Archive for the ‘Ondrej Krehel’ Category


One by one, like toy soldiers under fire, the country’s largest banks are being peppered with distributed denial-of-service attacks, or DDos.

In early September, test attacks began on small banks’ sites. Then JPMorgan, Citigroup and Bank of America were assaulted. Most recently , U.S. Bancorp and PNC Financial came under the digital hammer.

DDoS attacks have been around for a long time. Basically, a computer server is bombarded with requests in an attempt to make a site unavailable for intended users. The server becomes overloaded and cannot respond, or becomes paralyzingly slow. In the recent cases, online banking sites received so much traffic their websites went down. Down time, of course, means money lost. A sustained attack can cripple sites indefinitely.


My phone rings whenever an IDT911 client is hacked, suffers a data breach, or is a victim of identity theft via digital means. My job as chief information security officer is to look at all the digital evidence.

When possible, I reconstruct the cyber attack. It’s C.S.I. work. By reconstructing the attack, often I can tell where it came from, how it unfolded and—most importantly—who did it. It’s a way of finding and preserving digital evidence. There’s a reason that it’s called forensics.

Digital forensics can be divided into four categories. Knowing what they are and how to handle them in the event of an attack can help me do my job and restore your company’s daily operations.


It’s another manic Monday, and you’re racing to drop off the kids, fight traffic, and get to work in time—to watch the Olympics.

Americans are putting in time at the office—not to do actual work, but to watch Misty May-Treanor and Kerri Walsh Jennings go for gold in beach volleyball. Or the hot, post-Hunger Games event of archery. Or men’s trampoline. (Yes, men’s trampoline! Who knew there was such a thing, and that the aptly named Dong Dong of China would win it?)

The Olympics will cost U.S. companies according to the digital media company Captivate Network. In Los Angeles, so many on their work computers that the chief technology officer begged them to stop or it would threaten the city’s entire cyber system.


By now you’ve all seen the video of American gymnast Aly Raisman’s parents wincing, twisting and turning in their seats as they watched their daughter compete for Team USA in the Olympics gymnastics competition. (If you’ve been off the grid, check it out )

We know how they feel, because when we see consumers making big mistakes online, we squirm and shout. We don’t yell “Stick it!” right before the dismount, but we get pretty worked up.

Just as NBC announcer Tim Daggett delivers one of his Daggets to the heart of a teenage gymnast (“That’s gonna be a half-point deduction …”), we’re going to be brutally honest about the performance of consumers. We can’t sugarcoat it, because there’s more at stake for online users than going for gold or settling for silver. One blip on the beam or pratfall on the pommel can make a bank-account balance drop faster than an icy judge’s score. And it’ll take more than a Wheaties box to build it back.



Scammers don’t need to break into your home to steal your personally identifiable information. They have ways of getting you to give it up yourself—through phishing scams. Ondrej Krehel, Identity Theft 911′s chief information security officer, explains how phishing works in this slideshow:



You’ve probably seen or heard over DNSCharger—the latest malware to hit the Web.

DNSCharger is a Trojan horse malware that’s been around for years. It has been used in corporate espionage and state-sponsored attacks for the last decade. Essentially it points an infected computer to malicious, criminally controlled computer servers. Once you’re connected, the bad guys can steal personal information, which can lead to identity theft among other woes.


People who rely on LinkedIn for professional networking keep a wealth of information stored on their profile pages.

With a exposing 6.5 million user passwords, LinkedIn users need to take steps to protect their personal data.

Here are five tips we recommend you follow:


By Ondrej Krehel,

Thanks to modern technology, it’s getting easier to access precious data on databases. The loss of consumer information in high-profile data breaches underscores the need for safe practices.

I’ve identified some common unsafe practices that have led to a number of such data loss incidents. Take a look at these 15 major security flaws:



VeriSign Inc., the company responsible for assuring that more than half the world’s websites are authentic, was hacked multiple times in 2010, and the thieves succeeded in stealing information.

The company is one of the major pillars of the Internet, responsible for assuring the authenticity of all websites that end in .com, .gov and .net. VeriSign also processes up to 50 billion web queries a day, defends companies’ websites against cyber attacks, and tracks international hackers.