Monday, March 18, 2013

Hacking wholesale!
Two charged in theft of $40K from hacked Subway keypads
… Prosecutors accused Shahin Abdollahi, aka "Sean Holdt," and Jeffrey Thomas Wilkinson of hacking at least 13 point-of-sale (POS) terminals to install software that fraudulently loaded at least $40,000 onto Subway gift cards, according to an indictment unsealed in Boston on Friday (see below). The pair then allegedly used the cards to make purchases at Subway shops and sold them on eBay and Craigslist.
Abdollahi owned a Subway franchise in Southern California from 2005 to 2008 and later ran a business called POS Doctor that sold POS terminals to Subways across the country, according to the Justice Department. Around 2011, Abdollahi allegedly sold terminals to Subway franchises in California, Massachusetts, and Wyoming that were loaded with LogMeIn, a remote desktop tool.
… This isn't the first time Subway POS terminals have fallen victim to intrusion. Last year, two Romanian men pled guilty to hacking point-of-sale terminals at hundreds of Subway sandwich stores in the U.S. to steal credit card data from more than 146,000 accounts.


Why I'll never understand the law: I read this as: the Insurance Company (the defendant) being required to reimburse the plaintiff the money he spent trying to prove that he had been damaged...
There’s been a ruling in a case mentioned previously on this blog:
Insurance company FBD has been ordered to pay High Court costs to a man following a case in which he claimed his data protection rights had been breached.
The High Court last week vacated the Circuit Court award of €15,000 in damages to Michael Collins in March 2012 but did rule that there had been a clear and intentional breach of data protection legislation as a result of FBD’s actions and awarded him costs in the case.
Read more on TheJournal.ie.


Is this a thoughtful response or some entry level IT guy talking ike he knows what he's doing?
The Laois Nationalist reports:
The Principal of a Limerick school, which recently suspended 28 pupils for posting an offensive photo about a teacher on Facebook, is calling on the Data Protection Commissioner to carry out a full investigation into the incident.
Headmaster Noel Malone, of Coláiste Chiaráin, in Croom, said that he is dissatisfied with Facebook’s response to this case.
Read more about how Facebook responded on Laois Nationalist.
[From the article:
He said that it took the social networking site four days to act - and it was eventually deleted by the owner of the fake account on which the photo was posted in the first place.
… "They're claiming now that because it was deleted by the user, they have no way of finding out who the actual perpetrator was," he said.


To trace a “getaway car” you would have to have the drone up and waiting over the place the bad guys are getting away from, wouldn't you? Also, how do you trace burglars from the air hours after they burgle?
From DutchNews.nl:
The police are increasingly using unmanned aircraft in their efforts to track down criminals in the Netherlands, leading to MPs’ questions about the privacy implications.
Drones – small helicopters equipped with cameras – are used to trace burglars and getaway cars as well as illegal marijuana plantations. For example, Harlingen borrowed two drones from the defence ministry last year after a spate of burglaries in the Frisian town.
Since 2009, drones have been used in at least 40 areas, the AD reported on Monday. In total, they were in the air on at least 132 different days.
D66 parliamentarian Gerard Schouw has asked the justice ministry to explain the implications of the use of drones on privacy.
‘I understand they can be useful, but they need to have a basis in law,’ he is quoted as saying by RTL news. ‘How closely can innocent citizens be filmed. No-one has a clue what they are filming.’
Read more on DutchNews.nl.
Will EU privacy advocates find it easier to rein in the use of drones than privacy advocates in the U.S.? I suspect they will. And any time someone tries to promote the idea that the U.S. is the greatest country in the world, one of the things I point out to them is our lack of strong privacy laws. YMMV.


Does this have implications for protecting customer PII? I also think of it as proving that large government conspiracies (the moon landing was faked) would last no longer than (60 seconds / number of people involved)
March 17, 2013
Paper - The Implausibility of Secrecy
The Implausibility of Secrecy, by Mark Fenster. University of Florida - Fredric G. Levin College of Law. February 18, 2013
  • "Government secrecy frequently fails. Despite the executive branch’s obsessive hoarding of certain kinds of documents and its constitutional authority to do so, recent high-profile events — among them the WikiLeaks episode, the Obama administration’s celebrated leak prosecutions, and the widespread disclosure by high-level officials of flattering confidential information to sympathetic reporters — undercut the image of a state that can classify and control its information. The effort to control government information requires human, bureaucratic, technological, and textual mechanisms that regularly founder or collapse in an administrative state, sometimes immediately and sometimes after an interval. Leaks, mistakes, open sources — each of these constitutes a path out of the government’s informational clutches. As a result, permanent, long-lasting secrecy of any sort and to any degree is costly and difficult to accomplish. This article argues that information control is an implausible goal. It critiques some of the foundational assumptions of constitutional and statutory laws that seek to regulate information flows, in the process countering and complicating the extensive literature on secrecy, transparency, and leaks that rest on those assumptions. By focusing on the functional issues relating to government information and broadening its study beyond the much-examined phenomenon of leaks, the article catalogs and then illustrates in a series of case studies the formal and informal means by which information flows out of the state."

No comments: