As more consumers pick up their smartphone and tablet to go holiday shopping, cyber crooks will try just about anything to dupe them out of their hard-earned money.
Forty percent of identity theft victims were targeted while making online purchases in 2011, according to an identity fraud report by Javelin Strategy & Research. Meanwhile identity fraud increased by 13 percent, with more than 11.6 Americans falling prey to the scams.
We have to thank the good people at The Belgian Federation of the Financial Sector for putting together the above video. The simple premise makes an excellent point: Everything an identity thief needs to hijack your life is freely available online.
The banking group hired an actor to play Dave, a psychic, and brought people in off the street for a reading under the guise that it was all being taped for a television show. Names of best friends, colors of motorcycles, how much one young lady has spent on clothes and the personal details of another young woman’s sex life are all “divined” by Dave the psychic. (more…)
One by one, like toy soldiers under fire, the country’s largest banks are being peppered with distributed denial-of-service attacks, or DDos.
In early September, test attacks began on small banks’ sites. Then JPMorgan, Citigroup and Bank of America were assaulted. Most recently Wells Fargo, U.S. Bancorp and PNC Financial came under the digital hammer.
DDoS attacks have been around for a long time. Basically, a computer server is bombarded with requests in an attempt to make a site unavailable for intended users. The server becomes overloaded and cannot respond, or becomes paralyzingly slow. In the recent cases, online banking sites received so much traffic their websites went down. Down time, of course, means money lost. A sustained attack can cripple sites indefinitely.
My phone rings whenever an IDT911 client is hacked, suffers a data breach, or is a victim of identity theft via digital means. My job as chief information security officer is to look at all the digital evidence.
When possible, I reconstruct the cyber attack. It’s C.S.I. work. By reconstructing the attack, often I can tell where it came from, how it unfolded and—most importantly—who did it. It’s a way of finding and preserving digital evidence. There’s a reason that it’s called forensics.
Digital forensics can be divided into four categories. Knowing what they are and how to handle them in the event of an attack can help me do my job and restore your company’s daily operations.
It started out as a data breach like many others. The hackers penetrated the computer network of a small medical practice in a wealthy suburb of northern Illinois, The Surgeons of Lake County, and broke into a server containing email and electronic medical records. But instead of sneaking out undetected and selling the stolen data on the black market, they took a novel tack – encrypting the data and posting a message demanding a ransom payment in exchange for the password.
The move from fraud to extortion in cases of data compromise is frightening for several reasons. First, it suggests that the criminals knew exactly what they were doing, and that they deliberately targeted digital medical records as part of a well articulated strategy – an approach that we can expect to see employed more frequently as the digitization of records and broadening of access become the norm in the health care industry. Secondly, this M.O. implies a tremendous confidence in the criminals’ power to disrupt – and a calculation that the illicit ROI from blackmail would exceed the price that the data would command on the black market.
All of this is ultimately made possible by the digitization of medical records and the placement of those records on networks – often unprotected ones. It gets you thinking…
It’s another manic Monday, and you’re racing to drop off the kids, fight traffic, and get to work in time—to watch the Olympics.
Americans are putting in time at the office—not to do actual work, but to watch Misty May-Treanor and Kerri Walsh Jennings go for gold in beach volleyball. Or the hot, post-Hunger Games event of archery. Or men’s trampoline. (Yes, men’s trampoline! Who knew there was such a thing, and that the aptly named Dong Dong of China would win it?)
In the spirit of the Olympic Games under way this summer in London, we’ve opted to award gold, silver and bronze medals to companies and government institutions for their performance in the 2012 (In)Security Games.
Find out which organizations experienced the thrill of a well-designed privacy plan and which ones endured the agony of an easily prevented data breach. The goal is simple. We want organizations to get smarter about data security to better protect consumers’ personally identifiable information.
DNSCharger is a Trojan horse malware that’s been around for years. It has been used in corporate espionage and state-sponsored attacks for the last decade. Essentially it points an infected computer to malicious, criminally controlled computer servers. Once you’re connected, the bad guys can steal personal information, which can lead to identity theft among other woes.
Many financial institutions in Europe have no way to test their security plans to protect customer data, according to a study.
Even more troubling: one in five banks surveyed didn’t know if they had suffered a data breach in the past three years. The study from information management firms PwC and Iron Mountain also revealed that: