We saw this a few weeks ago in Connecticut(?) Apparently there is a do-it-yourself kit out there...

http://www.insidebayarea.com/oaklandtribune/ci_5659098

Card fraud linked to supermarket

By Alejandro Alfonso, STAFF WRITER Article Last Updated: 04/13/2007 08:45:39 AM PDT

SAN LORENZO — Using their credit or debit cards in the checkout line at the supermarket is how more than 60 people had their identity stolen and bank accounts raided by tech-savvy thieves, Alameda County Sheriff's Sgt. Tom Madigan said.

A credit card skimmer, a device used to capture the account and PIN numbers associated with a credit or debit card when it is swiped through the machine, was placed on a checkstand in Albertsons [How can they do this without out anyone noticing? Bob] at 15840 Hesperian Blvd., Madigan said.

"By installing that device, they captured PIN and account numbers," he said. "We believe the device was installed for a period of time and then removed." [Two opportunities to catch these guys... Bob]

The Sheriff's Office saw a spike in reported cases of identity theft in the past week — at least 60 so far — and Madigan expects more as people continue to check their bank statments, he said. The Sheriff's Office usually averages about 20 calls of identity theft a month.

"Some people might not even know they are victims," he said.

In this case, the thieves are making clone cards with the information and using them to take money through ATMs, predominantly in Southern California, Madigan said.

"Clearly, this is a sophisticated person or group of organized individuals," he said.

The estimated total loss from all the accounts is about $50,000 as of Thursday, Madigan said. The minimum taken from any single account has been $500, he added.

In some cases, the thieves made phony deposits through the ATM with an empty envelope and then made withdrawals.

"Banks take the brunt of these losses," Madigan said. "They are getting hammered because they have to replace the money."

Most people only report the fraud to their banks, he said. "On average, about 25 percent report these things to us," Madigan added, implying the loss could be much larger.

"We are trying to sort out which ones are coming from the Albertsons and which are separate," he said.

Why would you think this is limited to Texas?

http://www.pogowasright.org/article.php?story=200704140756026

TX: Lawmakers concerned about governor's database, who has oversight

Saturday, April 14 2007 @ 07:56 AM CDT - Contributed by: PrivacyNews - State/Local Govt.

Concerns about a criminal database amassed by Gov. Rick Perry's homeland security office dominated a public hearing on a border security bill late Friday, with Democratic lawmakers pointedly questioning who controls the information, what safeguards are in place to ensure its integrity and whether it could be used for political purposes or to infringe on civil liberties.

Earlier, Rep. Richard Raymond, D-Laredo, filed legislation Friday that would move the database out of the governor's office to the Texas Department of Public Safety.

Source - Statesman.com

Related - KHOU: Perry aide has huge database with info on more than 1M Texans

We can, therefore we must!

http://www.pogowasright.org/article.php?story=20070414124549252

UK: Hundreds hit in drive for roadside fingerprints

Saturday, April 14 2007 @ 12:45 PM CDT - Contributed by: PrivacyNews - Non-U.S. News

HUNDREDS of motorists have had their fingerprints checked at the roadside in a controversial pilot scheme that has raised fears of a growing Big Brother culture. Drivers and passengers are among the 4,200 people who just in the past four months have been asked to use a hand-held fingerprint reader.

The device checks their identity against 6.5 million recorded prints of convicts and crime suspects.

Source - Yorkshire Post

If you know they are “breaking the rules” shouldn't there be more severe consequences?

http://www.sun-sentinel.com/news/nationworld/sfl-aloans15apr15,0,2245764.story

Lenders break rules searching students' data

System may be shut down

By Amit R. Paley The Washington Post April 15, 2007

WASHINGTON · Some lending companies with access to a national database that contains confidential information on 60 million student borrowers have repeatedly searched it in ways that violate federal rules, raising alarms about data mining and abuse of privacy, government and university officials said.

The improper searching has grown so pervasive that officials said the Education Department is considering a temporary shutdown of the government-run database to review access policies and tighten security.

