Subscribe
Printer Friendly
Share this PageTechnology
Peer-to-Peer (P2P) file sharing networks exist so people can download free mp3 files, DVDs, movies, etc. They work by having each member of the network share some personal files while downloading files from other people's computers. Share and share alike, right?
This has understandably driven the RIAA (Recording Industry Association of America) as well as the people in Hollywood crazy. So crazy that they are suing people they catch sharing copyrighted materials. We're not going to go into the ethics either way on this argument. Maybe some other time...
The problem is that people are not only sharing their ripped CDs and DVDs, they're also sharing (accidently, I'm guessing) sensitive files on their hard drive like tax returns, bank statements and cancelled checks.
A blogger recently decided to do a few searches on Gnutella, a major P2P network, for sensitive documents. It took him only 10 minutes to find a handful.
Take a look at what he dug up... (maybe it's your tax return)
What is the lesson you should learn?
- Avoid P2P networks PERIOD! The software that enables the network is often full of spyware and the files you download can be infected with viruses and other malware. Not good.
- Keep control of other users on your computer, especially if they are teenagers. If they install file-sharing software on your computer it may be your tax return (along with your SSN, DOB, address, etc.) showing up all over the internet.
- If you do decide to use file sharing software, make sure you've clearly designated a single folder to share and make sure you don't accidently drop your scanned bank statements in the folder.
Think your check is safe after you fill it out? Think again...
Your writing can be removed using a procedure called "check washing." A solvent is used - usually rubbing alcohol or nail polish remover - to fade out or completely remove what you've put on your check.
Here's a before and after picture:
The check is now ready for a new amount (I'm guessing larger than $10) and a new recipient.
An even better trick for the forger is to cover your signature so it remains in place while everything else is removed.
So how can you avoid becoming a victim of this trick?
Use the right pen.
Based on the excellent testing of Sean Kane, he found that gel pens worked best at resisting these check washing procedures.
See the whole experiment and complete results on Sean's site.
A U.K. 17-year-old risked life and limb by removing a fake fascia of an ATM machine. The nearby crooks gave chase and the hero, Luke Bridges, had to run for his life.
So what was the reward for this daring-do? A pocket calculator...
Maybe that would have been a cool gift in 1978, but I'm guessing it only cost the bank around a dollar and looks like one of those free giveaway items.
The bank, NatWest, reiterated in a statement that no one should risk removing one of these devices:
"We would never encourage anyone to put their safety at risk by attempting to remove any such device. We advise anyone who notices anything unusual about a cash machine to report it to the bank or the police immediately."
Probably good advice. In any case, the story gives you a good look at what these PIN skimming devices look like. Pay close attention to the machine whenever you go to use an ATM.
ING Direct USA is doing its best to thwart keystroke logging software by using a web-based numeric keypad.
Since a secure connection won’t protect you if a keystroke logger has been installed on your computer, ING Direct is using the keypad to keep you from having to enter your numbers from your keyboard. This will keep you typing in your account number and password and hopefully, keeping it from being tracked by thieves.
If your bank isn’t using a strategy like this you should request it - it’s a great idea!
Here's what it looks like:
F-Secure, a Finnish security company has been able to crack the code the Sober worm was using to update infected machines with new variants.
Here's how the worm works:
- a computer is infected with the worm.
- on a certain date the infected computer tries to "phone home" to receive new code from the worm creator.
- all infected computers able to reach the proper web address are infected with an updated variant of the worm.
Mikko Hyppönen, Chief Researcher at F-Secure described it this way:
"Sober has been using an algorithm to create pseudorandom URLs which will change based on dates. Ninety nine percent of the URLs simply don't exist ... however, the virus author can precalculate the URL for any date, and when he wants to run something on all the infected machines, he just registers the right URL, uploads his program and BANG! It's run globally on hundreds of thousands of machines"
If the security experts could determine the web address the worm was looking for it could be blocked and the worm would be deprived of new code. The problem is the virus and worm creators are a devious and crafty bunch and they don't make it easy to deconstruct what they're doing. Not crafty enough for F-Secure, evidently.
Read how F-Secure cracked the code and the list of potential download sites for new code.
Just to get an idea of how wonderful these worm creators are, here's a quote from F-Secure's blog:
Last thing: Several earlier Sober variants (most notably Sober.Q) have been sending out Neo-Nazi propaganda messages. According to iDefense, the activation date of January 5th is an anniversary date for the Nazi party.
Great. Neo-Nazi worm authors. What did Indiana Jones have to say on the subject? "Nazis. I hate these guys."
Is your computer a zombie? Not sure? Is your virus scanning software up-to-date? Have you even installed a virus scanner on your computer? No???
If not, your computer may be a zombie that is spreading a particularly nasty worm naed “Sober” to thousands of computers worldwide.
Evidently some zombie computers are blasting out thousands of emails that purport to come from the FBI, of all places.
