data breaches: Is a Protection Dog Right for You? - 03/18/10 06:18 PM
As mentioned in a previous post I’m a big believer in furry beasts as a layer of protection. My 60lb German shepherd last fall is now a 75lb GSD due to a lazy winter and a busy Daddy who hasn’t taken her out enough.
“Lola” the furriest of all beasts is all bark, love and very territorial. When anyone walks within 100 yards of the property she’s barking. If the door bell rings or someone knocks on the door forget it. All mayhem breaks out. If I or anyone enters through a door and she is even a little surprised … (1 comments)

data breaches: The $6.75 Million Dollar Laptop - 02/22/10 12:34 AM
Robert Siciliano Identity Theft Expert
Dan Yost Chief Technology Officer of MyLaptopGPS brought attention to the Ponemon Institute, with sponsorship from PGP, has released their “Fifth Annual U.S. Cost of Data Breach Study.” As usual, the report is a treasure trove of great data (just like most people’s laptops are).
The average cost per breached data record rose $2 in 2009, to $204. That’s actually not too bad. The average cost of a breach was $6.75 million, compared to $6.65 million in 2008.
PC World has a good article to summarize, and thanks to lyger at DataLossDB for the pointer.
Not … (1 comments)

data breaches: Is Chip and PIN the Future? - 02/21/10 06:06 AM
Robert Siciliano Identity Theft Expert
Chip and PIN is the name of a government-backed initiative in the United Kingdom to implement the EMV standard for secure payments.
There have been rumblings from Europe over the past year about American based credit cards that solely rely on the magnetic strip not being accepted in the future due to security issues. Australia recently stated they were getting rid of all magnetic strip based cards and going Chip and PIN within the next few years.
Meanwhile ZDNet reports “Researchers at Cambridge University have found a fundamental flaw in the EMV — Europay, MasterCard, Visa … (1 comments)

data breaches: The State of Information Security Sucks - 02/20/10 04:21 AM
Robert Siciliano Identity Theft Expert
The sheer volume of potential targets coupled with the vast amounts of money to be made has captured the attention of the global criminal hacking community.
Enterprise networks are becoming hardened and they are still vulnerable. Some are being penetrated directly while others are accessed through 3rd parities such as their clients or end users. Unprotected networks are being sniffed out and data breaches continue.
The organizations that track these breaches are bored, frustrated, hate the industry and offer no good news. Innovation isn’t happening fast enough and new laws and regulations aren’t effective in solving … (1 comments)

data breaches: Fostering Awareness & Improving Security Education - 02/17/10 02:19 PM
Robert Siciliano Identity Theft Expert
Financial institutions have the most to lose and the most to gain by improving security education of their clients and employees.
A while back I appeared on a local TV show talking about phishing. Amazingly, still, not everyone knows what phishing is. A good friend saw the show and was shocked by what she learned….about her bank.
She received a phishing email and didn’t know what it was. The email asked her to update her account. It was confusing so she called her bank. She spent 20 minutes on the phone with a bank rep discussing … (1 comments)

data breaches: Diploma Mills Facilitate Identity Theft - 02/17/10 08:53 AM
Robert Siciliano Identity Theft Expert
Diploma mills were born along with elearning institutions who are actually legitimate and accredited bodies. Degrees and diplomas issued by diploma mills are frequently used for fraudulent purposes, such as obtaining employment, promotions, raises, or bonuses on false pretenses. They can also be used as a form of fake ID when posing as someone else to gain employment, impersonation of a licensed professional or used to assist as a breeder document leading to “real” fake ID’s.
A fake diploma is an effective social engineering tool used to gain access to your corporate networks.
From Wikipedia “A … (0 comments)

data breaches: mCrimes Morph Into mBotnets - 02/16/10 12:03 PM
Robert Siciliano Identity Theft Expert
Botnets are robot networks of computers connected to the Internet that sit in our homes and offices. A botnet is generally banks of multiple PC’s from the 10’s to 10,000’s to millions. There are no hard numbers on botnets but last figure I saw was somewhere between 3-5 million. Another stat is 25 percent of all US based PC’s are on a botnet. That’s just insane. Botnets PC’s are called Zombies. Zombies all generally share a virus in common that allows for a remote control component. The criminal hacker controls the zombies on the botnet via … (1 comments)

