Identity Theft Protection Blog with Robert Siciliano

Robert Siciliano Identity Theft Expert

Naiveté: A lack of sophistication or worldliness. That sums up a lot of people I know. “There’s a sucker born every minute” is a phrase often credited to P.T. Barnum (1810 – 1891), an American showman. It is generally taken to mean that there are (and always will be) a lot of gullible people in the world.

Predator: A predator is an organism that feeds on another organism. For example, to the shark, they make the other animal as their prey. That also sums up a lot of people I know. I observe them in person and in the news daily.

There are many ways how and motivations why a predator stalks their prey. Often it is just their nature to do so. Control and money top the list of motivations.

In the world of Information Security the “how” is “social engineering”.

Social engineering is the act of manipulating people into performing actions or divulging confidential information, rather than by breaking in or using technical hacking techniques (essentially a fancier, more technical way of lying).

Social engineering or “social penetration” techniques are used to bypass sophisticated and expensive hardware and software in a corporate network. Smart organizations train their employees to be aware of and resist the most common attempts to trick them into letting down their guard.

The Register reports pentesters, a.k.a ethical hackers: regularly send client employees emails informing them the strength of their login passwords is being tested through a new website. They are then instructed to follow a link and enter their credentials. The success rate: as high as 50 per cent.

The vulnerability stems from humans’ inherent tendency to trust one another. Survival over the millennia largely depended on their ability to work in groups. When one person saw that a group of his peers ate a particular berry and didn’t die, he ate the same fruit – and survived as a result. Hackers who understand this trait can exploit it to access companies’ most precious assets.

This is where we throw around words like “naiveté” and “sucker.” You don’t really need to be naïve, a sucker or stupid to respond to emails like this. Really, you just need to be nice, helpful and trusting.

I found a website called “Hacks4Sale” which employs similar tactics but they claim are for different reasons: A very large portion of our clients are the victims of spousal infidelity, nowadays the primary means people employ to communicate with their lover are e-mails and social networking websites, both of witch we can help you gain access to through our software. Our software solutions enable our clients to retrieve (no physical access to the user’s computer is required) the login credentials to accounts at all the major e-mail and social networking providers (Yahoo,Gmail,Hotmail,Myspace,Facebook and many others)

Recognize that the predator uses these tactics to get what they seek. They will stop at nothing and consider you their natural prey.

Always question authority or those who claim authority.

Don’t automatically trust or give the benefit of the doubt.

When the phone rings, an email comes in or you are approached, proceed with caution.

Protect your identity.

1. Get a credit freeze and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in anti-virus and keep it auto-updated and check out my spyware killer IDTheftSecurty HERE

3. Get my book as an iPhone App or go to my website and get my FREE ebook on how to protect yourself from the bad guy.

4. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing identity theft on Fox News.

Growing up we used to spend hours prank calling people we knew and also calling completely random numbers. The best calls were when you got someone on the line that got all mad and reacted in a way that made us want to call that person every five minutes forever. We just needed “stimulation.”

Then we grew up. Just in time for caller ID and no more prank phone calls. Back then, the telephone was the only technology we had access to, other than walkie talkies and hacking CB radios. Today is a whole new era.

All along we were told “not to talk to strangers.” It was the stranger that was strange and most likely to hurt you. Since then, “stranger danger” has been rebuffed by many. However new technologies are bringing back the danger in the stranger.

Your 12 year old daughter chatting in a park or online with a 35 year old stranger isn’t good. Chatting with that same 35 year old with a webcam is a disaster that will happen.

Then comes Chatroulette.

“Parents need to know that Chatroulette allows anyone with a webcam and Internet connection to instantly video chat with any other visitor anywhere in the world. Even if you don’t have a web cam, you can still use the site and view the other people using it. All you do is go to the site’s homepage, click a button to sync your webcam, and you are instantly connected randomly with other users.”

1. Talk to your kids about sites like these and the risks they pose.

2. Discuss both the good and potential bad intentions someone may have when on a site like this.

3. Explain how the anonymity of a site like this can motivate people to do and say things that aren’t socially acceptable in public.

4. Communicate to them that adults have a way of extracting information from minors and can manipulate them into saying and doing things they may later regret.

Robert Siciliano personal security expert to Home Security Source discussing Webcam Spying on The CW New York.

When I was 17 my friend “Baldo” as he was known by all was the Fake ID Master. He also fixed TV’s and still does today. But he didn’t actually create “fake ID’s”, he altered real ones. The technology he used back then is still used today. It’s called Crayola Crayons. He would take a Massachusetts ID and heat the laminate over the stove and peel it back. Then he’d dab a premixed batch of liquid aqua green/blue crayon on the left side of an 8 and make it a 3. He’d’ bust out his heating iron and some wax paper and seal up the laminate. Then a 17 year old became 22 with the same technology my 1 year old eats. Packy run anyone?

Today is a little different. It’s not so easy to peel back the laminate. Most cards today are treated plastics, PVC, styrene, polypropylene, direct thermal, and teslin hybrids. However, while all that sounds technically challenging, it’s really not. Some of the do-it-yourself ID making machines are the size of a shoebox. It is however a tad more complicated than that. Sure you can go to your local office supply and buy ID making materials or simply buy fake IDs online, but will they pass the muster when put in front of numerous technologies that look for tampering?

That’s where the $10,000 Fake ID comes in. In New York authorities busted an identity theft ring and charged 22 people with selling drivers’ licenses and other identification documents.

“Among those implicated in the ring are two New York State Department of Motor Vehicles employees, who are believed to have earned over a $1 million dollars issuing more than 200 licenses and other documents over the past three years. The alleged ring leader of the group was identified as Wilch Dewalt, also known as “Sharrief Sabazz Muhammad” and “License Man.” Authorities say he acted as a broker who, in exchange for a fee of between $7,000 and $10,000 served as a one-stop shop for fraudulent documents.”

In this case the clients who were dropping 10G on ID’s were people who were hiding from the law in plain site, including felons, a drug dealer whose claim to fame was once a cameo on America’s Most Wanted and someone from the governments ‘No Fly List.” These were people that, A: could afford it and B: needed the best of the best in real fake identification.

In the meantime, identity theft is again the top 2009 consumer complaint, the FTC reported. The FTC had reports of 1.3 million. The number of American identity fraud victims rose 12% last year to 11.1 million, with losses hitting $54 billion, according to an annual report from Javelin Strategy & Research.

Protect your financial identity.

1. Get a credit freeze and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in anti-virus and keep it auto-updated and check out my spyware killer IDTheftSecurty HERE

3. With your iPhone get my book as an App or go to my website and get my FREE ebook on how to protect yourself from the bad guy.

4. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Expert

I see headlines like this every day. “Security increases” because we wait until something bad happens until we do something about it. How about we increase security right now because there is a small chance something bad can happen? Like the Boy Scouts, “Be Prepared.”

Some time ago a home invasion in Connecticut took the lives of a mother and her two daughters while the Doctor father was tied up in the basement. Bad things happened to the women and the home was eventually set ablaze. This is the single worst home invasion I’ve ever seen. The case is in the courts now. This is a perfect example of what “Predators” are.

There always has been, is, and always will be predators stalking their prey. Unfortunately, this is the natural order of life. Predators are a part of many of life’s species. Growing up my dad sat me in front of the TV and made me watch documentaries on animal behavior.

“In the animal world”, he pointed out, and then he specifically pointed towards the lion and said “there are predators and their natural prey”. The lion hunts and stalks other animals and kills, then eats them. He explained that it’s normal for the lion to kill, it’s OK, it might not be nice of the lion, but that’s just the way it is.

He went on to say that in the human world, it’s the exact same thing. That there are human beings that act exactly as the lion, and it’s normal. It’s not OK, it’s not nice, but that’s just the way it is. Lots to digest when you are 12. The fact is dad was right.

Some may know the story of the “Frog and the Scorpion.” Scorpion asks a frog to take him across the river on his back. Frogs like, no way dude you’ll kill me. Scorpion says “hey man, I won’t kill you, if I did I’d drown too” Frogs like, “OK man, sounds reasonable, let’s do it”. Frog gets halfway across the river and the scorpion stings him! Surprised, the frog asks why, because now they will both drown, scorpions says, “Stupid frog, I’m a scorpion, it’s what we do.” Predators are predators by nature.

There are over 500,000 registered sex offenders in the US. There are thousands more that aren’t registered and many more that simply haven’t been caught.

It’s unfortunate they can’t just be kept in jail. But this is the land of the free and the brave and we have rights. Even the child molesters have rights.

So here’s the deal. If you live in a house (which most of us do), chances are there are sex offenders near where you live and work. It’s not enough to know that there are bad guys out there looking for their next victims. It’s important to do something about it. Take a self defense class, bone up on your eye gouging, and teach those you love how to protect themselves. Remember, once a scorpion, always a scorpion.

Robert Siciliano personal security expert to Home Security Source discussing Predators on the Gayle King Show

New Hampshire, USA. “Live Free or Die,” baby. The official state motto emblazoned on every NH license plate has always intrigued. The thought of someone from NH might bring to mind revolutionaries or America militia sympathizers. New Hampshire has come a long way since its motto was created in 1945 and is not much different than most states today.

