Tuesday, October 20, 2009

ChoicePoint was the first and remains a whipping boy in the Identity Theft field. You would think they would expend some resources to ensure they eventually get out of the headlines. My Disaster Recovery class will be discussing this tonight...

http://www.databreaches.net/?p=7870

FTC settles latest charges against ChoicePoint

October 19, 2009 by admin Filed under Breach Incidents, Business Sector, Of Note, U.S.

ChoicePoint, Inc., one of the nation’s largest data brokers, has agreed to strengthened data security requirements to settle Federal Trade Commission charges that the company failed to implement a comprehensive information security program protecting consumers’ sensitive information, as required by a previous court order. This failure left the door open to a data breach in 2008 that compromised the personal information of 13,750 people and put them at risk of identify theft. ChoicePoint has now agreed to a modified court order that expands its data security assessment and reporting duties and requires the company to pay $275,000.

In April 2008, ChoicePoint (now a subsidiary of Reed Elsevier, Inc.) turned off a key electronic security tool used to monitor access to one of its databases, and for four months failed to detect that the security tool was off, according to the FTC. During that period, an unknown person conducted unauthorized searches of a ChoicePoint database containing sensitive consumer information, including Social Security numbers. The searches continued for 30 days. After discovering the breach, the company brought the matter to the FTC’s attention.

The FTC alleged that if the security software tool had been working, ChoicePoint likely would have detected the intrusions much earlier and minimized the extent of the breach. The FTC also alleged that ChoicePoint’s conduct violated a 2006 court order mandating that the company institute a comprehensive information security program reasonably designed to protect consumers’ sensitive personal information.

Under the agreed-upon modified court order, filed on the FTC’s behalf by the Department of Justice, ChoicePoint is required to report to the FTC – every two months for two years – detailed information about how it is protecting the breached database and certain other databases and records containing personal information.

The FTC’s prior action against ChoicePoint involved a data breach in 2005, which compromised the personal information of more than 163,000 consumers and resulted in at least 800 cases of identity theft. The settlement and resulting 2006 court order in that case required the company to pay $10 million in civil penalties and $5 million in consumer redress. [What is it worth to the company to avoid that level of fine again? Bob] The company also agreed to maintain procedures to ensure that sensitive consumer reports were provided only to legitimate businesses for lawful purposes; to maintain a comprehensive data security program; and to obtain independent assessments of its data security program every other year until 2026. The new court order extends the record-keeping and monitoring requirements of the 2006 order, and gives the FTC the right to request up to two additional biennial assessments of ChoicePoint’s overall data security program.

The Commission vote to approve the modified stipulated order was 4-0. The order was filed in the U.S. District Court for the Northern District of Georgia, and entered by the court on October 14, 2009.



This article gets filed in our “Identity Thieves are getting more aggressive” folder. A wide variety of “petty” crimes are now tied to Identity theft, and whoever is organizing the crimes seems to be recruiting these little crooks for a small slice of the pie.

http://www.databreaches.net/?p=7875

ID theft ring traced to stolen MVD document

October 19, 2009 by admin Filed under Breach Incidents, Government Sector, ID Theft, Paper, Theft, U.S.

KOAT reports a breach out of New Mexico:

About a month ago, Target 7 reported that Rod White, of Los Ranchos, was indicted on charges of fraud, forgery and identity theft. White tried to pass off fake checks using the state Taxation and Revenue Department’s account number. Officials knew little then, but APD detectives said they have linked White to an organized crime ring that stole identities.

Investigators believe they used various methods to obtain personal information, including a stolen cache of state Motor Vehicle Division documents. One victim said a woman stole her purse right out of her hand in broad daylight at an Albertson’s in the Northeast Heights. Purse snatchings like that one led police to five more people who are also now accused in the theft ring. Those people told detectives that they worked with White. The six are accused of also stealing mail from neighborhoods all over the Duke City. Detectives said the six had a postmaster key they used to open up mail boxes and get information from hundreds of victims. A search of two of the alleged thieves’ homes uncovered more than 400 potential victims. A cache of state Motor Vehicle Division documents with names, Social Security numbers and addresses was also found. Detectives said that the documents were stolen from an MVD worker’s car, parked outside of his home. [Why paper records? Why take the records home? Bob] The documents were used to make fake IDs and fake checks. Police said more arrests are coming soon as the case unfolds..

So I checked this site and I don’t see where we knew about any breach involving the Motor Vehicle Division. Was that breach ever publicly reported? Second, why did the MVD worker have documents in a car? Was that consistent with MVD policy?



Updating the local story...

http://www.databreaches.net/?p=7877

UPDATE: Credit cards also involved in Cheers Liquor breach

October 19, 2009 by admin Filed under Breach Incidents, Business Sector, Hack, ID Theft, Of Note, U.S.

Wayne Heilman reports:

A security breach in the credit-card processing system at Cheers Liquor Mart involves both credit and debit cards and likely involves customers of dozens, if not hundreds, of financial institutions nationwide, the Colorado Springs-based retailer said today.

Cheers has shut down a wireless broadband system that was used to process credit-card transactions and replaced it with an older dial-up system that is more secure and difficult to hack, said James Wall, a Denver-based spokesman for Cheers. The wireless broadband system was first accessed illegally in mid-September, and was shut down last week and replaced with a paper-based system until the dial-up system was installed on Friday, he said.

Read more in The Gazette.



Is this how you get the data breach laws toughened in the UK?

http://www.pogowasright.org/?p=4632

BNP membership list appears on Wikileaks (yes, again!)

October 20, 2009 by Dissent Filed under Breaches, Featured Headlines, Non-U.S.

Robert Booth reports:

A detailed membership list of the British National party containing names, addresses and telephone numbers was published on the internet this morning.

The list, which contains thousands of names, was published on Wikileaks, a website that purports to be a clearing house for information to be published anonymously. [link to list inserted by Dissent]

[...]

The publication of the list represents the third significant time the details of the BNP’s membership have been made public. In November 2008, a list of members’ names, contact details and in some cases jobs and hobbies was leaked by disgruntled members said to have become frustrated that the party had become too soft under Griffin.

Read more in the Guardian.



Maybe there is a market for some of the things the Army taught me (translated into more modern technology than flintlocks)

http://www.wired.com/dangerroom/2009/10/exclusive-us-spies-buy-stake-in-twitter-blog-monitoring-firm/

Exclusive: U.S. Spies Buy Stake in Firm That Monitors Blogs, Tweets

By Noah Shachtman October 19, 2009 12:03 pm

In-Q-Tel, the investment arm of the CIA and the wider intelligence community, is putting cash into Visible Technologies, a software firm that specializes in monitoring social media. It’s part of a larger movement within the spy services to get better at using ”open source intelligence” — information that’s publicly available, but often hidden in the flood of TV shows, newspaper articles, blog posts, online videos and radio reports generated every day.



Who are they trying to sell? No details, no facts, only a lot of “wouldn't it be cool to do this” kind of scenes – sounds like they are targeting politicians.

http://yro.slashdot.org/story/09/10/19/1938223/Demo-of-EUs-Planned-INDECT-Hints-At-Massive-Data-Mining-Little-Privacy?from=rss

Demo of EU's Planned "INDECT" Hints At Massive Data Mining, Little Privacy

Posted by timothy on Monday October 19, @03:33PM from the greater-good-strikes-back dept.

Ronald Dumsfeld writes

"Wikinews puts together some of the details around the EU's five-year-plan called Project INDECT, and brings attention to a leaked 'sales-pitch' video: 'An unreleased promotional video for INDECT located on YouTube is shown to the right. The simplified example of the system in operation shows a file of documents with a visible INDECT-titled cover stolen from an office and exchanged in a car park. How the police are alerted to the document theft is unclear in the video; as a "threat," it would be the INDECT system's job to predict it. Throughout the video use of CCTV equipment, facial recognition, number plate reading, and aerial surveillance give friend-or-foe information with an overlaid map to authorities. The police proactively use this information to coordinate locating, pursing, and capturing the document recipient. The file of documents is retrieved, and the recipient roughly detained.'"


(Related) What standards do you need to make INDECT possible?

http://www.bespacific.com/mt/archives/022614.html

October 19, 2009

National Information Exchange Model Enables Critical Enterprisewide Info Sharing

"NIEM, the National Information Exchange Model, is a partnership of the U.S. Department of Justice and the Department of Homeland Security. It is designed to develop, disseminate and support enterprise-wide information exchange standards and processes that can enable jurisdictions to effectively share critical information in emergency situations, as well as support the day-to-day operations of agencies throughout the nation. NIEM enables information sharing, focusing on information exchanged among organizations as part of their current or intended business practices. The NIEM exchange development methodology results in a common semantic understanding among participating organizations and data formatted in a semantically consistent manner. NIEM will standardize content (actual data exchange standards), provide tools, and managed processes."


(Related) Interesting in that they didn't require him to decrypt his files. Would the results be different if he had been charged with terrorism? Perhaps they haven't heard of waterboarding?

http://www.news.com.au/couriermail/story/0,23739,26232570-952,00.html

Secret code saves man who spied on flatmates

Jeremy Pierce October 19, 2009 11:00pm

A MAN who established a sophisticated network of peepholes and cameras to spy on his flatmates has escaped a jail sentence after police were unable to crack an encryption code on his home computer.



Now here's a court ruling I don't agree with. Why? Because I remember that, "Oceania has always been at war with Eastasia." How can there be an accurate history if the versions change?

http://www.pogowasright.org/?p=4635

Newspaper archives can lose libel protection as stories change, rules High Court

October 20, 2009 by Dissent Filed under Court, Featured Headlines, Non-U.S.

A newspaper which continued to publish a defamatory article on its website after its subject was cleared in an investigation lost its right to claim a special journalistic defence against libel, the High Court has said.

The ruling makes it clear that while responsible journalism is given some libel protection, that protection can evaporate if the crucial facts of the case change. Web archives of stories must change to reflect this, the ruling said.

Read the full story on Out-Law.com. The ruling can be found here.

The ruling not only is significant for traditional publishers, but is also of concern to bloggers, who have been increasingly under legal assault. Simon Singh, who has been sued by the British Chiropractic Association for libel, had an interesting column last week in The Times, ,England’s libel laws don’t just gag me, they blindfold you, in which he wrote:

One of the main fears, expressed repeatedly during the evening, was the sheer cost of a libel case. Although the damages at stake might be just £10,000, going to trial can mean risking more than £1m. This means that a blogger has to ask whether he or she can afford the possibility of bankruptcy. Even if a blogger is 90% confident of victory, there is still a 10% chance of failure, which is why bloggers often back down, withdraw and apologise for material they believe is true, fair and important to the public.

I should point out that I am being sued for libel by the British Chiropractic Association. Indeed, last week I was at the Court of Appeal where I received permission to appeal against an earlier ruling on the meaning of my article. The original article was published 18 months ago, the case has cost me £100,000 and there is still a long way to go. My reason for not backing down is that I believe my article is accurate, important and a matter of public interest, as it relates to the use of chiropractic in treating various childhood conditions, such as asthma and ear infections.

But as Singh points out, the reality is that most bloggers do not have the resources he has to fight libel or defamation suits, even if their stories are accurate or are protected speech. This latest UK ruling seems to open up a new Pandora’s box, and seems to suggest that once a story is published, the publisher is responsible for it in perpetuity should important facts come out later that could affect someone’s reputation.



Any real controversy here? Is getting your news faster a bad thing?

http://mashable.com/2009/10/19/twitter-australia-courts/

Who Needs Cameras? Judges Allow Twitter in the Courtroom

October 19th, 2009 | by Jennifer Van Grove

… We’ve already seen journalists in the United States granted permission to tweet while in court, but Australia is breaking some interesting ground when it comes to Twitter and the legal system.

After a recent trial that involved journalists tweeting the proceedings, FOXNews is reporting that the Federal Court in Australia has decided that as with other media, individual judges will be able to decide on a case by case basis if they will allow live Twitter coverage from within their courtrooms.

Apparently earlier in the month two technology journalists, one from ZDNet Australia, used Twitter to report live regarding an iiNet copyright case around movie piracy. The presiding judge, Dennis Cowdroy, soon became aware of their tweets, but saw no issue with their behaviors.



I don't see this as a battle of “the haves vs. the have nots” Rather it seems a battle of “the we know how to use the Internet vs. the what are you doing with our telephone lines?”

http://news.cnet.com/8301-30686_3-10378352-266.html?part=rss&subj=news&tag=2547-1_3-0-20

Amazon, Facebook, and Google back FCC on Net neutrality

by Marguerite Reardon October 19, 2009 3:43 PM PDT



Tools & Techniques (and because I haven't caught up with their new toys yet)

http://www.makeuseof.com/tag/a-guide-to-googles-new-search-features/

A Guide To Google’s New Search Features

Oct. 19th, 2009 By Eyal Sela



Tools & Techniques (something for every hacker)

http://www.makeuseof.com/tag/nirlauncher-awesome-portable-utilitie-to-have-on-your-flash-drive/

NirLauncher – Awesome Portable Utilities To Have On Your Flash Drive

Oct. 19th, 2009 By Varun Kashyap



Actually more like a list of sites, and you know I like lists!

http://www.makeuseof.com/tag/top-8-things-for-bored-teenagers-to-do-online-nb/

Top 8 Things For Bored Teenagers To Do Online

Oct. 19th, 2009 By Jackson Chung

No comments: