The Washington Times reports the technology that makes online shopping and banking secure is under increasing assault by hackers, criminal gangs and spy agencies, threatening the $680 billion-a-year global e-commerce market. Security specialists warn that consumers soon may no longer be able to trust the padlock icon in browsers, known as the Secure Sockets Layer (SSL), that signals a secure Internet connection, meaning they would no longer be able to shop or bank online with confidence. SSL relies on special electronic certificates issued to a secure website, but each kind of Web browser validates certificates in a different way.
CNET reports a California man was sentenced to eight years in prison for identity theft after federal police GPS-tracked his phone and discovered a hard drive with over 300,000 victim profiles during a raid of his home. Robert Delgado, 40, who lived in Monterey Park, a Los Angeles suburb, pleaded guilty earlier this year to conspiracy to commit bank fraud and was sentenced on Monday. At the time of his arrest in March 2011, Delgado had already been on parole for identity theft. He was accused of obtaining credit card numbers, forging credit cards and government-issued ID sporting his (or a co-conspirator’s) photograph, and using the identity documents to buy flat screen TVs, power tools, electronics, and jewelry. Those in turn would be sold for cash.
SC Magazine reports Companies spend on average up to a year to restore their reputation following a data breach, according to a study released Thursday by the Ponemon Institute. The survey of 843 executives found that an organization’s brand value dropped between 17 to 31 percent following an incursion, depending on the type of information lost. Those polled, estimated the economic value of their company’s brand to be anywhere from $1 million to greater than $10 billion, with an average of $1.5 billion. Eighty-two percent of respondents said their company had experienced a breach involving sensitive or confidential information.
The Register reports at least four web authentication authorities have reported being compromised in as many months, according to research from the Electronic Frontier Foundation. This renews serious questions about a technology that millions of websites rely on to remain secure. Two certificate authorities have experienced security breaches that required certificates to be revoked, renewing a criticism that has dogged SSL for years. With more than 600 authorities trusted by major browsers, there are too many points of single failure. As demonstrated by the DigiNotar debacle, the compromise of just one authority allows impostors to obtain digital certificates that Google Mail, Skype, or other services use to encrypt gigabytes worth of sensitive traffic and prove their servers are authentic, rather than easily forged impostors.
Bank Info Security reports thousands of cell phone numbers in Oregon have been targeted in a smishing scam that attempts to get victims to respond with account details related to their Wells Fargo accounts. The scam claims accounts have been deactivated, requiring immediate attention, says Bend, Ore., Police Lt. Ken Stenkamp. Stenkamp, who says his two children also received the phishing text, confirms only a 63-year-old woman reported being victimized by the smishing scheme. The text message asks users to reply back with sensitive information, including account numbers and PINs.
The Threat Post reports the Securities and Exchange Commission has issued new guidance to help public companies determine when they may need to disclose an attack–or even a potential attack–in order to make potential investors aware of possible risks to the company’s business. The guidance, which does not constitute a rule or requirement for companies to disclose, is meant to help “registrants in assessing what, if any, disclosures should be provided about cybersecurity matters.”
Krebs on Security blogs about ATM skimmers made of parts from old MP3 players. Using audio to capture credit and debit card data is not a new technique, but it is becoming vogue: Square, an increasingly popular credit card reader built for the iPhone, works by plugging into the headphone jack on the iPhone and converting credit card data stored on the card into audio files. The card skimmer is designed to fit over the card acceptance slot on an ATM. When a card is slid past the magnetic reader, the MP3 player “hears” the data stored on the card’s magnetic stripe, and records it as an audio file to a tiny embedded flash memory device.
Bank Info Security reports Georgia authorities made key arrests in an identity theft investigation that has connected crimes going back 15 years, totaling $9 million. The Criminal Intelligence Unit of the Cherokee County Sheriff’s Office, with help from the U.S. Secret Service, arrested Robert Smith, 46, of Atlanta, and Robert Hill, 49, of Roswell, Georgia, for their alleged involvement in ID theft cases that targeted victims throughout the United States. During the arrests, authorities seized more than $91,000 in cash along with what has been defined as high-end retail property, including a 1999 Lexus and a Harley Davidson motorcycle.
The Reporter Herald notes in an ironic twist, hundreds of people across Northern Colorado have fallen victim to banking fraud crimes during National Protect Your Identity Week, an initiative that aims to raise awareness about the dangers of identity theft. And while Northern Colorado is experiencing a significant uptick in the number of credit and debit card fraud cases, one organization reminds people to protect their financial and personal information at all times, outbreaks aside. According to Protectyouridnow.org, 8.1 million people were victims of identity theft in 2010. Losses reported in association with those cases totaled more than $37 billion.
The Register reports consumers continue to be complacent about identity theft despite growth of the crime, which has claimed four million victims in the UK alone. The warning from the Metropolitan Police Service comes at the start of National Identity Fraud Prevention Week, which began recently. The seventh edition of the annual event aims to educate people and businesses about the scope of identity theft and its prevention. According to research commissioned by paper-shredding kit supplier Fellowes, 7 per cent of the UK population (4 million people) have been victims of identity fraud at one time or another. According to the UK’s fraud prevention service CIFAS, 80,000 have been targeted this year. The average cost of an identity theft is £1,190, but some individuals have been stung to the tune of £9,000.
