Friday, November 19, 2010

Somehow this fails to give me that warm, fuzzy feeling I'd like to have when thinking of the Federal Reserve...

Malaysian National Indicted for Hacking into Federal Reserve Bank

November 18, 2010 by admin

The Dept. of Justice issued the following press release about a case noted earlier today on this blog:

Defendant’s Criminal Activities Extended to the National Security Sector

A four-count indictment was returned by a federal grand jury in Brooklyn today charging Lin Mun Poo, a resident and citizen of Malaysia, with hacking into a computer network of the Federal Reserve Bank and possessing more than 400,000 stolen credit and debit card numbers.1 The defendant was arrested on a criminal complaint shortly after his arrival in the United States on October 21, 2010, and has been held in custody since then. The case has been assigned to United States District Judge Dora L. Irizarry.

The charges were announced by Loretta E. Lynch, United States Attorney for the Eastern District of New York, and Brian G. Parr, Special Agent in Charge, United States Secret Service, New York Field Office.

According to the government’s pleadings and a detention letter filed today, the defendant made a career of compromising computer servers belonging to financial institutions, defense contractors, and major corporations, among others, and selling or trading the information contained therein for exploitation by others. On October 21, 2010, the defendant traveled to the United States for the purpose of obtaining additional stolen financial account information from other hackers, which he planned to use and sell for his own profit. When he was arrested a few hours after his arrival at John F. Kennedy International Airport, Secret Service agents seized his heavily encrypted laptop computer, which contained a massive quantity of financial account data and personal identifying information that he had allegedly obtained by hacking into various computer systems. The victims included FedComp, a data processor for federal credit unions. As a result, the defendant was able to gain unauthorized access to the data of various federal credit unions, such as the Firemen’s Association of the State of New York and the Mercer County New Jersey Teachers. The defendant also allegedly compromised the computer servers of a number of major financial institutions and companies, including a computer network of the Federal Reserve Bank of Cleveland, Ohio, by exploiting a vulnerability he found therein.

The defendant’s cybercrime activities allegedly extended to the national security sector. According to the government’s pleadings and detention letter, in approximately August 2010, he hacked into the computer system of a Department of Defense contractor that provides systems management for military transport and other military operations, potentially compromising highly sensitive military logistics information.

Bob McMillan of IDG News Service also covers the story on Computerworld and points us to the a DOJ court filing on the case.

What I really wonder about right now is how many of these banks, credit unions, and other targets even knew they had been breached, or was this all news to them?

What is going on here? Must we assume it takes the FBI 2 years to work through their backlog of cases? Did the priority drop when they (mistakenly) concluded there was no possibility of Identity Theft? Clearly, EODT's investigation found nothing to contradict the FBI, or did they simply not bother after getting an “all clear?”

Two years after a hacking incident, firm learns that employee data were accessed

November 18, 2010 by admin

Tennessee-based EOD Technology (EODT) recently notified the New Hampshire Attorney General’s Office of a breach that occurred in August 2008. No, that’s not a typo: 2008.

By letter dated November 12, the firm reported that in August 2008, they became aware that one of their computers had been accessed by an individual or individuals outside of the U.S. while the computer was connected to a non-EODT network. The incident was reported to the FBI at the time and an investigation by the FBI at that time reportedly suggested that the goal of the intrusion was to acquire EODT banking information and that no personal information had been accessed or acquired.

Fast forward to 2010 when the FBI recently notified EODT that it had uncovered additional information — information that indicated that documents containing the names and Social Security Numbers of employees had been accessed after all. The firm reports that it has no indication or reports to suggest that any of the employee data were misused.

Employees whose data were on the computer were notified by letter on November 10 and advised to remain alert and check their credit reports.

[From the letter:

But, recently the FBI notified EODT that additional information was uncovered during their lengthy investigation.

Of course, they are still operating. Now they are just careful not to lie... If the company was an individual, he'd be sharing Bernie Madoff's cell.

Nearly One Million LifeLock Victims to Receive Refund Checks from FTC

November 19, 2010 by Dissent

An administrator working for the Federal Trade Commission began mailing refund checks Wednesday to 957,928 people who were victims of allegedly false claims made by LifeLock, Inc., which told consumers it could provide absolute protection from identity theft if they signed up for its identity protection service. The mailings will continue for two weeks.

In March 2010, FTC Chairman Jon Leibowitz announced that LifeLock had agreed to pay $11 million to the FTC and $1 million to a group of 35 state attorneys general to settle charges that the company used false claims to promote its identity theft protection services, which it widely advertised by displaying the company’s CEO’s Social Security number on the side of a truck. The FTC charged that LifeLock provided less protection against identity theft than promised and made claims about its own data security that were not true. Consumers who signed up for LifeLock’s services based on those false claims will now be receiving refund checks.

Consumers will receive checks for $10.87 each, and will have 60 days to cash them. The distribution represents all eligible consumers, and no further claims for refunds will be accepted. Consumers who have questions can call the administrator’s toll-free number at 1-888-288-0783 or go to

These consumer refund checks can be cashed directly by the recipients. The FTC never requires the payment of money up-front or additional information to be provided before consumers cash their refund checks.

Source: FTC


Recommended: Comparison of services on location-based options

November 19, 2010 by Dissent has compiled a nifty chart comparing six service platforms (Facebook Places, Yelp, Gowilla, foursquare, Twitter, Loopt) in terms of location-based features that affect your privacy

Check it out here (pdf).

Sounds like a good idea, but there are a couple of sites that illustrate an interesting trend – analyzing data on your computer like Behavioral Advertisers analyze your cookies... Do they report this to anyone? (Imagine what they would do on your Congressman's computer...)

7 Sites That Can Help You Deal With Information Overload


Geneio is a service that installs on your computer and analyzes your current web history to determine content that interests you. A few minutes after installing, it determines your preferences and generates a homepage which is tailored to your interests.


Once you import your RSS feeds from Google Reader, and your Twitter and Facebook accounts, My6Sense begins analyzing how your read items and will start to give you personalized relevant results.

Rather than go based on what you think you are interested in, My6Sense actually looks at what you click on – they have found that sometimes the two don’t exactly match up.

Google Reader “Sort by Magic”

This option sorts your RSS folder based on the popularity of the post and how you interact with and share news items.

“It is better to look secure than to be secure”

Another TSA Outrage

November 19, 2010 by Dissent

Over on RedState, Erick Erickson posted a story told by a soldier returning from Afghanistan. It is a story that exemplifies the stupid security theater that is TSA as hundreds of soldiers were allowed to take their assault weapons onboard but a pair of nail clippers was confiscated during what should have been a brief stopover in Indianapolis to let 100 soldiers debark.

It has always puzzled me that TSA manages to find and confiscate the tiny screwdriver/screw set I carry with me (in case a lens falls out of my eyeglasses) but they invariably fail to detect cigarette lighters. I have tried to envision some terrorist stabbing madly with a one-inch screwdriver but no matter what scenario I generate, it doesn’t work — the terrorist does not get to take over the plane armed with an eyeglass repair kit. Nor, for that matter, do they get to take over the airplane using the metal shoehorn that TSA also keeps confiscating from my husband.

Congress has acted stupidly by endorsing and allowing this nonsense to continue and expand.

Have you called your Senators and representative to express your outrage and to find out what your elected officials are doing to put a halt to this?

No indication of classic “Identity Theft” in the article other than signing someone else's name.

Lawyer gets jail time in Dead Sea Scrolls harassment case

November 18, 2010 by Dissent

Jennifer Peltz of AP reports:

A New York lawyer was sentenced Thursday to six months in jail for an ultramodern crime that was all about antiquity: using online aliases to harass people in an academic debate about the Dead Sea Scrolls.

Raphael Golb, 50, was sentenced on identity theft and other charges in a rare criminal case centred on Internet impersonation — and a very rare trial that aired a bitter scholarly debate over the scrolls’ origins

Read more in the Toronto Star.

[From the article:

Golb’s father is a historian and Dead Sea Scrolls scholar. Prosecutors said Golb used fake email accounts and wrote blog posts under assumed names to discredit his father’s detractors.

“Using fictitious identities to impersonate victims is not what open academic debate seeks to foster,” District Attorney Cyrus Vance said when Golb was convicted.

Golb said the writings amounted to academic whistle-blowing and pointed parody, not crime.

… Schiffman went to authorities after some of his students and colleagues received emails from an address that used his name. The emails appeared to have him admitting that he plagiarized Norman Golb’s work and asking the recipients to keep quiet about it. Schiffman denies copying the historian’s work.

… Internet impersonation claims have generated a number of lawsuits, but prosecutions are unusual unless phony identities are used to steal money, experts say.

If they ignored this data, would they be negligent?

Insurers Test Data Profiles to Identify Risky Clients

November 19, 2010 by Dissent

Leslie Scism and Mark Maremont report:

Life insurers are testing an intensely personal new use for the vast dossiers of data being amassed about Americans: predicting people’s longevity.

Insurers have long used blood and urine tests to assess people’s health—a costly process. Today, however, data-gathering companies have such extensive files on most U.S. consumers—online shopping details, catalog purchases, magazine subscriptions, leisure activities and information from social-networking sites—that some insurers are exploring whether data can reveal nearly as much about a person as a lab analysis of their bodily fluids.

Read more in the Wall Street Journal

[From the article:

This kind of analysis, proponents argue, could lower insurance costs and eliminate an off-putting aspect of the insurance sale for some people.

"Requiring every customer to provide additional, and often unnecessary, information" such as blood or urine samples, "simply makes the process less efficient and less customer-friendly," says John Currier, chief actuary for Aviva USA.

… For insurers and data-sellers alike, the new techniques could open up a regulatory can of worms. The information sold by marketing-database firms is lightly regulated. But using it in the life-insurance application process would "raise questions" about whether the data would be subject to the federal Fair Credit Reporting Act, says Rebecca Kuehn of the Federal Trade Commission's division of privacy and identity protection. The law's provisions kick in when "adverse action" is taken against a person, such as a decision to deny insurance or increase rates.

… Deloitte and the life insurers stress the databases wouldn't be used to make final decisions about applicants. Rather, the process would simply speed up applications from people who look like good risks. [If they identify me as a “Security Expert” would they automatically ignore (positive or negative) information in my dossier? Bob] Other people would go through the traditional assessment process.

Keeping tabs...

How the U.S. Snoops on Russian Nukes From Space [Updated]

We have a wealth of advanced classified systems up there that can read license plates,” says Stephen Schwartz, a nuclear-arms expert at the James Martin Center for Nonproliferation Studies.

Tomorrow, Cape Canaveral will launch what the director of the National Reconnaissance Office — the intelligence agency that manages the spy satellites — calls the “largest satellite in the world” into geosynchronous orbit 22,300 miles above the earth, where it’ll use “sensitive radio receivers and an antenna generally believed to span up to 100 meters (328 feet) to gather electronic intelligence for the National Security Agency,” as sat-watcher Ted Molczan told

The National Reconnaissance Office’s satellites are classified. But of the 438 U.S. military, government and commercial satellites hovering overhead, “you could characterize about 90 of them as collecting some form of intelligence, whether it is imagery, signals or detecting nuclear detonations,” says Brian Weeden, a former officer with the U.S. Air Force Space Command. ( has a good rundown of some of their capabilities.)

My Statistics students will love this!

Win a Coin Toss

… But if you're trying to game the game, flip away. Researchers at the University of British Columbia proved it can work.

After an argument about how to divide patients randomly into groups for a clinical trial (some wanted to use a coin toss, others argued that coin tosses could be manipulated), they tested their theories on a group of medical residents. When given some basic pointers and five minutes of practice, the subjects could intentionally show heads as much as 68 percent of the time. Here's how they beat randomness.

Perhaps we could use this instead of Dissertations? (Comics in APA style?) - For The Creation Of Comic Books

As its name implies, Comic Master is an online tool that can be used for the creation of comic books and graphic novels.

This tool can be used at just no cost, and the comics that are created can then be shared with all your friends and contacts on the Social Web.

Comic Master has a library of backgrounds and characters that can be used in every comic book that is created. And in any case, users can upload their very own in order to give everything that further touch of personality.

One might think that a service like Comic Master is primarily going to be put to leisure uses. Yet, that would be a mistake. The truth is that such an Internet tool will be of great aid to educators that want their students to become more involved in anything they have to learn. For example, think how practical such a service can be for learning about any historical character. It will make it all resemble a game, and (consequently) be apprehended more easily by the children.

No comments: