Friday, September 18, 2009

Once your data has been stolen, the crooks have it – no matter who has been arrested.

http://www.databreaches.net/?p=7192

Commerce Bank replaces cards compromised in Heartland breach

September 18, 2009 by admin Filed under Financial Sector, Government Sector, Hack, ID Theft, Malware

Dan Margolies reports that Commerce Bank in Kansas City is first replacing credit cards after a recent small wave of fraudulent activity was reported. The compromised cards were involved in the Heartland Payment Systems breach disclosed in January 2009.

“We are now beginning to reissue some cards that were part of the block of cards that went through Heartland Payment Systems and were compromised by the bad guys,” said Carl Bradbury, Commerce’s director of consumer card products.

[...]

Bradbury said the Heartland breach was only now hitting banks such as Commerce because when criminals “steal blocks of numbers, especially a large block of numbers like this, they break them into smaller blocks and sell them, and so it goes on” until the end users try to use those cards to get money out of ATMs or to make purchases.

Bradbury said Commerce had been “very lucky in that the wave of fraud largely passed over the bank.” But “fairly recently we’ve had some flickers on the radar that showed that some of our card numbers associated with trafficking through Heartland had been used to perpetrate fraud.”

[...]

Bradbury declined to quantify the fraud or the amount Commerce has absorbed.

“But it was a very small percentage of our portfolio,” he said.

Other local bank officials said the Heartland breach had affected some of their customers, but not recently.

“I don’t think more than a handful of our customers were affected,” said UMB Bank spokeswoman Pam Blase. “And it was months ago.”

Read more in The Kansas City Star.

As of its most recent count, BankInfoSecurity.com reported that 673 financial institutions had publicly revealed that they had been affected by the breach. If, as Commerce Bank’s spokesperson suggests, Commerce may be part of a new wave, we may see that number continue to climb slowly. In any event, if we add in Commerce and UMB Bank, the count currently stands at 675.



Maybe all unauthorized access to personal information is terrorism?

http://www.pogowasright.org/?p=3935

Chief Constable sued over data stolen from a police computer

September 18, 2009 by Dissent Filed under Breaches, Court, Govt, Non-U.S.

A story in today’s Belfast Telegraph reminds us that employee snooping on personal information is not always just out of curiosity or for purposes of ID theft:

A victims campaigner has launched legal proceedings against the Chief Constable and two loyalist bandsmen [Is that “English” for anti-IRA hit-men? Bob] over the gathering of information on Catholics from a police database.

Lawyers for Mark Thompson, director of the Relatives for Justice group, confirmed writs have been served in his High Court claim for damages.

Mr Thompson is suing the Police Service and Co Antrim men Aaron Hill (24) and Darren Richardson (31) who were both convicted of collecting information likely to be useful to terrorists. [Interesting crime... Don't all governments do that? Bob]

Hill, a former PSNI civilian member of staff from Mainebank, Randalstown, admitted carrying out checks on the police computer system for more than two years before being detected.

It was estimated that around 100 names were searched, with nearly 70 people warned to step up their personal security because their details had been accessed.

Read more in the Belfast Telegraph. PSNI is the Police Service of Northern Ireland.



Statistics. (and an indication that people use technology without understanding it.)

http://www.pogowasright.org/?p=3897

One in eight Brits hit by identity theft

September 17, 2009 by Dissent Filed under Breaches, Internet, Non-U.S.

Shaun Nichols reports:

A recent study has estimated that one in eight adults in the UK have been the victim of online fraud or identity theft.

The survey, conducted by research firm YouGov and backed by online security vendor VeriSign, polled roughly 2,100 adults in the UK. Some 12 per cent said that they had been a victim of online ID fraud within the past 12 months.

The researchers credited most of the losses to increasingly sophisticated attack methods, combined with larger numbers of users shopping online. Experts suggest that many users remain unaware of how to spot fraudulent sites and protect against data theft.

Read more on v3.



Interesting that the FBI bothers with these guys, even if the network has offices in New york. But of course, they deal with “rich people” not us second-class citizens.

http://www.databreaches.net/?p=7174

Private Jet-Set Network Hacked

September 17, 2009 by admin Filed under Breach Incidents, Business Sector, Hack, Other

McAfee Research Blog reports that ASmallWorld, a social networking site for jetsetters received an extortion demand:

Yesterday the French police force (OCLCTIC), accompanied by FBI agents, arrested two French residents. They were suspected of hacking [ASmallWorld] social-network platform dedicated to the worldwide upper crust. They allegedly attempted to extort US$1 million from the webmasters to not divulge stolen data.

Two years ago, a paper named “Asmallworld.net: we have hacked the smartest worldwide website” made some noise in France.

Danny Shea provides additional details on Huffington Post:

French police, assisted by the FBI, took in the two hackers — one in Paris, one in the Gironde — for an attempt to blackmail several members of ASMALLWORLD’s management team by suggesting they had full access to the member data base and asking them to cough up a million dollars in exchange for their silence. The hackers contacted ASMALLWORLD in late May.

The company, which keeps neither credit card information nor any private information about its members, assessed the threat level as low and began working with authorities to launch an investigation monitoring the hackers’ online activity. That investigation helped reveal their identities, and they are now in police custody.



This is an updating of the old “rounding error” scheme. Remember, it's not the size of the theft, it's the volume! ($200,073.44 / 58,000 = $3.45 per transaction)

http://www.databreaches.net/?p=7182

Man sentenced for micro-deposit scam

September 17, 2009 by admin Filed under Financial Sector, Of Note, Other, U.S.

A 22-year old man was sentenced to 15 months in prison and restitution of $200,073.44 for fraud and related activity in connection with computers. After release from prison, Michael Largent will also face three years of strict restrictions on his use of computers and the Internet.

According to Assistant United States Attorney Matthew D. Segal, a prosecutor in the Eastern District California U.S. Attorney’s Office’s Computer Hacking and Intellectual Property (CHIP) unit, from November 2007 through May 2008, Largent wrote a computer program that allowed him to defraud E*Trade, Charles Schwab & Co., and Google by opening or attempting to open more than 58,000 brokerage accounts. He did this to steal the “micro-deposits.” A financial institution will make a micro-deposit when an account is opened to test the functionality of an account. The amounts deposited in this case ranged from $0.01 to $2.00.

Largent used false names, addresses, driver’s license numbers, and social security numbers, including the names of known cartoon and comic book characters to open the accounts. When the deposits occurred, he would transfer the funds into his own bank accounts or onto prepaid debit cards, without the authorization or knowledge of his victims. [Only indication that there were Identity Theft victims, too. Probably just poor reporting. Bob] As a result, Largent fraudulently obtained or attempted to obtain tens of thousands of dollars, which he used for personal expenses.

E*TRADE and Charles Schwab detected the fraud and notified law enforcement independently of each other. Largent was originally indicted in May 2008.

In sentencing Largent, United States District Judge Morrison C. England Jr. observed that Largent’s scheme took some sophistication, and wondered why he had not used his skills and talents in a lawful way.



This caught my eye because it's from the area where I grew up.

http://www.pogowasright.org/?p=3902

Former officer charged with computer crime

September 17, 2009 by Dissent Filed under Breaches, Court, Govt

Linda Seida reports:

A former New Hope Borough and Solebury Township part-time police officer has been charged with unlawful use of a computer and related offenses that stem from a traffic stop in which he used a woman’s cell phone to send an “explicit picture” of her to another man, according to a court document.

Later, when the woman confronted Officer Michael Montalbano in the New Hope police station, he chastised her for having “pictures like that,” according to an affidavit filed by the Bucks County detectives who investigated the officer’s alleged misbehavior.

A preliminary hearing for Officer Montalbano is scheduled for Oct. 26.

Read more on CentralJersey.com



Unintended consequences.

http://news.slashdot.org/story/09/09/18/0011218/Spyware-Prank-Exposes-Hospital-Medical-Records?from=rss

Spyware Prank Exposes Hospital Medical Records

Posted by kdawson on Friday September 18, @02:23AM from the epic-keylogger-fail dept.

cheerytt writes

"Let this be a lesson to all the broken-hearted geeks out there. A 38-year-old Ohio man is set to plead guilty to federal charges after spyware he meant to install on the computer of a woman he'd had a relationship with ended up infecting computers at a children's hospital. Spyware was sent to the woman's Yahoo e-mail address in the hope it would be used to monitor what his former girlfriend was doing on her PC. But instead, she opened the spyware on a computer in the hospital's pediatric cardiac surgery department. The spyware sent more than 1,000 screen captures via e-mail, including details of medical procedures, diagnostic notes and other confidential information relating to 62 patients. The man will pay $33,000 to the hospital for damages and faces a maximum sentence of five years in prison."

[From the article:

"While Scott Graham does take responsibility for his conduct, it was never his intention to harm any organization or entity," said his attorney, Ian Friedman, in a telephone interview. [Just his ex-girlfriend Bob]

… Still Howes faulted the hospital's IT staff for allowing someone to download spyware from Yahoo mail and install it on their systems.

… A spokeswoman with the Akron Children's Hospital was unaware of the case and unable to comment. [How could this be? “Oh, we don't much care about HIPAA violations...” Bob]



The Republic of Massachusetts drags its citizens forward to 1984. Question: If you notice the GPS device and remove it, have you committed crime?

http://yro.slashdot.org/story/09/09/17/2030222/Secret-GPS-Tracking-Now-Legal-In-Massachusetts?from=rss

Secret GPS Tracking Now Legal In Massachusetts

Posted by timothy on Thursday September 17, @04:43PM from the unsecret-kind-requires-anklet dept.

dr. fuzz writes

"The Supreme Judicial Court of Massachusetts has ruled in favor of John Law tracking you with secret GPS devices in Massachusetts provided a warrant is obtained. You've been warned. To the dissenters' credit, Justice Ralph Gants is quoted with 'Our constitutional analysis should focus on the privacy interest at risk from contemporaneous GPS monitoring, not simply the property interest.'"



Ah dem Canadians, dey has a firm grasp of de obvious, eh? Does this not reflect/extend the concept that ISPs are merely conduits for content?

http://yro.slashdot.org/story/09/09/17/1829242/Canadian-Court-of-Appeals-Decides-Website-Linking-Isnt-Libelous?from=rss

Canadian Court of Appeals Decides Website Linking Isn't Libelous

Posted by timothy on Thursday September 17, @02:48PM from the reelect-that-man dept.

inject_hotmail.com writes

"I found this promising news over on Michael Geist's website: In an amazing display of wisdom and understanding, British Columbia (Canada) court of appeals (in a split decision) decided that it is not libelous to link to defamatory content. The judge stated that 'there is, in my view, no substantial difference between providing a web address and a mere hyperlink. Whether the hyperlink is a web address, as is often the case, or a more specific reference, both require a decision on the part of the reader to access another website, and both require the reader to take a distinct action, in the one case typing in a web address and in the other case clicking on the hyperlink. In other words, there is a barrier between the accessed article and the hyperlinked site that must be bridged, not by the publisher, but by the reader. The essence of following a hyperlink is to leave the website one was at to enter a different and independent website.' The case was brought about by B.C. businessman Wayne Crookes, who claimed that p2pnet had damaged his character by linking to websites with which he did not agree. Presumedly, the website with the actual content in question is outside of the purview of the Canadian courts; however, p2pnet is not."



In virtual worlds we have virtual lawyers chasing virtual ambulances and that still results in real world lawsuits?

http://www.wired.com/threatlevel/2009/09/linden

Linden Lab Targeted in Second Life Sex-Code Lawsuit

By David Kravets Email Author September 17, 2009 7:41 pm



The Joys of Computer Forensics. With old operating systems come old application software. Do you have a copy of VisiCalc I could borrow?

http://tech.slashdot.org/story/09/09/17/1747259/Old-Operating-Systems-Never-Die?from=rss

Old Operating Systems Never Die

Posted by timothy on Thursday September 17, @01:59PM from the they-just-start-running-in-loops dept.

Harry writes

"Haiku, an open-source re-creation of legendary 1990s operating system BeOS, was released in alpha form this week. The news made me happy and led me to check in on the status of other once-prominent OSes — CP/M, OS/2, AmigaOS, and more. Remarkably, none of them are truly defunct: In one form or another, they or their descendants are still available, being used by real people to accomplish useful tasks. Has there ever been a major OS that simply went away, period?"



...and if it's not registered you can buy it here!

http://www.bespacific.com/mt/archives/022345.html

September 17, 2009

Free Search Engine for All U.S. Trademarks Filed Since 1870

TradeMarkia - Search for a trademark by: name (here is the result for beSpacific), filing date(s), category, goods & services, company name, status [via Google Blogoscoped]



Woz is worth watching.

http://fora.tv/2006/09/26/Steve_Wozniak

Steve Wozniak: How I Invented the Personal Computer



Free is good!

http://www.killerstartups.com/Search/freebook-s-com-find-every-book-you-want-for-free

FreeBook-s.com - Find Every Book You Want For Free

http://www.freebook-s.com/

Can’t get your hands on enough books to read? If you happened to answer that question affirmatively, then this portal will no doubt appeal to you. In essence, here you will be capable of looking up and procuring free books about most topics you could think of.

No comments: