skip to content
rss Subscribe print Printer Friendly Share this Page
HomeBlog

August, 2009

Ben Bernanke - Identity Theft Victim

Ben Bernanke is a victim of identity theft. This is proof positive that it can happen to anyone.

Ben Bernanke - the Federal Reserve Board chairman - was one of hundreds of victims of an elaborate identity-fraud ring, headed by a convicted scam artist known as "Big Head," that stole more than $2.1 million from unsuspecting consumers and at least 10 financial institutions around the country.

How Did It Happen?

On August 7, 2008, Anna Bernanke - Ben Bernanke's wife - was at a Starbucks when her purse was stolen off the back of her chair.

What Was in Her Purse?

It's not good...

  • Driver's License (no problem)
  • Four credit cards (not so great - the fewer the better)
  • Checkbook (no problem)
  • Social Security card (OUCH!!!)

So the thieves had Mrs. Bernanke's SSN, Date of Birth (from the Driver's License), home address, and home phone (from the checks). This is the perfect combination of personal data.

It goes without saying that you should never carry your Social Security card in your purse or wallet. It should be tucked away in a very safe place at home or in a bank lock box. You should also limit the number of credit cards you carry. Just think of how many banks you'd like to call and/or fraudulent transactions you want to deal with and limit your cards accordingly.

Who Were the Thieves?

The thieves were part of a crime ring called "The Cannon to the Wiz." Here is the entry from the Urban Dictionary for "cannon":

Cannon - Old school term for a skilled pickpocket. "Stumpy is a real class cannon - he can clean out a vic's pockets faster than a flatfoot can eat a donut!"

These thieves were after personal information as well as checks and credit cards. They worked in government or medical offices or were simple pickpockets or mail thieves. They attended major sporting events in order to target victims with wallets and purses full of loot. One such victim was Donna Pendergast - an assistant Michigan Attorney General. Her experience went like this:

The robber was so adroit he managed to lift the wallet from her purse without her even knowing it. "They took it right out of my purse while it was on my shoulder," she said. "I didn't feel a thing."

Have They Been Caught?

Yes and no.

Federal agents busted the identity theft ring this summer, but George Lee Reid - the one who fraudulently used the Bernanke's checks to steal $9,000 - had the charges dropped against him, but the Feds are now searching for him again on related charges.

More information on this story from Newsweek.

August 27, 2009
3 comments

New Breed of Super Cookie Defies Removal - Almost...

From a recent UC Berkeley report:

More than half of the internet’s top web sites use a little known capability of Adobe’s Flash plug-in to track users and store information about them, but only four of them mention the so-called Flash Cookies in their privacy policies.

Under the direction of Chris Hoofnagle of the Information Privacy Programs at the Berkeley Center for Law and Technology, the researchers discovered that most web users aren’t familiar with Flash cookies and that Flash web cookies can’t be controlled through the cookie privacy controls in a browser. Even more interesting was the use of Flash cookies to ‘re-spawn’ or bring back to life traditional browser cookies that had been deleted on customer computers. In the study even several federal government web sites were found to contain Flash cookie ID information. The federal government has a policy of banning the use of traditional browser cookies.

What’s all the fuss about? Internet web sites often attach browser ‘cookies’—small strings of identifying text and numbers—to your computer to help them keep track of you and your preferences when you visit their sites. In theory this is a useful connection between you and the web sites you visit. For instance, an online book vendor could store your customer preferences information to better help you find what you want and make it easier to make your purchases.

However, like many useful, good things on the web, browser cookies have turned out to be an avenue for identity thieves to find us and our personal information. A cookie that no one knows about and that is not controllable through our web browsers, and can be used to re-spawn traditional browser cookies—could be a useful avenue for identity thieves indeed.

Changing Flash Preferences

Removing Current Site Cookies

Turns out, Adobe has a Settings Manager on its site where you can control how Flash cookies are stored along with other things. If you right-click on a piece of Flash code in your browser you can select "Settings" and get to this special place. Or you can just click our handy link: Adobe Website Storage Settings Panel.

What you should be seeing is something like this:

Here you can see which cookies have been written to your computer along with the ability to DELETE all of them. That's something I would strongly consider. Remember, however, that there are some benefits with these cookies. If you frequent sites that use this technology (and many do) you will be deleting some of your settings with those sites and you may have to re-enter text each time you visit.

There is risk/reward with every choice you make in life...

Even if you decide to push the Delete all Sites button, you still have some work left.

Stopping New Sites from Writing Cookies

Even if you deleted the cookies that have already been written to your computer, you'll need to keep new cookies from being written as well. Luckily, Adobe has created a way to do that:

Adobe Global Storage Settings Panel

If everything goes according to plan, you should be seeing something that looks like this:

Here you can tell Flash not to store any cookies in the future. Just drag the slider over to "None" and select "Never Ask Again." That's it!

Flash Cookie Removal Tools

Here are some other tools if you want 3rd party help with managing or controlling Flash cookies:

Windows:

Mac OS X:

Flash Cookie Storage Locations

You can always go to the directory where the cookies are stored and remove them manually. It's not a permanent solution - new cookies will get created in the future - but it works.

Windows:

LSO files are stored typically with a “.SOL” extension, within each user’s Application Data directory, under Macromedia\FlashPlayer\#SharedObjects.

Mac OS X:

For Web sites, ~/Library/Preferences/Macromedia/FlashPlayer. For AIR Applications, ~/Library/Preferences/[package name (ID)of your app] and ~/Library/Preferences/Macromedia/FlashPlayer/macromedia.com/Support/flashplayer/sys

GNU-Linux:

LSO files are stored in ~/.macromedia.

Wrap Up

Now you know about the mysterious and curiously difficult to remove Flash cookies. They are pervasive - even on government web sites - and won't be going away anytime soon.

Please post any follow-up questions or concerns below...

August 19, 2009
9 comments

Hackers Are Getting Older and Smarter

A recent article by Kevin Poulsen on Wired.com made a sobering observation: software hackers are becoming as sophisticated in their programming as the software they're trying to attack. Where hacking used to be something of a harmless, if annoying prank by bright, restless kids before they went off and got regular jobs, hackers are increasingly well-funded and making use of state-of-the art technology to design the trojans, viruses and spyware that attempt to get into your computer.

Today, the best hackers have the skill and discipline of the best legitimate programmers and security gurus. They're using mind-bending obfuscation techniques to deliver malicious code from hacked websites undetected. They're writing malware for mobile phones and PDAs.

The Case of the Clever Conficker

Poulsen cited the the worst case of computer infection in recent years, the Downadup worm , also known as the Conficker worm (see “Latest Worm Infect 9 Million PCs”). One reason the Conficker worm spread so quickly was that it was the first widely-released program—good or bad—to incorporate M6, a state-of-the-art cryptographic algorithm developed at MIT. When crypto expert Phillip Porras first dug into Conficker's code, M6 was available only from the websites of MIT and the U.S. National Institute of Standards and Technologies—and no one even recognized M6 at first. When it came to implementing M6 the bad guys had beat the good guys to the punch!

Other portions of Conficker were equally impressive: the way it doggedly hunts for anti-virus software on a victim's machine, and disables it; or the peer-to-peer mechanism. "There were points where it was pretty clear that certain major threads inside Conficker C seemed to be written by different people," Porras says. "It left us feeling that we had a more organized team that brought different skills to bear.... They aren't people who have day jobs.

Another reason the Conficker worm wriggled its way into so many computers was the flexibility and responsiveness of its software engineers. Just like legitimate software engineering teams, when the authors of Conficker discovered a security hole in the first release of their program they stayed up nights and patched their code within just a few weeks. Experts are observing new malware coming out as quickly as a couple of days after a new vulnerability is announced.

What You Can Do?

  • Be proactive. Now. Believe that you're computers connected to the Internet are at risk and it's up to you to fortify them.
  • If your anti-malware software doesn't run automatically get in the habit of running it daily. If you haven't updated your anti-malware software lately, do it today.
  • Make sure your operating software is updated regularly. The best method is to let it download and update automatically. Software vendors will update their software as quickly as possible after a serious weakness is discovered.

    • More Info

    Read the article - Future of Cyber Security: Hackers Have Grown Up.

August 13, 2009
0 comments