Wednesday, August 17, 2011

This is new. If you can organize a nation-wide protest, scheduling the gang to rob a store should be simple.

http://www.cnn.com/2011/CRIME/08/16/maryland.flash.mob/index.html

'Flash mob' robs Maryland 7-Eleven in less than a minute, police say



Not a huge Identity Theft, but it raises an interesting issue (which many Security & Privacy bloggers want an answer to...) If this turns out to be the Police Chief's cousin, imagine the fallout!

http://www.databreaches.net/?p=20169

Update on Gallatin, TN card fraud

Law enforcement continues to shield the name of a breached business in Gallatin, Tennessee, even though they acknowledge that past customers might still become victims.

Sarah Kingsbury reports, in part:

To date, Gallatin police have received 203 fraud reports related to the outbreak, with the majority of charges showing up on bank and credit card statements as purchases between $80-$100 at locations in various Florida cities.

Investigators discovered the source of the outbreak, which police initially pinpointed to a location around the 1400 block of Nashville Pike, but the business has not been identified because it is also considered a victim of the scam.

The information was not stolen through a skimming device on a card-swipe machine as Gallatin police originally believed, Mays said.

In terms of size, Mays described the Gallatin outbreak as a “small-scale, localized event that resulted from a computer that was not adequately protected.”

The business “is aware of it, has taken mitigating measures and it’s safe to use your card,” he said. “I don’t think there’s any reason to be unduly alarmed or afraid.”

However, although there isn’t a threat that card information is currently being stolen, consumers who made purchases at the unidentified business in the past may still see fraudulent charges show up on their statements.

If I go into a computer somewhere as a hacker and I steal 1,000 credit card numbers, that doesn’t mean all 1,000 of those numbers will be used tomorrow,” Mays said.

A hacker will sell them off bit by bit or in large groups to people who will use them, and that might take place tomorrow or it might take place several months from now.”

Investigators said it is likely some consumers made a purchase at the business many months ago and only recently saw illicit charges on their accounts. For this reason, police have encouraged credit and debit card users to monitor their monthly statements carefully and report any suspicious activity to their card companies.

Why the hell not alert people, “Hey, if you did business at _______ during ____ to ____, be sure to check your statements or contact your bank and cancel your card?” The way they’re handling this, consumers are not being given information I think they should be given.



Their procedures for ensuring access by terminated employees seems somewhat lacking...

Fired Techie Created Virtual Chaos At Pharma Co.

"Using a secret vSphere console, Jason Cornish, formerly an IT staffer at the U.S. subsidiary of drug-maker Shionogi, wiped out most of the company's computer infrastructure earlier this year. Cornish, 37, pleaded guilty Tuesday to computer intrusion charges in connection with the attack."

[From the article:

He wiped out 15 VMware host systems that were running e-mail, order tracking, financial and other services for the Florham Park, New Jersey, company.

"The Feb. 3 attack effectively froze Shionogi's operations for a number of days, leaving company employees unable to ship product, to cut checks, or even to communicate via e-mail," the U.S. Department of Justice said in court filings. Total cost to Shionogi: $800,000.

Cornish had resigned from the company in July 2010 after getting into a dispute with management, but he had been kept on as a consultant for two more months.

Then, in September 2010, the drug-maker laid off Cornish and other employees, but it did a bad job of revoking passwords to the network. [ya think? Bob] One employee, who was Cornish's friend and former boss, allegedly refused to hand over network passwords to company officials and eventually was fired because of this.



If I read this correctly, AT&T didn't bother to check on these guys before opening their database to them. Surely they noticed “hundreds of millions” of spoofed calls – couldn't they stop them?

http://www.pogowasright.org/?p=24043

AT&T Says Data Miners Defrauded It

Dan McCue reports:

AT&T claims two Utah men defrauded it by breaking into its caller-ID system with auto-dialers to steal valuable customer data through “hundreds of millions of ‘spoofed’ telephone calls.” They probably used the stolen information for telemarketing, AT&T says.

In a federal complaint in Dallas, AT&T and its subsidiaries claim that Phil Iverson and Chris J. Gose masterminded the scam, acting, or claiming to act, on behalf of co-defendants CCI Communications, Feature Films for Families, and Blue Skye, among others.

AT&T claims the men used an auto-dialing program to repeatedly and deliberately place “spoofed” calls to landline and wireless customers.

Read more on Courthouse News.

[From the article:

"Since 2006, AT&T's internal network fraud detection organization has uncovered numerous instances of defendants' data mining schemes. In some cases, AT&T has terminated or disabled the services that defendants have used to accomplish their unlawful data mining; in other cases, defendants themselves have stopped using their AT&T services once the fraud has been detected.

… To run the scam, AT&T says, the men purchased some of its services, including caller ID, then made spoofed calls to cause AT&T's computerized switching system to generate an electronic caller ID inquiry to send information to the called party.



For my Ethical Hackers: Start baking!

http://www.pogowasright.org/?p=24052

Man reveals secret recipe behind undeletable cookies

Dan Goodin reports:

A privacy researcher has revealed the evil genius behind a for-profit web analytics service capable of following users across more than 500 sites, even when all cookie storage was disabled and sites were viewed using a browser’s privacy mode.

The technique, which worked with sites including Hulu, Spotify and GigaOm, is controversial because it allowed analytics startup KISSmetrics to construct detailed browsing histories even when users went through considerable trouble to prevent tracking of the websites they viewed. It had the ability to resurrect cookies that were deleted, and could also compile a user’s browsing history across two or more different browsers. It came to light only after academic researchers published a paper late last month.

Read more on The Register.



Here is a link to the report...

http://www.bespacific.com/mt/archives/028041.html

August 16, 2011

McAfee White Paper on Global Cyberattacks

Revealed: Operation Shady RAT by Dmitri Alperovitch, Vice President, Threat Research, McAfee: "An investigation of targeted intrusions into more than 70 global companies, governments, and non-profit organizations during the last five years."

  • "...the targeted compromises we are focused on — known as advanced persistent threats (APTs) — are much more insidious and occur largely without public disclosures. They present a far greater threat to companies and governments, as the adversary is tenaciously persistent in achieving their objectives. The key to these intrusions is that the adversary is motivated by a massive hunger for secrets and intellectual property; this is different from the immediate financial gratification that drives much of cybercrime, another serious but more manageable threat. What we have witnessed over the past five to six years has been nothing short of a historically unprecedented transfer of wealth — closely guarded national secrets (including those from classified government networks), source code, bug databases, email archives, negotiation plans and exploration details for new oil and gas field auctions, document stores, legal contracts, supervisory control and data acquisition (SCADA) configurations, design schematics, and much more has “fallen off the truck” of numerous, mostly Western companies and disappeared in the ever-growing electronic archives of dogged adversaries."



Tools for Students...

http://www.makeuseof.com/tag/get-around-tethering-charges-easytether-android/

How To Get Around Tethering Charges Using EasyTether [Android 1.5+]



For all my students: How will you make it to “geezer age” if you keep watching American Idol?

Every Hour of TV You Watch May Shorten Your Lifespan By 22 Minutes [STUDY]



For my Math and Data Analysis students: Dilbert sums up the difficulty of our job.

http://dilbert.com/strips/comic/2011-08-17/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+dilbert%2Fdaily_strip+%28Dilbert+Daily+Strip+-+UU%29


Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)