Have you received one these emails from the FBI or CIA recently? It should have looked something like this:
Of course the attached file wasn’t a list of questions from your local G-man but a file infected with a new strain of the Sober worm.
The worm was being sent out via zombie machines infected with earlier versions of the worm. E-mail security vendor MessageLabs said it blocked more than 2.7 million e-mails in the first 24 hours of the outbreak. Man those zombies are working overtime!
ZoneAlarm Security Suite picked up the worm on my machine and removed it before it did any damage. Do you have an updated anti-virus running on your machine? If not, you could be one of those zombies pumping out thousands of worm-ridden emails without even knowing it.
Do you buy a lot of stuff on internet auctions like eBay? I've bought a few inexpensive things, but I wouldn't consider buying an expensive item from someone I've never seen before.
Auction fraud does occur on eBay and Yahoo Auctions, just ask Darren Barringer. Darren paid for a laptop on eBay in June 2002, but received a Montreal phone book in his FedEx package instead. That made him upset and curious. So he decided to look through other auctions to see if he could pick out the fraudulent ones. Here's what he found as possible signs of a fraudulent listing:
* Low priced high-ticket items, like high-definition TVs, laptops, or jewelry — especially if there are multiple items for sale.
* Brand-new sellers with no sales history.
* Sellers requesting wire transfers for payment, or payment in foreign currencies.
* Auctions that begin and end over a weekend, since eBay customer support is light during those days.
* Seller telephone numbers or addresses that can't be verified.
I'll be creating some additional information about internet fraud, and auction fraud specifically in the coming weeks. Until then, please be careful when clicking the "Buy" button.
A hacker conference held in New York July 12-14 is making AT&T pretty worried. In the past, conference-goers have called AT&T during their presentation and using social engineering hacking tecniques to get passwords and other information in order to break into computer systems. They record the conversations and later sell the videotapes at their conference. Capitalism at its best!
What is social engineering you ask? It's simply asking the right person for the information you want, posing as someone who should have access to it. For example, suppose the Director of Security from your bank called and told you there had been some unauthorized activity at the bank and he needed to confirm your account information. Would you give it to him? A lot of people would, and that's what makes a hacker's life much easier.
CardCops.com is a somewhat controversial company that fights credit fraud by exposing and publicizing web site hacks and online fraud techniques. The controversy comes up because some are worried that they show potential crackers and hackers too much detail about how to do their dirty work.
Maybe they do go too far, but they've recently released an intriguing free service just for consumers. They allow anyone to type in their credit card number to match it against a database of 100,000 credit cards that have been compromised by thieves. Type in your credit card number? Huh? Is it safe? Are you crazy?
CardCops have been around since the late '90s and work closely with law enforcement organizations like the U.S. Secret Service. Here's a quote from Dan Clements, founder of CardCops, "We're creating a situation where Joe Consumer can check his card on the Internet to see if it's been possibly abused."
Should you try this out? CardCaps is a legitimate organization and I trust their security measures, but you should make your own judgement. Even if you decide to try it, you might have to wait a while — their servers were maxed out from all the people trying out the service.
If you're a college student you've got on more reason to stress out. It appears that the Russian mafia may have planted keystroke tracking software on computers at Arizona State University and four other universities in Florida, Arizona, Texas and California. This software records every key that is pressed on a computer and then makes the information available to a remote hacker.
The great thing about keystoke tracking software is that it takes all the guesswork out of figuring out a victim's PINs, account numbers, and credit card numbers. No dumpster diving is necessary. The program records everything you type before it's encrypted and sent over the internet. So when a student uses a university computer in place to order a CD from Amazon.com or log into their bank account to check their balance, their credit card, bank account number, and PIN are sent to the hacker.
The Secret Service is investigating...
Connect With Us
We invite you to become a fan of Fight Identity Theft or just join in the discussion. You can find us on Facebook or Twitter.
Fight Identity Theft Newsletter
Enter your email address and keep up to date. More info | Unsubscribe
Recent Blog Entries
- May, 2010 (1)
- March, 2010 (1)
- February, 2010 (1)
- January, 2010 (3)
- December, 2009 (1)
- November, 2009 (5)
- October, 2009 (6)
- September, 2009 (2)
- August, 2009 (3)
- April, 2009 (2)
- February, 2009 (3)
- January, 2009 (8)
- December, 2008 (8)
- March, 2008 (1)
- January, 2008 (1)
- December, 2007 (3)
- November, 2007 (2)
- October, 2007 (3)
- May, 2006 (1)
- March, 2006 (4)
- February, 2006 (4)
- January, 2006 (10)
- December, 2005 (7)
- July, 2005 (3)
- June, 2005 (4)
- May, 2005 (5)
- March, 2005 (1)
- Credit (12)
- Fraud (38)
- Government (21)
- Identity Theft (39)
- Junk Mail (5)
- Phishing (13)
- Privacy (19)
- Scam (32)
- Technology (52)
- Telemarketing (2)
- Viruses (11)
- Visitor Stories (1)
- Worms (11)
