Half a million fake, identical anti-Net Neutrality comments were posted on the FCC's docket on killing Net Neutrality, using identities that appear to have been stolen from a voter registration breach. Read the rest
In March 2015, IOActive's Ruben Santamarta privately disclosed his findings on the major bugs in Panasonic's Avionics IFE in-flight entertainment systems; 18 months later, it's not clear whether all airlines have patched these bugs. Read the rest
When Wendy Brown was 33 years old, she used her 15 year old daughter's identity and enrolled in high school as a sophomore. She tried and and was accepted on the cheerleading team. She was arrested two weeks later.
From Jeff Maysh's profile in The Atlantic:
Brown says her husband took her to the mall to buy school clothes. (She says he was in on it, even encouraging her plan, but the judge later said that her husband had “no idea.”) She selected a fashionable Esprit shoulder bag. Then she flicked through racks of jeans and Levi’s clothing in the junior section. She weighed 103 pounds and wore a petite size. Brown tried on a pair of Nike shoes, the brand she always bought her own children. But the real trick was the voice. “I just did that little valley girl thing, the California thing,” Wendy says. In the coffee shop, she transforms her voice into an up-speaking teen’s. It is disquieting.Read the rest
A study by the Department of Commerce's National Telecommunications and Information Administration found that half of American Internet users are "deterred" from engaging in online transactions because of fears over privacy and security breaches. Read the rest
Seagate has emailed its employees and ex-employees to warn them that someone in the company sent their W2 tax data to a criminal who pulled off a successful phishing fraud. Read the rest
Teachers don't go into education to get rich. It's a great job, the rewards are awesome and although they're not financial, they are of value. They are socially valuable. It's why teachers are one of the "professional" people allowed to verify your passport photograph, to qualify that it really is a picture of you. Society recognises that they're more likely to value the long rigorous process of acquiring that trust above jeopardising it to earn a quick kick-back. We even trust them with our children.
And then you get open teachers, who make their classes available online for free, for any learner regardless of their ability to pay or personal circumstance. Open teachers naturally earn this trust, this social capital, very publicly and because they're often teaching at scale they potentially earn this social capital at scale too. It means they and people like them are great people to impersonate in order to steal, from the people who trust them (all of us).
It isn't just teachers who are "Catfished" (the process of having your online identity hijacked). It can happen to anyone of us but what's worrying is when someone as trusted, high profile and digitally literate as an open teacher is Catfished, and try as they might, can just do nothing about it, then what are the rest of us meant to do when it happens to us (assuming we ever find out)?
Alan Levine made my open classes possible and anyone in open education knows Alan as the open teacher's teacher, the go-to-guy for teachers as well as students. Read the rest
Steve Noviello, a reporter for Dallas-Fort Worth’s Fox 4 News, learned that someone had checked into his hotel using his credit card number. He called the cops then rushed over to the hotel to confront, Farah Parks, the woman who allegedly used his credit card information to book the room for three days.
The card had the woman's name on it, but Noviello's credit card number. The card was likely to have been manufactured by a criminal enterprise with sophisticated equipment.
Parks remains in Collin County jail on charges of credit card or debit card abuse, records show.
Noviello said Parks used her name on the card to avoid needing Noviello’s information. She allegedly entered his credit card number in manually, knowing her faulty card would fail to swipe.
Parks allegedly racked up hundreds of dollars in charges, although Noviello did not detail exactly how many.
Chloe McClendon worked for a State Department contractor, and conspired with two others to steal the identities of passport applicants by photographing their applications while processing them. Read the rest
Experian, the massive data-broker with far-reaching influence over your ability to get a mortgage, credit-card, or job, sold extensive consumer records to an identity thieves' service called Superget.info. Superget specialized in supplying identity thieves with "fullz" -- full records of their victims, useful for impersonating them and for knowing where their assets are. Experian sold the data through a third part called "Court Ventures" -- which they later acquired -- and the sales continued for about a year. Experian bills itself as a service for people worried about identity theft. It's not clear whether Experian will face any penalty for the wrongdoing. Read the rest
Troy Maye was wanted for a string of identity thefts, but the IRS couldn't positively identify him. But after he passed a thumb-drive of stolen data to an IRS informant, investigators were able to pull his name off the drive's metadata. They used that to find his Instagram profile, and found a food-porn photo he'd taken at the Morton's steakhouse where he'd dined with the informant. Busted.
"IRS Agent Louis Babino then headed to Google and located Maye’s Instagram page, which contained a profile photo of Maye. When shown the profile photo, the CW confirmed that Maye (seen at right) was the man with whom he dined at Morton’s."
Well, sure, Agent Babino, but how can you be really sure this was your guy?
"A further review of Maye’s Instagram page, Babino noted, revealed “a photo of a steak and macaroni and cheese meal containing the caption ‘Morton’s.’” The image--uploaded on January 7 at 11:24 PM--“appears to coincide” with the CW’s meeting at Morton’s, added Babino."
Yup, this guy food-porned his way into being arrested. The Instagram photo is reportedly being entered into evidence in the case, so one hopes the juicy steak and the creamy mac and cheese was really, really worth all the trouble Maye is now in. Once again, if you're a criminal, online narcicism is probably something you'd be best to avoid.
If you're one of those people who tend to lose their phone shortly after putting it down, then you'll want to read this. According to a new study, if you lose your smartphone, you have a 50/50 chance of getting it back. But chances are much higher -- nearly 100 percent -- that whoever retrieves it will try to access your private information and apps.
According to a study by Symantec, 96 percent of people who picked up the lost phones tried to access personal or business data on the device. In 45 percent of cases, people tried to access the corporate email client on the device.
"This finding demonstrates the high risks posed by an unmanaged, lost smartphone to sensitive corporate information," according to the report. "It demonstrates the need for proper security policies and device/data management."
Symantec called the study the "Honey Stick Project." In this case the honey on a stick consisted of 50 smartphones that were intentionally left in New York, Los Angeles, Washington, D.C., San Francisco and Ottowa, Canada. The phones were deposited in spots that were easy to see, and where it would be plausible for someone to forget them, including food courts and public restrooms.
None of the phones had security features, like passwords, to block access. Each was loaded with dummy apps and files that contained no real information, but which had names like "Social Networking" and "Corporate Email" that made it easy for the person who found it to understand what each app did. Read the rest
Many websites will allow you to "recover a lost password" if you (or a crook) can supply your date of birth, mother's maiden name, etc. So, of course, crooks buy and sell data like dates of birth, mothers' maiden names, Social Security Numbers, and other easily mined minutae. Brian Krebs reports from superget.info, a site that sells would-be fraudsters this information, and also has a wholesale program so that entrepreneurial crooks can resell your personal information to their friends.
Superget lets users search for specific individuals by name, city, and state. Each “credit” costs USD$1, and a successful hit on a Social Security number or date of birth costs 3 credits each. The more credits you buy, the cheaper the searches are per credit: Six credits cost $4.99; 35 credits cost $20.99, and $100.99 buys you 230 credits. Customers with special needs to can avail themselves of the “reseller plan,” which promises 1,500 credits for $500.99, and 3,500 credits for $1000.99.
“Our Databases are updated EVERY DAY,” the site’s owner enthuses. “About 99% nearly 100% US people could be found, more than any sites on the internet now.”
Customers who aren’t choosy about the identities they’re stealing can get a real bargain. Among the most trafficked commodities in the hacker underground are packages called “fullz infos,” which include the full identity information on dozens or hundreds of individuals.