and what they must do to comply. To give creditors and financial institutions more time to review this guidance and develop and implement written Identity Theft Prevention Programs, the FTC will further delay enforcement of the Rule until November 1, 2009.

The Red Flags Rule is an anti-fraud regulation, requiring “creditors” and “financial institutions” with covered accounts to implement programs to identify, detect, and respond to the warning signs, or “red flags,” that could indicate identity theft. The financial regulatory agencies, including the FTC, developed the Rule, which was mandated by the Fair and Accurate Credit Transactions Act of 2003 (FACTA). FACTA’s definition of “creditor” includes any entity that regularly extends or renews credit – or arranges for others to do so – and includes all entities that regularly permit deferred payments for goods or services. Accepting credit cards as a form of payment does not, by itself, make an entity a creditor. “Financial institutions” include entities that offer accounts that enable consumers to write checks or make payments to third parties through other means, such as other negotiable instruments or telephone transfers.

The FTC’s Red Flags Web site, www.ftc.gov/redflagsrule, offers resources to help entities determine if they are covered and, if they are, how to comply with the Rule. It includes an online compliance template that enables companies to design their own Identity Theft Prevention Program through an easy-to-do form, as well as articles directed to specific businesses and industries, guidance manuals, and Frequently Asked Questions to help companies navigate the Rule.

Although many covered entities have already developed and implemented appropriate, risk-based programs, some – particularly small businesses and entities with a low risk of identity theft – remain uncertain about their obligations. The additional compliance guidance that the Commission will make available shortly is designed to help them. Among other things,
Commission staff will create a special link for small and low-risk entities on the Red Flags Rule Web site with materials that provide guidance and direction regarding the Rule. The Commission has already posted FAQs that address how the FTC intends to enforce the Rule and other topics – www.ftc.gov/bcp/edu/microsites/redflagsrule/faqs.shtm. The enforcement FAQ states that Commission staff would be unlikely to recommend bringing a law enforcement action if entities know their customers or clients individually, or if they perform services in or around their customers’ homes, or if they operate in sectors where identity theft is rare and they have not themselves been the target of identity theft.

The three-month extension, coupled with this new guidance, should enable businesses to gain a better understanding of the Rule and any obligations that they may have under it. These steps are consistent with the House Appropriations Committee’s recent request that the Commission defer enforcement in conjunction with additional efforts to minimize the burdens of the Rule on health care providers and small businesses with a low risk of identity theft problems. Today’s announcement that the Commission will delay enforcement of the Rule until November 1, 2009, does not affect other federal agencies’ enforcement of the original November 1, 2008, compliance deadline for institutions subject to their oversight.

The Federal Trade Commission works for consumers to prevent fraudulent, deceptive, and unfair business practices and to provide information to help spot, stop, and avoid them. To file a complaint in English or Spanish, visit the FTC’s online Complaint Assistant or call 1-877-FTC-HELP (1-877-382-4357). The FTC enters complaints into Consumer Sentinel, a secure, online database available to more than 1,500 civil and criminal law enforcement agencies in the U.S. and abroad. The FTC’s Web site provides free information on a variety of consumer topics.
FTC Red Flags Rule

Tuesday, August 18, 2009

Arrest in Epic Cyber Swindle


A 28-year-old American, believed by prosecutors to be one of the nation's cybercrime kingpins, was indicted Monday along with two Russian accomplices on charges that they carried out the largest hacking and identity-theft caper in U.S. history.
Federal prosecutors alleged the three masterminded a global scheme to steal data from more than 130 million credit and debit cards by hacking into the computer systems of five major companies, including Hannaford Bros. supermarkets, 7-Eleven and Heartland Payment Systems Inc., a credit-card processing company.
U.S. Secret Service courtesy of wired.com
Photo of Albert Gonzalez released to wired.com by Secret Service
The indictment in federal district court in New Jersey marks the latest and largest in at least five years of crime that has brought its alleged orchestrator, Albert Gonzalez of Miami, in and out of federal grasp. Detained in 2003, Mr. Gonzalez was briefly an informant to the Secret Service before he allegedly returned to commit even bolder crimes.
Authorities have previously alleged that Mr. Gonzalez was the ringleader of a data breach that siphoned off more than 40 million credit-card numbers from TJX Cos. and others in recent years, costing the parent company of the TJ Maxx retail chain about $200 million.
Mr. Gonzalez is in federal custody in Brooklyn, N.Y., awaiting trial for alleged efforts to hack into the network of the national restaurant chain Dave & Buster's Inc. He also faces charges in Boston in the TJX matter.
The alleged thefts in Monday's indictment took place from October 2006 to May 2008.
Wall Street Journal