Identity Theft

4May/12

Corporations Are People, My Friend. But, IP Addresses Are Not.

When a judge makes a good decision, it shouldn't be news. But, in this case, it's very good news indeed. This week New York Magistrate Judge Gary Brown for the United States District Court for the Eastern District of New York filed a 26-page ruling pointing out that the person listed as an Internet account holder is often not the person using the account.

"It is no more likely that the subscriber to an IP address carried out a particular computer function–here the purported illegal downloading of a single pornographic film–than to say an individual who pays the telephone bill made a specific telephone call," Brown said in his Order & Report & Recommendation, filed May 1.

"An IP address merely identifies the location where a certain activity occurred", Brown noted. A computer in a household is usually shared, which means a child, a boyfriend, or any other visitor, is just as likely to be using the computer. Brown also noted that many households now have a wireless network. If the network is not secured, many people, including neighbors and strangers, can be sharing that IP address without the original account holder's knowledge.

"Considering the weak relationship between an IP address and personal identity, it's likely copyright holders were accusing the wrong people of violating copyright", Brown noted. Mass-BitTorrent lawsuits relying entirely on IP addresses to identify copyright infringers were a "waste of judicial resources," he wrote.

VIA: http://securitywatch.pcmag.com/security/297475-ip-address-not-a-person-judge-says-in-copyright-lawsuit

Similar Blog & News Articles

Filed under: Better Late Than Never, Copyright, Crime, Future Proof, Identity Theft, Law, Search & Seizure, Security No Comments

30Mar/12

‘Massive’ credit card data breach involves all major brands

This breach has already been confirmed by the big processors, and seems to be larger in scope than prior breaches.

VIA http://money.cnn.com/2012/03/30/technology/credit-card-data-breach/?source=cnn_bin

Filed under: Crime, Future Proof, Hacking, Identity Theft, Press, Privacy, Security, Society No Comments

19Mar/12

There’s an app for that: How researchers pwned your mind

Researchers turn smartphone users into unwitting minions with a simple app

With mobile users becoming more reliant on their devices and accompanying applications, researchers from Northwestern University have discovered the ease with which user’s mobility can be “soft” controlled.

As smartphone apps become further and further integrate into our daily lives, you have to wonder if we’re in control of our desires or if mobile applications are starting to controlling us.

To discover the ease with which app users can be manipulated, researchers from the McCormick School of Engineering at Northwestern University underwent a study to determine whether they could change the habits of a smartphone user’s mobility through gaming and social-networking applications. The goal was to compel them to visit areas less frequented.

How can an application affect on our decisions on a daily basis?

Like with advertising, we can be compelled by Foursquare to achieve or maintain our “Mayor” standing at a particular restaurant or venue. We might be manipulated, for instance, to travel not to the local pizza shop, but instead to the Chinese food store that we’ve been visiting repeatedly for the last month.

The research was conducted by John Rula and Fabián E.

Bustamant and titled, “Crowd (Soft) Control Moving Beyond the Opportunistic.” They used four foundational elements that work together offer individuals incentives:

Location: The location desired stated in terms of latitude and longitude, and optionally altitude and heading.
Action: The type of action to be triggered at the particular location and time.
Expiration Time: The time when the request is no longer valid; this is used to control the timing and relevancy of actions.
Ranking: The relative importance of the location. This can be used by the game to differentiate incentives by priority Rula and Bustamant created an Android-based augmented reality game titled, “Ghost Hunter,” which required users to chase monsters and ghosts throughout the neighborhood. The objective of the game was to “zap” the ghosts and monsters by capturing the augmented image on their mobile phone’s camera. But what users were not aware of was the researcher’s underlying intent.

The researchers had positioned the ghosts in exact locations, around a predetermined building. The resulting photographs of the “ghosts” enabled the researchers to create a 3D picture of the building from the collected images. While the photographic modeling of the building was successfully crowdsourced by the unsuspecting “Ghost Hunter” gamers, what the researchers had also discovered was the ability to compel users to capture images of the building from angles and locations typically not frequented, as the image below indicates.

While mobile users are concerned about their privacy, the ease with which they can be “soft” controlled raises a whole new issue altogether. Games and social networks not only offer a means of learning more about the people who use them, they can potentially offer a way to control their actions. Manipulating users into conducting illegal acts or luring them to dangerous locations is very much a reality.

Only days ago, three Japanese tourists were mislead by their GPS into the Moreton Bay in Australia during a low tide and became trapped in the thick mud. With the tide rising, they were forced to abandon their waterlogged rental car.

Ultimately, users will have to decide for themselves where they draw the line. As the research reiterates, “As augmented reality gamers can be trusted to exercise their best judgment during play, users of extended location based applications should be trusted to judge the suggestions made through CSC (Crowd Soft Control).”

Via http://www.digitaltrends.com/mobile/researchers-turn-smartphone-users-into-unwitting-minions-with-a-simple-app/

Filed under: Big Brother, Cellular, Crime, Gaming, GPS, Hacking, Identity Theft, Internet, Law, Privacy, Security, Social Networking, Society, Surveillance, There's an App for That No Comments

1Feb/11

Internet Explorer Flaw Could Disclose Passwords

Via MSNBC:

A recently discovered flaw in Internet Explorer could allow criminals to collect passwords and banking information. Microsoft is warning Windows users to be aware of the problem, with a manual work-around available, but there is no downloadable software fix available yet. So far, Microsoft says it “has not seen any indications of active exploitation of the vulnerability.”

Read the article: http://technolog.msnbc.msn.com/_news/2011/02/01/5967710-ie-flaw-could-mean-access-to-passwords

Filed under: Computers, Hacking, Identity Theft, Internet, Privacy, Security No Comments

31Jan/11

Security Minded: Drive Encryption

The Need

Where do I begin? Even before (maybe especially before) storage devices were portable, they were still vulnerable to theft, due more to their high resale value than the questionable value of their contents. Today, the market value of even a brand-new desktop computer may not be worth the potential consequences of being caught. But, the lucrative identity theft trade has given rise to an entirely different motive for computer, tablet, and cellphone theft. In this case, the device is simply a means to an end.

But theft and the obvious concern over losing such easily and commonly misplaced devices as thumb drives are far from the only reason to encrypt hard drive data. Today, for instance, international travelers may be subject to the copy and search of their hard drives, as authorized by the Department of Homeland Security's U.S. Customs and Border Enforcement's "Policy Regarding Border Search of Information" (July 16, 2008), which, among other things, allows Customs Agents broad discretion to detain "electronic devices, or copies thereof, for a reasonable period of time to perform a thorough border search." Regardless of your motivation, encrypting mobile data storage should be high on your list of priorities. Like my AmericanExpress card, I never leave home with out it.

Note to attorneys, medical professionals, or anyone with a fiduciary responsibility: Unlike most professionals, you may have a legal, if not ethical, responsibility to protect your clients' data. Even if a standard for "reasonableness" has previously been applied to "locks" and other 20th century security practices, it may not apply to devices removed from a secure space. Check with your respective associations and/or licensing boards for more information. ... CONTINUE READING »

Filed under: Crime, Hacking, Handhelds, Identity Theft, Law, Privacy, Search & Seizure, Security Continue reading

8Jan/11

Obama Looks to Silicon Valley to Solve Identity Crisis

The federal government thinks identity and passwords need to be fixed to keep the internet healthy, but is declining, thankfully, to try to fix it themselves. Instead, they are pushing internet entrepreneurs to build something robust and open.

Read full article at http://feeds.wired.com/~r/wired/index/~3/3Uts2JG5xFc/

Similar Blog & News Articles

White House Calls for Internet Identity Ecosystem to Protect Online Users :: eWeek - RSS Feed

Filed under: Better Late Than Never, Computers, Crime, Future Proof, Hacking, Identity Theft, Internet, Privacy, Security No Comments

22Mar/10

Was convicted hacker on the Secret Service payroll?

"Secret Service paid TJX Hacker $75,000 a Year"

According to Wired, a convicted hacker and credit card thief was paid to work undercover for the U.S. Secret Service. A convicted accomplice told Wired that Albert Gonzalez was paid $75,000 a year in cash as a confidential informant to the U.S. Government.