... The department has blocked thousands of users that it deemed unqualified for access after security reviews, McLane said, and it has blocked 246 users from the student loan industry for inappropriately accessing the data.

... The department has been "vigilant in its monitoring for unauthorized uses" of the database, McLane said. [Sure enough, we see lots of “unauthorized uses,” we just don't do much...” Bob]

The database, known as the National Student Loan Data System, was created in 1993 to help determine whether students are eligible for student aid and assist in collecting loan payments. About 29,000 university financial aid administrators and 7,500 loan company employees have access to it.

As long as we're talking about unpunished sins... (This is not a new incident, just a followup.)

http://www.pittsburghlive.com/x/pittsburghtrib/news/cityregion/s_502469.html

UPMC admits privacy violation

By Mark Houser TRIBUNE-REVIEW Friday, April 13, 2007

If the government fines UPMC for revealing the private records of 80 patients, it will be the first such fine in the country.

... Federal law prohibits the unauthorized release of private medical information.

... The U.S. Department of Health and Human Services enforces [Not the word I would use... Bob] medical records privacy through its Office of Civil Rights, which can issue fines of up to $25,000 a year for each violation.

The office has received about 26,000 complaints of medical privacy breaches since new privacy rules went into effect in 2003, according to a senior adviser there who spoke on background.

Of those, about 4,100 have been determined to be actual violations of federal rules, the official said. But the office has worked with health care agencies to correct problems and has not yet issued a fine, the official said.

... Some critics say the lack of fines gives the impression the government isn't serious about protecting privacy.

"The current policy is to give hospitals one free violation. That sends the wrong message," said Peter Swire, an Ohio State University law professor who oversaw the creation of the medical records law under the Clinton administration.

"Compliance people in hospitals have complained that they are not getting budget and support due to this no-enforcement strategy," Swire said.

A 2006 national survey of health care providers and insurers by the Healthcare Information and Management Systems Society found that 22 percent of care providers were not in compliance with privacy regulations.

In addition, the survey said about half of reportedly compliant hospitals reported breaches in medical privacy.

What does $3 Billion buy you?

http://blogs.zdnet.com/micro-markets/?p=1219

Google to tag users across Web: Privacy Boomerang?

Posted by Donna Bogatin @ 1:04 am April 14th, 2007

Why is Google acquiring DoubleClick?

To give users “better privacy protection,” among other things asserted by Google.

REALLY? Google has actually taken a $3.1 billion step closer to realizing its objective of organizing all the world’s information, the world’s personal information that is.

In acquiring DoubleClick, Google will operate the firm’s “Boomerang for Advertisers, Marketers and Agencies” to leverage behavioral targeting, “the most effective form of targeting available, according to DoubleClick.

How DoubleClick's Boomerang works:

1) User visits client Website looking for a product and browses, but does not make a decision. The user is “now tagged” as an interested prospect in a Boomerang List.

2) User continues Web browsing, visiting a site where the client has an ad campaign already running. Dart for Advertisers recognizes the visitor (thanks to the Dart cookie ID), and serves a targeted ad offering free shipping.

3) Qualified prospect clicks on Boomerang-targeted ad and is taken back to client Website to take advantage of free shipping offer.

Google has famously not accepted third party ad tags under the guise that “we don’t do anything to compromise the user experience on Google properties or across our AdSense network.”

In its Google Speak FAQ on its DoubleClick transaction, however, Google says:

We did not accept third party tags because we could not guarantee the quality of the ad or that it would comply with our format policies. (BUT) working with DoubleClick we will increase the relevance of ads online so that we maintain a positive user experience while providing targeted ad opportunities for advertisers and increased monetization for publishers.

What are some of the ways Google might “increase the relevance of ads online” by working with DoubleClick?

The ability to correlate information about third-party sites collected using DoubleClick technology, particularly cookies, with search history and other information gathered by Google would be extremely powerful, and potentially very attractive as a marketing tool (and) would significantly increase the amount of data that could be aggregated about any given individual, Lauren Weinstein, California Initiative for Internet Privacy, is cited by CIO Today.