data breaches: 3 Nabbed in Massachusetts ATM Skimming Ring - 02/07/10 09:56 AM
Robert Siciliano Identity Theft Expert
Police believe they may have uncovered an international ATM “skimming” ring responsible for stealing money from hundreds of local accounts. Izaylo Hristov, 28, of Ontario, Canada, a Bulgarian citizen, was arrested at an ATM in the Boston area along with Viadiclav Vladevo and Anton Venkov. Venkov had $99,100 in $20 bills in his car when he was arrested. One of them had Dunkin’ Donuts gift cards and American Express cards with post-it notes that had “PIN’’ and various numbers written on them. These cards were used to write the stolen data on, and then used to … (0 comments)

data breaches: 10 Ways to Manage Your Online Social Media Reputation - 02/07/10 09:42 AM
Robert Siciliano Identity Theft Expert
The Internet has made our personal and professional lives very transparent. We now live in the fishbowl. Despite what many will argue, your privacy is no longer fully in your control. Your online identity is also something that others can control, and you need to do your best to manage it. Managing your online reputation and protecting it is equivalent to marketing your personal brand, YOU.

A colleague of mine is an adjunct professor of writing and communications at Boston University. He’s very intelligent and excellent at what he does. However if you were … (3 comments)

data breaches: 419 Scams Double, Over $9 Billion in Profits - 02/05/10 09:58 AM
Robert Siciliano Identity Theft Expert

A recent study by Dutch investigation firm Ultrascan shows we are half as smart (or twice as dumb) as we were in 2008 as advanced fee scams doubled in losses to over $9 billion. 419 Advance Fee Fraud Statistics 2009 (PDF)

It is believed that while the scams are known to be Nigerian in nature, coined after the 419 Nigerian code making them illegal, scams were launched from 69 other countries in 2009. The reason for the jump in the amount of victims is due to a broader reach of the scammer. Scammers aren’t … (0 comments)

data breaches: Criminal Hackers Buying and Selling Hacked Accounts - 02/03/10 01:59 PM
Robert Siciliano Identity Theft Expert
Malicious software designed to gather usernames and passwords has been a boon for the criminal hacking community. Spyware as it’s commonly known records almost everything a user does on their PC. The most damaging spyware records all electronic communications via a web browser. That’s where the most damage can be done and the money is made.
Recent study shows there are as many as 70,000 variations of these keystroke sniffing programs which is double what was discovered in 2008. Criminals have become proficient at hacking databases containing millions of credit card numbers but now have … (0 comments)

data breaches: My Identity Thief Loves Me (PTI) - 02/02/10 08:20 AM
Robert Siciliano Identity Theft Expert
I have a very weird job. I explore aspects of society that people read about but would never consider exploring themselves. I go places where others may be led to because they didn’t know any better. And I like too expose the flaws in the system that make us vulnerable. Much of my “research” or “antics” as some would call it is prompted by my desire to learn more about the scumbags of society or predators that prey on other people.
My research has taken me down a dark seedy road into online dating scams, where … (0 comments)

data breaches: Crimeware: Do It Yourself Criminal Hacking - 01/25/10 12:40 PM
Robert Siciliano Identity Theft Expert
For $400-$700 you too can be a criminal hacker. Phishing hacking and spoofing software has been around for a few years. Heres what may be an example.
The ease and availability of this good for nothing other than crime software has made it easier, cheaper and more user friendly than ever to get into the cybercrime business.
Anyone with moderate computer skills that can navigate around the web and upload or download files is pretty much capable of accessing and implementing the crimeware.
Todays crimeware kits are designed so a person who is new to the … (0 comments)

data breaches: Meet Raoul Chiesa: UN Interregional Crime & Justice Research Inst. - 01/24/10 03:21 PM
Robert Siciliano Identity Theft Expert
In my quest to learn more about what makes a criminal hacker tick, I came across Mr Chiesa when he commented on a blog post I wrote “How I Wasted 4 Hours with a Criminal Hacker”. He warned me I was treading on dangerous ground due to the fact that when communicating with the blackhat, I used my real name and provided my web address. His concern was a revenge hack that would clear the hackers name amongst his hacker peers.
I’ve danced with the devil a few times in my life and don’t mind the … (1 comments)

data breaches: 10 Business Identity Theft Risks in 2010 - 01/23/10 06:44 AM
Robert Siciliano Identity Theft Expert
Advancements in technology over the past decade have created a tremendous amount of opportunity for the savvy businessperson. Whether it’s mobility, streamlined processes, marketing, or the ability to sell to a global market, there’s never been a better time to be in business.
Like anything good, there is always a negative. While there are certainly many negatives in technology, like the headaches when something doesn’t work correctly and the constant learning curve we must all endure, the biggest negative is security issues.
So for the SMB (that’s you, the savvy businessperson), here are ten considerations for … (0 comments)

data breaches: Forget Privacy, Think Security - 01/20/10 02:42 PM
Robert Siciliano Identity Theft Expert
Everywhere you go there is a privacy advocate screaming to protect your privacy. Privacy advocates, bless them, are a dying breed. They fight for whatever privacy rights there are left and do their best to remain watchdogs. If your gig is privacy, my guess is you have lost all your hair and are popping Prozac to relieve the stress of todays anti-private society. And you are fully employed and very very busy.
My gripe, people are freaking about full body scanners at the airports and the privacy issues involved. This isn’t a privacy issue, it’s a … (0 comments)

data breaches: Google Gets Hacked & What It Means to You - 01/18/10 06:26 AM
Robert Siciliano Identity Theft Expert
Numerous outlets reported that Googles Gmail and 30 other companies were hacked by the Chinese. Ars Technica reports many say the hack was targeted against Chinese dissidents.
The cyber-assault came to light on Tuesday when Google disclosed to the public that the Gmail Web service was targeted in a highly-organized attack in late December. Google said that the intrusion attempt originated from China and was executed with the goal of obtaining information about political dissidents, but the company declined to speculate about the identity of the perpetrator.
McAfee reported evidence that a vulnerability in Internet Explorer … (3 comments)

data breaches: Why Am I Logged Into Someone-else’s FriendFeed? - 01/17/10 03:49 PM
Robert Siciliano Identity Theft Expert
I have pretty tight controls over my network and access to my 510 usernames and passworded accounts. Yes he just said “510”…and counting. I have full administrative rights over every PC and nobody else has access to my home or office. So it came as a surprise to me when I went to log into my FriendFeed account to make an adjustment and I discovered I was logged into someone-else’s account. Serious, no joke, I’m not stupid. I have FULL access.
The account is owned by Canadian who sells diet pills and skin care. There are … (0 comments)

data breaches: Protect Yourself from Social Engineering - 01/14/10 04:30 PM
Robert Siciliano Identity Theft Expert
Social engineering is the act of manipulating people into performing actions or divulging confidential information. While similar to a confidence trick or simple fraud, the term typically applies to trickery or deception for the purpose of information gathering, fraud, or computer system access; in most cases the attacker never comes face-to-face with the victim. But in many cases the attacker certainly does come in contact with the victim.
You may be doing all you can and should to protect yourself from hackers and scammers. But a response to a simple email that looks exactly like your … (0 comments)

data breaches: Data Breaches: The Insanity Continues - 01/12/10 02:11 PM
Robert Siciliano Identity Theft Expert
The Identity Theft Resource Center Breach Report also monitors how breaches occur. This task is made more difficult by the scarcity of information provided (publicly) for approximately 1/3 of the recorded breaches. For the remainder, those events that do state how the breach occurred, malicious attacks (Hacking + Insider Theft) have taken the lead (36.4%) over human error (Data on the Move + Accidental Exposure = 27.5%) in 2009. This was a change from all previous years, where human error was higher than malicious attacks. One theory for this change is that the organization and sophistication … (1 comments)

Robert Siciliano, Realty Security and Identity Theft Expert Speaker ( Inc) Rainmaker large

Robert Siciliano

Realty Security and Identity Theft Expert Speaker

Boston, MA

More about me… Inc

Address: PO Box 15145, Boston, MA, 02215

Office: (617) 329-1182

Email Me




RSS 2.0 Feed for this blog