Though the Secret Service would not comment, a former federal prosecutor told Wired that the payment was not unusual. He compared it to "million-dollar payouts" to informants involved in organized crime investigations. According to Department of Justice guidelines, agents are required to advise confidential informants that payments "may be taxable income that must be reported to appropriate tax authorities".

Albert Gonzalez was arrested in 2008 and accused of running one of the largest identity theft crimes in U.S. history. After his arrest Gonzalez lead instigators to more than $1 million buried behind his parent's home.

Gonzalez will be sentenced on Thursday. The government is seeking a 25 year sentence.

Similar Blog & News Articles

Filed under: Computers, Crime, Hacking, Identity Theft, Internet, Law, Security No Comments

14Mar/10

FTC Queues-in on Netflix Member Privacy

Attn. MPAA: There are much worse ways to copy movies than with a computer.

In 2007 prosecutors in Anchorage Alaska accused 34 year old stripper Mechele Linehan of plotting a murder based on the 1994 movie "The Last Seduction". Life so closely imitated art, said prosecutors, that they even tried to have the movie played for the jury.

Rockstar Games Grand Theft Auto

In 2008 a teenager confessed that he was trying to imitate scenes from the video game "Grand Theft Auto" when he robbed a murdered a taxicab driver in Bangkok Thailand. Movies like "The Deer Hunter" (1978) are even believed to have inspired several "copycat" suicides in the late 1970's and early 80's.

All of this may seem like fodder for censorship advocates, but that debate has largely come and gone in favor preserving the First Amendment's right to free speech. Wise as the framers of the U.S. Constitution may have been, few would accuse them of being clairvoyant. After all, who could have predicted the impact the Internet would some day have on both the precept of free speech and the concept of privacy?

Though many speak of the "right to privacy", it is not, at least as far as the U.S. Constitution is concerned, a right at all. It is, nonetheless, an ethos that has long been coveted by Americans, and is implicit in the Fourth Amendment's:

...right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures...

Of course, mention the term "search" to most people today, and it's far more likely to conjure thoughts of friends lists", home pages and e-books, than actual people, houses and papers. And while, in just the past few years, popular culture has come to embrace the sharing of intimate, private and personal details with virtual strangers, the desire to remain "secure" seems to be very much alive in the 21st Century. In fact, more than any other, the Fourth Amendment has played a central, albeit contested, role in the litigation of hi-tech criminal evidence.

I know what you watched last summer...

So, what does all this have to do with your Netflix queue? Though Americans, and many other people around the world, may be willing to voluntarily divulge personal information, either in trade for modern conveniences and services, or increasingly, for a sense of online significance, we're not quite as enthusiastic when it's taken from us and shared without any tangible return. It's no longer a secret that the monetary value of data has been pre-calculated into the return on investment (ROI) of so many of today's business models, but consumers still tend to expect a certain level of security. In recent years the bar has been set pretty low. Still, it may surprise many to learn that "anonymous" usage data can be deciphered into personally-identifiable intelligence, as proven by a pair of researchers at the University of Texas using what was thought to be anonymous user data provided to contestants in the three-year $1 million "Netflix Prize" to improve the site's recommendation results.

The UT's results brought both unwanted attention from the Federal Trade Commission and a lawsuit from a private firm, resulting in Netflix's decision last week to cancel a planned sequel to the prize awarded last year.

It's not hard to imagine how this sort of data could be exploited to peddle shoes to people who have rented all six seasons of "Sex in the City", or BestBuy ads targeted at fans of NBC's "Chuck".

Dreamworks Minority Report (2002)

It's no longer extraordinary to see similar data exploited in the process of investigating crimes either. Certainly the viewing interests and habits of the individuals mentioned above have been considered relevant discovery by law enforcement. In these cases, there's little, if anything, to decipher. Anything that Netflix knows about you, your account, and your viewing habits, is subject to a warrant, and, with or without much imagination, could be incriminating. How many of us haven't seen a good fictional car case, a well-written murder plot, a scripted street-fight, or a perfectly executed crime? The consumption of such fiction could be hazardous to your defense, if it proceeds similar accusations.

Now, imagine the same evidence available to anyone, without a warrant, subpoena, or probable cause. Perhaps someone at the FTC had the movie "Minority Report" in their queue.