Citibank an arm of Citi Corp, has suffered a data breach in the form of 7-11 Store installed ATM machines which were broken into by hackers who got away with millions according to the report on Yahoo News. The three hackers have been found, arrested and are currently under custody as the case is further studied and discussed in the courtroom.
The problem happened when these hackers got through third-party computers who handled debit card account transactions taking all the information they needed that was enough for them to engage in online transactions without the need for physical contact with any ATM machine.
The problem is another case of lax data security which in terms of ATM pins are said to be the most secure of all bank information systems for the potential is horrendous in terms of loss.

“PINs were supposed be sacrosanct — what this shows is that PINs aren’t always encrypted like they’re supposed to be,” said Avivah Litan, a security analyst with the Gartner research firm. “The banks need much better fraud detection systems and much better authentication.”

This shows that even with the repetitive problems and incidents of identity theft not everybody is listening and taking action to protect their information, as in the case of Citi Corp., their third party providers should have had ample measures such as encryption, and redundant security measures to prevent such incidents from even happening. Citi Corp., being one of the biggest multi-national banks with accounts all over the world should have check and balance systems that ensures customer information is safeguarded from such intrusions which in this case is going to cost them millions of dollars. The company has relied so heavily on systems based on Microsoft Software technology which has received continuous attacks and this is just another addition to the types of attacks they suffer from hackers.

Tags: ATM's Hacked, ATM-Fraud, Citi Corp., Citibank

Categories: Backups, Cryptography, General, IT Security Basics, Network Security, News, Physical Security, Real-World Issues, Security Policies

Leave a Comment

If you happen to be a small or medium scale company that cannot afford multiple data stores and infinite numbers of mirrored hard drives, that becomes a problem. An encrypted hard disk in a laptop that gets banged up damaging the hard disk may still have some of the information intact enough for recovery but damage some of the vital keys and software and you are left hanging by a thread or down in the gutters. Data recovery is possible but only through expensive methods with the hard disks being opened up, the platters extracted and installed into another similar hard disk for data extraction. Only the military and federal government would have enough cash to burn in terms of data recovery at that level for the price is computed in the amount of megabytes recovered and on a per hard disk basis, and imagine a 1 terabyte drive at say $50/MB then you’d be scratching your head by now, and that’s just for a single drive.
The risks of identity theft and information leakage is real but the technology is still quite prone to failure even with today’s quad-core which is why we didn’t discuss the performance issue in the discussion. Today’s multi-core processors are capable of handling complex tasks such as real time encryption and decryption as if there was nothing happening on the background. The performance issue has been addressed by more powerful microprocessors but the reliability of the hard disks which stores the information and even the CD’s are still quite weak. Till there is more definite proof that all parts of the computer has reached such a reliable level that failure is a less of a factor more people would still retain their own proprietary security measures (birthday passwords, flash thumb drives that always get lost and physically carrying their discs with them).

Tags: encryption, Security Policies

Categories: Backups, Cryptography, General, IT Security Basics, Malware, Network Security, Operating Systems, Physical Security, Real-World Issues, Storage, Wireless Security

Leave a Comment

Shame on you people who capitalize on any means just for that easy buck and depriving help to those who need it most. The US’s C.E.R.T. office that is part of the Department of Homeland Security has acknowledged the existence of fraudulent activities related to the recent disasters in China and Myanmar. These cyber criminals use the disasters as a front to get hold of financial information and other personal data which they use for further criminal activities. The problem has them recommending everybody who wishes to make donations to first check with the Federal Trade Commission’s charity checklist and through other online charity verification facilities such as the Charity Navigator which lists all accredited non-profit organizations that are currently engaged in disaster relief operations in the specified countries.
Many people have been victimized by these cyber criminals who commit identity theft through financial information gathered from fraudulent email and websites through phishing attacks. Once the information is taken, prompt action is needed to avoid the tons of potential problems that can arise from such illegal activities. Measures are in place to freeze bank accounts and other bank financial services once they are reported. The verification systems in place for charities have also provided a lot of help with regards to fraudulent charities and other scams that they have to some extent provided protection for the generous and big at heart who always try to donate for people in need.
Not much can be said of these criminals except for the fact that they exhibit the highest levels of cowardice in their use of the misfortune of others for personal gain. There are a lot of resources available on the internet for verifying the truth of claims and people are advised to take caution when dealing with solicitation letters and such information. Identity theft is continuing to be a pain in the neck for all of us but with proper discipline, the problems associated with such attacks can be avoided and minimized. Shame on You Guys!

Tags: Charity Fraud, China Quake, identity-theft, Myanmar Cyclone

Categories: General, News, Tips

Leave a Comment

A startup firm named iSekurity has former agents from the various US Federal agencies in their roster is to begin offering Identity theft protection service which may become the start of a new chapter or rather business in the world of industrial espionage and identity theft. These former agents are no strangers to the growing problems associated with identity theft and it is costing money for many US businesses and the people who work for them. From petty credit card fraud to more serious crimes, they’ll tackle them all and they would do it with the same precision and tenacity as they have learned in the service. The President and founder of the company promises to get people who steal identities or give their clients a sum of $11,000 as remuneration for any cases they fail to resolve.
This is in response to growing frustration among people with crimes that have resulted from identity thefts and the company’s crews of over 100 former agents are well versed in the art of surveillance and apprehension.
Private businesses like these, hope to fill in the gap between law enforcement and the public where they can do little to stifle these crimes that often have links to organized crime syndicates. From drug running to many other gang related activities, these guys have done it all. The president of the company was a former Presidential detail to former presidents and has taken the role of leading the Secret Service’s elite CAT or Counter Assault Team. With impeccable records in their former federal duties, criminals have one more group of people to overcome in their endless pursuit of identity theft.

Tags: Identy theft, iSecurity, Startup

Categories: General, IT Security Basics, Malware, Physical Security, Privacy & Anonymity, Real-World Issues, Spyware

Leave a Comment

Panda software, a developer of security systems and anti-virus software has raised the alarm regarding a massive cyber attack on vulnerable IIS Server based web pages. The malware once it gets in re-directs users to malicious sites from totally legitimate web sites. The infection grew from less than half a million infected servers to almost double that which is quite fast for a specific type of malware. Most developers who employ “code scrubbing”, which is removing information as it is saved into an SQL database are easy prey and are the intended target of the massive attack that is still taking place. An I frame is inserted to redirect users to malicious sites that can lead to identity thefts even with the users not knowing about it.
The attack is centered on Microsoft’s IIS web Server in particular ASP pages that have very strong ties to SQL databases. Panda and Fsecure have both identified the hidden code (“) that can be deep in their web pages and advises them to look for the string that re-directs people to other sites. Users and Site Administrators are advised to get all updates from Microsoft to remedy the problem and to halt the spread of this attack once and for all.
All this to bug people who use the web all over the world, in the never ending battle between hackers and those who are up to take them head on.

Tags: ASP Web Pages, Malware, Microsoft IIS, SQL Databases

Categories: General, IT Security Basics, Malware, Network Security, News, Real-World Issues, Security Policies, Spyware

1 Comment

In efforts to boost security, Paypal, one of the premier internet online payment providers is moving to block users who use older browsers to prevent weaknesses that these browsers possess. They have found that many users online still use old Microsoft IE 3.0 and 4.0 which have ended their support life a long time ago hence they do not have the needed updated security updates that are necessary to conduct safe and secure online transactions with regards to payments and other related business. Paypal has had a lot of bad publicity with regards to phishing and infiltration where people intercept and go on fake bidding sprees just to get at the vital financial information that people usually share over the network. In hopes of boosting security, they will be using script detection to begin blocking users and that they do apologize for all the inconvenience this may cause the millions of users who may be affected by their move. This comes as the amount of identity theft and other crimes have increasingly entered their ranks ending in much stolen information that leads to credit card fraud. Being the biggest, they are the most viable target for such hackers and they are trying to boost security on that front of the deal.
This would hopefully prevent more cases from developing and that any new ones will be ‘nipped in the bud’ so to speak.
Paypal and eBay have offered select users with a distinct security keys using VeriSign passwords that is to be transmitted during payment transactions which aims to prevent interception of the transaction information as it travels through the internet. Unlike specific credit card transactions that travel through dedicated lines which are now slowly being protected by PCI-DSS for improved security, regular PC do not have that much security hardware installed to protect them from interception by hackers who could tap into the network getting all credit card information for illegal purchases.

Tags: encryption, Paswords, PayPal, PCI-DSS, VeriSign

Categories: Cryptography, General, IT Security Basics, Malware, Network Security, News, Privacy & Anonymity, Real-World Issues, Security Policies, Spyware

Leave a Comment

Viacom, the company that owns MTV has confirmed the fact that there was indeed a leakage of information from their system that has resulted in personal information such as Social Security numbers, Birth dates and other employment related data. They confirmed the fact that the said information was taken from an employee workstation which may have been infected by malware that sent the said information to the outside without the management knowing about it. These types of problems are now becoming more common as people go on the web and as this case shows, the workstation in question was said to have entered a social networking site through which may have been the path the malware took. The said information was contained in password protected files and the company has said that it has launched an internal investigation as to why the employee in question may have been able to access the said site from the office workstation.
Information leakage such as this case is now so common that they happen even without anybody knowing about it. Even with installed security and intrusion prevention systems, programs that piggy-back onto legal programs have found and exploited ways to circumvent them exposing themselves to protection systems as legitimate programs. Social networks have been targeted as with the problems with Goggle’s Orkut, Myspace and the many other social networking sites which have fallen to hackers who use them as launch/propagation platforms to unload their payloads of Trojans, key-loggers and many other forms malicious code.
The Web transforming into the social network may be the best thing that has happened to many but it remains to be a thorn in IT Security People from all over. Many have fallen victim to such instances that have resulted in credit card fraud and full-blown identity theft cases which are a real-world issue everybody has take notice of. The threat is real and we must all make it a point to do our best. Install the proper intrusion prevention systems and establish systems usage security protocol which will minimize exposure to such threats which are sure to invade more of our daily lives as we go on living a second life in the internet of today, the Social net.

Tags: MTV, Social Networking, Spyware

Categories: General, IT Security Basics, Malware, Network Security, News, Privacy & Anonymity, Real-World Issues, Security Policies, Spyware

Leave a Comment

The European Commission is planning to implement biometrics screening and automated security checks for all visitors who wish to enter all the current member countries. This is a move to bolster internal security which has been quite troublesome in the past years with problems like terrorism and identity theft on the rise. The plan calls for mandatory scanning of a person for biometrics information which is compared to a database of known criminals and fugitives from around the world. This would bolster or even curb the growth of illegal immigrants who have overstaying status in that corner of the world. Though much of the plan is under wraps, it would surely include pioneering technology such as the facial recognition system used in the football match series that allows a person’s face to be scanned and compared to an online database of known hooligans which allows denial of entry to stadiums and even the host country to prevent violence. Hooliganism has risen in the past years with several violent clashes between police and rioters who have turned unruly during the games.
Several games had to be moved or postponed indefinitely due to fears of rising violence on and off the courts between rowdy fans and security forces.
The introduction of a scanning camera that has the ability to reveal what’s under your clothes but not enough to reveal the skin (which is to address privacy invasion issues of the past) is sure to play a vital part in the said security plan. The information of travelers would be scanned and entered into the biometric database upon visa application which is then again checked during entry into the country of destination. The system is initially for testing with suspicious travelers who may have something to hide, such as fake passports and other identity theft cases which if successful would be implemented full-scale to address the need for increased security.
All the above measures are to address the increasing cases of identity theft, cross-country crimes, illegal immigration and other related matters. Most of the countries who are voting for the said security measures are the ones who share borders with the exception of some like the UK which is separated from mainland Europe and some other countries that form the EU who are under deliberation if they would avail or support such a measure.

Tags: Biometrics, EU Security, Facial Recognition

Categories: General, News, Physical Security, Real-World Issues, Security Policies

Leave a Comment

Biometrics is seen as the next step in computer systems security and access control due to the failure of more primitive and fundamental security systems. Fingerprint scanners, passwords, security keys and even smartcards have failed miserably in providing the ultimate and most secure intrusion prevention method for just about anything. From your home, car, computer terminal at work to just about anything else that needs security, it has be come more and more of a must due to the increasing threat of identity theft and other computer related crimes in and out of the workplace.

Biometrics are security systems that are based on the differences the human body manifests in terms of eye structure, facial features and now vein geometry. We’ve all heard of DNA or the so-called blueprint for life and the way it makes each and every human different from everyone else on this earth (well, except for some genetic disorders and diseases that changes the DNA makeup). That is what biometrics takes advantage of as a source of a very unique key or method of identifying one from another person.

Your fingerprint is mapped when it is initially scanned into a computer system which convert’s your analog (actual) print into a digital map that is as unique as you are an individual. Iris scanners take into account the differences the iris has from each and every individual (through the use of a low powered light and scanner to obtain a picture of the eye’s iris which is also unique). Voice recognition takes into account, the differences our voices have from everybody else also converting it into a digital map or password of sorts. Vein geometry, uses a thermal imaging camera to take a picture of your hand or whole body which is sensitive to heat showing all the blood vessels which show as hotspots thus giving you a unique id of sorts as that is also mapped and converted into digital form. All of the above biometrics systems rely on our individual differences which are quite unique to us and add onto it, other more basic security measures such as a physical key (password, key or other devices) to give the ultimate security system preventing intrusion.

Tags: identity-theft, Secure workplace

Categories: General, IT Security Basics, Network Security, Operating Systems, Physical Security, Real-World Issues, Security Policies

1 Comment

Everybody loves free stuff on the web but once in a while, well, most of the time that is, we get duped for something that describes itself to be a free virus/malware removal tool ending up with more malware and viruses. These scams are all over the internet with many still falling for their lure of being what else, FREE.

These tools have flooded the internet and even with common knowledge that it is best to trust only programs and offers from reputable brands, many still fall victim. They can either be anti-virus or malware removal tools that are being offered as swift response to remove them from your computer system.

Big names in the Anti-virus and Malware removal development industry have known about this and they even advice that one not to trust programs even from them that are not from their own secure sites. Though they produce some of the most sophisticated virus removal and repair software but who knows what can be done if a hidden script was run while downloading their programs from unauthorized sites. McAfee, Symantec, Kaspersky are some of the most successful developers of such software that have stood the test of time. Even they are finding it hard to remove and repair the damage done by such malicious code due to the many forms and strains they are taking.

Sites that offer them without the authorization of the developer can include malicious code within the download causing more damage than you started with. For someone who depends totally on a computer system, it would be best to subscribe or purchase a virus/malware protection software which are now evolving into security systems that are customized based on a user’s needs. One can purchase them out of the box at computer retail stores or order and download them straight from their secure sites once subscriptions are done. Old software is available for renewal or discounted for re-purchase of newer versions which gives you the latest protection available based on their development. Updates are usually done online and can be done automatically is configured to do so. So to best protect yourself from identity theft, Intrusion, virus damage and malware damage install one right away for if you remain open to attack no one knows what could happen.

[tags]Computer Viruses, malware, Free Tools[/tags]

Tags: anti-virus, Malware-removal, Malware-Scams, Security-Software, Tools

Categories: Cryptography, General, IT Security Basics, Malware, Network Security, Operating Systems, Physical Security, Privacy & Anonymity, Real-World Issues, Security Policies, Spyware

8 Comments