Google acquires a DoubleClick “sketchy reputation,” according to Weinstein:

From the start DoubleClick has been the poster boy for third-party cookies, and when they started pulling information from widely ranging sources and compiling in it in a central database, they helped drive the opposition to cookies. There are entire Web sites devoted just to blocking DoubleClick ads.

When DoubleClick ads become Google ads will there be a privacy Boomerang?

ALSO: Google DoubleClick merger: Who wins, who loses and Google DoubleClick marriage (can be) risky business and Google hurts Yahoo with DoubleClick deal and Google: $3.1 billion cash for Web monopoly! and Microsoft vs. Google: Will MSN, Windows Live compete?

Finding potential collaborators or potential victims... (see next article)

http://radar.oreilly.com/archives/2007/04/why_im_so_excit.html

Why I'm so excited about Spock

Sat 04.14.07 Tim O'Reilly

Note: Spock is among the companies launching at the Web 2.0 Expo on Monday.

Michael Arrington wrote the other day about spock, the new people search engine, but I have to say that I don't think he did it justice. Spock is really cool, and performs a unique function that is well outside the range of capabilities of current search engines. What's more, it's got a fabulous interface for harvesting user contribution to improve its results.

You can search for a specific person -- but you can do that on Google. More importantly, you can search for a class of person, say politicians, or people associated with a topic -- say Ruby on Rails. The spock robot automatically creates tags for any person it finds (and it gathers information on people from Wikipedia, social networking sites like LinkedIn and Facebook), but it also lets users add tags of their own, and vote existing tags up or down to strengthen the associations between people and topics. Users can also identify relationships between people (friend, co-worker, etc.), upload pictures, and provide other types of information. This is definitely a site that will get better as more people use it -- one of my key tests for Web 2.0. It also illustrates the heart of a new development paradigm: using programs to populate a database, and people to improve it.

Would your local cops even understand the crime?

http://www.msnbc.msn.com/id/18101672/

WP: Stalkers track victims in cyberspace

Little more than cursory skills needed to track exes' online, phone activity

By Chris L. Jenkins The Washington Post Updated: 12:13 a.m. MT April 14, 2007

The case had the makings of an eerie cyber-mystery: A young Alexandria woman told local police she suspected that her ex-boyfriend was tapping into her e-mail inbox from thousands of miles away, reading messages before she could and harassing the senders.

She was right to be suspicious. Her ex had hacked into her e-mail account, either guessing her password or using spyware -- software that can secretly read e-mails and survey cyber-traffic, law enforcement officials said. For months, apparently, he had followed her every online move, part of a pattern of abuse city police are still investigating.

Law enforcement officials and safety groups have focused on the Internet as an arena for such types of harassment as false impersonation and character assassination as more people voluntarily place their private lives on public display through Web sites such as Facebook.com and MySpace.com.

But a little-discussed and more threatening phenomenon is also happening to the unwitting online and in the high-tech world: cyber-stalking, the illegal monitoring of private information and communication of ex-lovers and spouses as a form of domestic violence. The spurned often use global positioning systems, invasive computer programs, cellphone monitoring chips and tiny cameras to follow the whereabouts, goings-on and personal communications of unsuspecting victims.

... It's not hard to figure out. Do-it-yourself manuals are widely available online. Some sites advertise otherwise legitimate programs for stalking uses. For instance, spyware was developed commercially to help parents keep tabs on their children's Web use and to provide information for advertisers. Now it is commonly advertised on Web sites as a way to snoop on a spouse. "Monitor any PC from anywhere!" one ad promises. "Spy stealthily so that the user won't know such monitoring exists," another says.

... In addition, the Bureau of Justice Statistics has started to track technological methods used in stalking and domestic violence.

If Al Gore didn't invent it, I won't believe it! (Should this have been published on April 1^st?

http://news.independent.co.uk/environment/wildlife/article2449968.ece

Are mobile phones wiping out our bees?

Scientists claim radiation from handsets are to blame for mysterious 'colony collapse' of bees

By Geoffrey Lean and Harriet Shawcross Published: 15 April 2007

It seems like the plot of a particularly far-fetched horror film. But some scientists suggest that our love of the mobile phone could cause massive food shortages, as the world's harvests fail.

They are putting forward the theory that radiation given off by mobile phones and other hi-tech gadgets is a possible answer to one of the more bizarre mysteries ever to happen in the natural world - the abrupt disappearance of the bees that pollinate crops. Late last week, some bee-keepers claimed that the phenomenon - which started in the US, then spread to continental Europe - was beginning to hit Britain as well.

The theory is that radiation from mobile phones interferes with bees' navigation systems, preventing the famously homeloving species from finding their way back to their hives. Improbable as it may seem, there is now evidence to back this up.

Lightweight paper. But it might start a useful debate.

http://politics.slashdot.org/article.pl?sid=07/04/14/1718241&from=rss

New Laws of Robotics Proposed for US Kill-Bots

Posted by Zonk on Saturday April 14, @04:43PM from the maybe-calling-them-kill-bots-is-a-bad-first-step dept. Sci-Fi Robotics Politics Technology

jakosc writes "The Register has a short commentary about a proposed new set of laws of robotics for war robots by John S Canning of the Naval Surface Warfare Centre. Unlike Asimov's three laws of robotics Canning proposes (pdf) that we should 'Let machines target other machines and let men target men.' Although this sounds OK in principle, 'a robot could decide under Mr Canning's rules, to target a weapon system such as an AK47 for destruction on its own initiative, requiring no permission from a human. If the person holding it was thereby killed, that would be collateral damage and the killer droid would be in the clear.'"

Some snippets to suggest that reading these articles may be important to both the e-Discovery team and IT in general...

http://www.securityfocus.com/infocus/1890?ref=rss

Notes On Vista Forensics, Part Two

Jamie Morris 2007-04-13

... Another interesting change is that Vista is configured by default to not update the last access time on files, a decision made to increase file system performance.

... In fact, situations where a user's data may no longer be stored on the local machine should come as no surprise to forensic examiners.

... As most computer users will know, there often comes a time when our machines slow to a crawl due to too many applications making demands on available memory. The most straightforward solution to this problem (other than running fewer programs at the same time, of course) is to add extra RAM but this can still be a daunting task for those with little technical knowledge. Vista offers a solution to this problem in the shape of ReadyBoost [ref 8], a new feature which allows attached flash memory devices to be used as extra memory.

... Metadata can be described as data about data. In the world of computer forensics, metadata is usually discussed in terms of information held about a file, a well known example of which is the information associated with a Word document which can include various details such as the author's name, comments and revision history (in fact, this particular example is so well known that Microsoft was forced to create a tool to help users remove the data in question!) Metadata on Windows systems becomes even more interesting when you examine multiple file streams, a concept first introduced in NT 3.51, which allow you to associate extra information with a file on an NTFS filesystem. Although the information held in these streams may appear invisible to the typical user, it can be a rich source of information to the examiner. This potential repository for data could also be used to hide information and so it has become an essential area to cover during an investigation.

... Returning to the user experience once again, another important develoment as far as metadata is concerned is that Microsoft is now encouraging users to add such data to their own files though the use of "tags" or "metatags". Primarily seen as a way to help users rate, organize and search through their content, user-generated tags may prove to be a useful source of information during certain types of investigation. However, the flip side of this potential benefit is that Vista also makes it relatively easy (through a file's Properties tab) for users to remove metadata.

... Scott A. Moulton of Forensic Strategy Services, LLC. [ref 11] explains: "I still have major problems mounting large drives under Vista. I use many 1 terabyte or 2 terabyte drives and Vista is absolutely worthless on these drives - I'm lucky if Vista does not actually mess the drive up. Deleting files is a nightmare and sometimes takes days.

Interesting debate? We can be open and not safe, or closed and still not safe.

http://www.networkworld.com/columnists/2007/041607backspin.html

Prepared for the worst

Backspin By Mark Gibbs, Network World, 04/13/07

Several readers wrote in after last week's column to ask whether it was a good idea to tell the bad guys about One Wilshire -- the carrier hotel inhabited by a bunch of Tier 1 service providers -- and how to find it.