Tuesday, April 17, 2018

Unusual murder by elderly woman in Florida motivated by identity theft



In a bizarre case of female evil, a woman who shot her own husband in Minnesota fled to Florida, and then killed a woman who looked like her to try to assume her identity.


A station in Florida gives the bizarre account here
  
The perpetrator is elderly, “grandma”.  Very unusual crime, right out of the movies.
  
Authorities have already said that identity theft is the Number 1 crime in Florida.

Monday, April 16, 2018

Facial recognition data from leaked social media sites could lead to private blacklists






Forbes reports on a huge worldwide facial recognition project sponsored by Israeli security and hiring ex-spies.

The project would use Facebook and other data taken from social media companies by efforts like Cambridge.
  
Governments could use the information to build blacklists to keep out “terrorists” and private companies could develop and sell such secret blacklists.

EFF tweeted the story today. 

Sunday, April 08, 2018

Very private data may have been taken from Facebook Messenger, but could also have been taken from personal blogs



The data that may have been available to foreign analysts like Cambridge seems more private and extensive than I had thought, including the contents of private messenger, facial recognition data, and contact information for friends, as in this CNN Money story.  
  
Since this data could have been matched with dark web data based on other corporate hacks, this seems especially disturbing.
  
However, it’s also true considerable data about people who had blogged or self-published articles openly on the web could have been available anyway, even without modern social media, if enemy interests really wanted to target ordinary American civilians based on political or religious affiliations – a possibility that would raise new national security concerns were it to ever unravel.  Even shared economy about consumers (which shows physical location) could come into the mix. 

Thursday, April 05, 2018

Feeding of Facebook breach from Dark Web raises id theft risk to users



Craig Timberg, Elizabeth Dworkin and Tony Romm write a front page Washington Post story Thursday, April 5, 2018, “Facebook: Bad actors likely hot most users”, link.

Beyond the previous announcement of 87 million accounts compromised there is the bad news that criminals took data from the dark web, from previous corporate hacks (possibly Equifax) and fed it into Facebook.  It took some sophisticated programming to do this, but in Russia young adults don’t have good legitimate jobs. 

  
Therefore, you have to say that, especially overseas in authoritarian countries, the back could present a real ID theft to many Faceboook users after all.

There is also a lot of extra concern about the compromise of minors' privacy, literally as part of the business model. 

The regulatory consequences could be quite substantial.  Facebook seems to have violated its agreement with the FCC in 2011. 

Thursday, March 22, 2018

Could Facebook's breach lead to an identity theft risk for some users?



The enormous concerns over the recent misuse of Facebook data by British company Cambridge Analytica naturally could raise questions about possible identity theft. 

Is there really a danger?   I would think not.  Most of the data taken, even of “friends” was non-specific, such as likes or sites visited or purchases.  It generally was not PII as usually understood. So this leak is not as "dangerous" as, say, the Equifax hack. 

  
Some accounts say that facial images were taken.  Because facial recognition software exists, this could present a security problem for individuals.  I’ve written before here that people in bars and discos are more sensitive to photography by strangers now than they were, say, back in 2010.
  
However, the Identity Theft Resource Center writes essentially that there could be some risk from very determined foreign hackers who want to target someone. .  

Thursday, March 08, 2018

Russian identity theft scheme gets past usual fraud detection



Russia’s troll “animal farm” seems even more insidious that we thought a month ago.
  
The Russians were able to match up stolen social security numbers with driver’s licenses, Paypal, credit and bank accounts.  The Verge has a more detailed story Feb. 16 by Russell Brandom, here. 

That means that the normal fraud detection at institutions wouldn’t work.

Yet it seems as though this would involve setting up fake identities that don’t overlap the real person’s activities, otherwise it would be quickly detected.


The recent practice of porting smartphone numbers could have been involved.
  
I wonder about the phone call I just got offering me a $200,000 line of credit for no reason.  Is there another copy of me overseas somewhere?  Could I get arrested if I go overseas over this identity?

Friday, February 16, 2018

Russian election hack may have used synthetic ID theft of real US persons



It appears that some of the fake Facebook and other social media accounts involved with the 13-point Mueller indictment today may have been created as synthetic fake people with info stolen about real US persons, as in this Wired story
  
It does not appear that there was widespread direct harm to the persons stolen (credit scores, false prosecutions)


A fake profile of me was created on Facebook in early 2016, caught by a friend, and removed by Facebook before I knew about it.  It has no content.  But it is conceivable that this could have been Russian activity.
  
A detailed story in the Washington Post about the indictment by Rosalind S. Heldeman and others appears here.
  
Apparently some real US citizens joined fake groups not knowing these were Russian.
Here is a Scribd pdf text of the US Attorney in Washington DC (37 pages).  It is said to read like a spy novella. 
  
It is not clear how easily individuals named could be extradited and prosecuted.
    
The story could turn out be relevant to “fake business scams” currently discussed on my IT jobs blog.