Friday, August 28, 2009

Federal Reserve Chairman is accidental victim of id theft


Although one would think it should be harder to impersonate celebrity, Federal Reserve Chairman Ben S. Bernanke and his family became victims, according to a story on p 22 of the Washington Post today by Jerry Markon, Neil Irwin, and Keith L, Alexander, link here. A purse was stolen, and one check for $900 was written illegally in his name. Now there is a prosecution of at least nine people in an identity-theft ring in federal court in Alexandria.

Today’s millionaire show asked which kind of device was useful in fighting identity theft, with the answer being “paper shredder.”

Thursday, August 27, 2009

Can a computer user hide his IP address? Does he need to?


Here’s another trick question, in a “Tech MSN” column written by Paul Hochman. The article is called “Hiding in plain sight: Is my personal information safe when I go online?”

A reader asks Paul if there is a way to hide his IP address when he sends an email. Paul gives an answer that, no, it can’t be hidden, although many ISP’s (like AOL) change it all the time. But it takes a court order to get anything more, even your name if your anonymous (and I’ve written a lot lately about misbehaving anonymous bloggers).

His answer is here.

If you have your own website, most ISP’s give you access to logs, which may enable you to see where page requests for your site come from. You can do a reverse IP lookup on WHOIS sites like “Domain tools”. If it’s your employer, a lot of times the IP address will give your employer away. That happened for me in 2005 with the local public school system where I was substitute teaching. I could tell that a school administrator had searched for my name with a disturbing search argument, and solve a personnel issue that was going on.

Tuesday, August 25, 2009

Beware of phishing with debt collection emails


Today I got a debt collection notice by email, with instructions to “settle” for $79 by paypal. Of course, I marked it as spam. Curiously, AOL had let it through, and Spysweeper did not flag it.

The email did not have the mini Miranda worded correctly, and did not identify the supposed creditor. Furthermore, my credit reports are clean (there was one small medical bill that a doctor mis-submitted but that was for considerably more than $79).

As far as I know, you must be contacted by phone or US mail to collect a debt. The phone call must start with the Mini-miranda, must identity the creditor and amount.

So phony debt collection notices may be the next type of phishing attacks.

Friday, August 21, 2009

Debt collectors don't have an easy job!


I could put this on my IT blog because that’s where I talk about the job market, but debt collection is related to identity security, so I’ll put it here. Today, AOL posted a “Career Builder” page “Confessions of a debt collector” which follows a 10 year old book “Beat the Bill Collector” by Max Edison.

The link is here.

I worked for a collection agency for a while in 2003 while still in Minnesota, and the quota was much less than $300000. But they are right about the FDCPA, the Fair Debt Collection Practices Act. Ethical companies do require collectors to follow it, and employees are monitored randomly by managers.

Good collectors are gentle with the customers, and focus on contacting customers who really want help with clearing up debt. Good collectors know that there are enough customers who do want help that they don’t need to harass those who don’t.

Thursday, August 20, 2009

Unspam group goes after banks for info on their systems in suit against hackers


Saul Hansell is reporting today (Aug. 20) in The New York Times Business Day that Unspam Technologies is taking legal action to get information about security systems and practices at banks that have accidentally leaked personal information to computer hackers. The suit appears to have been filed formally against the hacker gangs overseas. But the disclosure technique is similar to that used in “anti-anonymity” cases with bloggers and libel, or particularly to identify computer users who download songs illegally through P2P.

The story is “A lawsuit tries to get at hackers through the banks they attack” and the link is here.

Tuesday, August 18, 2009

Major id-theft and hacking ring broken with indictments (Heatland Payment Systems case)


Three hackers have been indicted for compromising the payment processing systems of Heartland Payment Systems in 2008; indirectly affected are the customers of 7-Eleven convenience stores and Hannaford Brothers groceries.

There are many media stories, but Brian Krebs as an account in the Aug. 18 Washington Post here.

One of those indicted is a former Secret Service agent, Albert Gonzalez, and has already been indicted on some high profile compromises such as T.J. Maxx.

Hackers in the US worked with those in Russia and Eastern Europe.

It was not immediately clear how much monitoring assistance would be available to consumers.

Tuesday, August 11, 2009

Surprise mini-Miranda goes to "dead air"; Government websites tracking cookies could compromise privacy


Well, guess what. I got a phonecall with a bad connection and the beginnings of a mini-Miranda when the call dropped into “dead air”. So I checked my credit reports on freecreditreport.com (the fish sticks guy) and found no problems, so I think it is a small medical bill that the hospital center sent to the wrong Medicare supplementary insurance carrier. Yes, the provider did not get paid, and I will get a call from a collection agency. I used to work as a debt collector (though not in medical – they say “you used the services”). I know how it works. I will get a call from a collector. It’s up to Virginia Hospital Center to fix it (or eat the cost).

But I think there are ways for phony accounts to get set up that wind up in collections but don’t even hit your three credit reports. It’s unusual, but there are technical loopholes that let it happen.

Today the Washington Post had a major story about tracking cookies and government websites., by Spencer S. Hsu and Cecillia King, “Obama Web-Tracking Plan Stirs Privacy Fears”, link here. This whole fiasco started with Obama’s own video website and the rigging of the video application. No,really I don’t think that this will lead to identity theft, but after what just happened today I start to wonder.

Saturday, August 08, 2009

I encounter an apparent Blackberry glitch: a way personal information could leak


Something bizarre happened with my Blackberry today that sounds like another identity security peril. I placed a sensitive call and left a message, having used the white tracking ball to bring up the number. I believe that I got the usual greeting for that number.

When I put it back on my belt, somehow the cursor moved and it playing back some recorded instructions. I looked at the call log, and it said that the call had been placed to another number, an 800 number for a bank. I logged on to my Verizon account and today’s call log did not show yet. Furthermore, the record of the earlier call to the correct number disappeared, and the call count got added in to the wrong number.

It’s conceivable that personal information could have been left with a wrong number. I’ll have to find out from the right party if it actually got one or two calls from me. I really think it got two calls, and it will turn out that this is a Blackberry software bug of some kind. But it could represent a serious security problem for some people in some circumstances.

As a movie title says, “something wicked this way comes.” Hopefully the Secret Service as eliminated any software bugs from president Obama's Blackberry, but it’s easy to imagine how something like this could be a security problem in military or diplomatic situations, too.

Wednesday, August 05, 2009

Tell credit card companies that you're "desirable"!


On Aug. 4, 2009, the “Small-Change” column in the Washington Post, by Nancy Trejos, gave advice on “negotiating with your creditors”. There was attention to unused credit cards being canceled, or for limits being reduced (and therefore your FICO score) when you’ve done nothing wrong. There was a line in the article (here) that struck me as funny, going back to my own Army days: “Prove that you’re desirable”.

Actually it’s not funny.

The National Foundation for Credit Counseling is here.

But cracking down on less used cards may actually improve consumer security and make fraud less likely.
Picture: Barber shop in Colonial Williamsburg