I live in Boston, one click south of Newy, and all those NH people work in Boston. I see them every day driving their fancy new fanlge auto-mo-biles with their fancy stereo phonic systems. Pleeeze. If any state should adopt the “Live Free or Die” motto it’s Montana, USA. I’ve been to MT bunches of times. They sell guns and beer and fishing rods and meat at gas stations. NH ain’t gut nuthin’ on MT. Plus MT had Evel Knievel and he lived in Butte. Now that’s a” Live Free or Die” town.

But it comes as no surprise that Newy is back to its shenanigans again and acting out of concerns for residents’ privacy. The New Hampshire Legislature is considering a bill that would ban the use of biometrics data in identification cards. “Acting out” being the operative term. Or are they rightfully concerned?

As noted in SC, “The bill would prohibit biometrics data, including fingerprints, retinal scans and DNA, from being used in state or privately issued ID cards, except for employee ID cards. In addition, it would ban the use of ID devices or systems that require the collection or retention of an individual’s biometric data. Under the bill, biometric data would also include palm prints, facial feature patterns, handwritten signature characteristics, voice data, iris recognition, keystroke dynamics and hand characteristics.”

That doesn’t leave much left. Why don’t they just ban them-thar fo-toe-grafs too? Come on NH, the world has evolved beyond cow tipping and flaming bags of poop on your neighbor’s door step.

In response, the Security Industry Association stated “SIA firmly believes that the broad restrictions proposed by [the bill]… reflects a significant misunderstanding of the security features and privacy safeguards of this widely-adopted technology,”

I’d say that’s more than a misunderstanding. Some believe biometrics to be the “Mark of the Beast”.

“Some have suggested biometrics, themograms, or bodily ID systems, such as iris scans, fingerprints, voice patterns, facial features, etc. as the mark of the beast. Biometrics ID could not be the mark of the beast because the mark of the beast is something you “receive“. An iris scan, voice scans, fingerprints, biometrics are NOT something you receive. It’s simply part of a person’s bodily features. In this case, every one would “have” the “mark”.”

With this kind of resistance to security, it’s amazing we get anything done. Biometrics is not an invasion of privacy. I also doubt the devil plays any role in them either. They are a tool to identify. Could they be abused? Yes. Should we be concerned? Of course. Should we ban them? Of course not.

In other parts of the world effective identification is actually embraced. Privacy concerns seem to take a back seat to security interests.

“Effective use of biometric data could have prevented the apparent theft of Anglo-Israelis’ identities, MK Meir Sheetrit (Kadima), the architect of the country’s Biometric ID Law, and a former minister of intelligence services, told The Jerusalem Post” This statement is in reference to a mess of a story regarding an assassination and the use of fake passports. The Register states that “all passports now issued contain ‘biometric’ details “which are unique to you – like your fingerprint, the iris of your eye, and your facial features”. In addition, “the chip inside the passport contains information about the holder’s face – such as the distances between eyes, nose, mouth and ears” which “can then be used to identify the passport-holder”.

And they were tampered wit, which means a failure of epic proportions. So, is NH right?

Meanwhile, CNN reports “in the name of improved security a hacker showed how a biometric passport issued in the name of long-dead rock ‘n’ roll king Elvis Presley could be cleared through an automated passport scanning system being tested at an international airport. Using a doctored passport at a self-serve passport machine, the hacker was cleared for travel after just a few seconds and a picture of the King himself appeared on the monitor’s display.”

Some stuff to chew on. Identity Proofing is the “ultimate” solution. Identity proofing simply means proving that individuals are who they say they are. Identity proofing often begins with personal questions, like the name of a first grade teacher or the make and model of a first vehicle that only the actual person would be able to answer. Of course, this technique is not foolproof, and now that personal information is so readily available over the Internet, knowledge-based authentication is probably on its way to extinction. The next step is documentation, such as a copy of a utility bill or a mortgage statement. These types of identifying documents can be scavenged from the trash, but they are more effective proof when combined with personal questions. Biometric features, such as fingerprints or iris scans, can help further authenticate an individual’s identity.

Authentication is the ability to verify the identity of an individual based on their unique characteristics. This is known as a positive ID and is only possible by using a biometric. A biometric can be either static (anatomical, physiological) or dynamic (behavioral). Examples of each are: Static – iris, fingerprint, facial, DNA. Dynamic – signature gesture, voice, keyboard and perhaps gait. Also referred to as something you are.

Verification is used when the identity of a person cannot be definitely established. Technologies used provide real time assessment of the validity of an asserted identity. We don’t know who the individual is but we try to get as close as we can to verify their asserted identity. Included in this class are out of wallet questions, PINS, passwords, tokens, cards, IP addresses, behavioral based trend data, credit cards, etc. These usually fall into the realm of something you have or something you know.

Allz I know is we guts to do something to fix this thing.

Protect your financial identity.

1. Get a credit freeze and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in anti-virus and keep it auto-updated and check out my spyware killer IDTheftSecurty HERE

3. With your iPhone get my book as an App or go to my website and get my FREE ebook on how to protect yourself from the bad guy.

4. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

It made a little buzz in the States, but over in Dubai, as more details become available about the assassination of senior Hamas terrorist Mahmoud al-Mabhouh in Dubai, it is becoming apparent to some (depending on which side of the wall you live on) that the assassins stole the identities of several Israelis carrying foreign passports.

Apparently, the purported identity theft stems the accessibility of passport data from Israelis who hold dual citizenship from Israel, Britain, Australia and other countries. “Six more Britons had their passports cloned by the killers of a senior Hamas official, “ Dubai police said yesterday as they revealed a total of 15 new suspects in the assassination. One of the victims/accused assassin stated “I was in total shock. I don’t know what’s happening – I don’t know how they got to me or my information. I haven’t left the country in about two years, and I’ve never been to Dubai. I don’t know who was behind this. It’s just scary, because powerful forces are involved in this.”

The Dubai police went ahead and released information on 26 suspects in the assassination. The pictures of the suspects were also released. One of the accused, after his mother saw him on the news stated, “Even my mother asked if I’d been abroad.”

Freaky Stuff.

I was interviewed in a yet to be released AP story from Jerusalem about how something like this can happen. It seems simple to me. If in fact the accused are what I would label as criminal identity theft victims, then we are all susceptible to this type of crime. I’ve always believed this to be the scariest of all identity theft and if the above story concludes as factual, then it’s a perfect example.

In the USA, we have as many as 200 forms of ID circulating including passports from state to state, plus another 14,000 birth certificates and 49 versions of the Social Security card. These are paper and plastic documents that can be recreated with a PC, scanner, printer and laminator. We use numerical identifiers that aren’t physically associated with us. Pictures are attached to some documents that may not look like us. Especially if there are eye glasses involved, beards, hair coloring or hair removal, weight gain or loss. Some identification documents are absent of a photo. This is not effective authentication. World wide, the system isn’t much more secure.

This is criminal identity theft waiting to happen.

At least protect your financial identity.

1. Get a credit freeze and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in anti-virus and keep it auto-updated and check out my spyware killer IDTheftSecurty HERE

3. With your iPhone get my book as an App or go to my website and get my FREE ebook on how to protect yourself from the bad guy.

4. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker video hacking P2P getting lots of fun data.

Robert Siciliano Identity Theft Expert

GPS is the single greatest invention since the wheel. Well, it is for me. Admittedly, I’m not a great driver. I don’t pay attention as much as I should. I day dream and I miss exits. I’m safe, but I just don’t like to drive. GPS gets me there.

I’ve messed with all kinds of GPS devices to get me from A to B. I’ve used iPhone Apps, Google Maps and the GPS that came built into me vehicle’s dashboard. My dashboard GPS is frustrating and less than user friendly. So I went out and picked up one of the name brand portable models. I LOVE IT!

Out of the box, it brought me through a set up wizard. The set up wizard prompted me to plug in my home address into a field appropriately called “Home.” This thing is so user friendly it allows you to press this one button from wherever you are at the time and it gets you home!

What a fantastic feature; for a car thief or a burglar!. As soon as I saw this feature I was like, ahhhh NO! I’m not plugging my home address in this thing. If my vehicle was ever stolen, the thief would know where I lived and have the remote control to my garage too! And if you ever valet a car at a restaurant or function, the valet has a buddy who then goes to your home and burgles it! With your keys! So I plugged “Home” as the address where city hall is. Plus I never give my house keys to a valet.

Some of you reading this might be saying “The thief still has your address on your vehicle registration” Ahhhh, NO! Not mine. First, you’re supposed to carry your registration in your wallet and not leave it in the car. I learned this after the cop who I reported my stolen car told me this 20 years ago. And my registration is listed as a PO Box. I use a PO Box as a corresponding address for almost every transaction that allows it. I have a barrier between my home life and every thing else.

Remember, you have to think like a burglar to prevent a burglary.

Robert Siciliano personal security expert to Home Security Source discussing Tracking on the Tyra Banks Show

Robert Siciliano Identity Theft Expert

By now you’ve heard about a Web site called PleaseRobMe.com. This site is re-posting people’s messages, and uses a location-sharing technology to post where you are when you’re not at home. The sites motivation is to teach people they are putting themselves at risk.

I’m not a fan. There are better ways to teach and raise awareness.

I had a chance to appear on the CBS Early Show to discuss this site and its impact on personal security. Prior to doing the show I Tweeted, as I always do, to make my contacts aware of the show. What did I Tweet?

“I’m on the CBS Early Show at 7:40am discussing PleaseRobMe.com politely suggesting violence. My home is alarmed & my German Shep will bite you!” I figured it was appropriate due to the nature of the segment I was about to do.

Robbery is “Larceny using threats or violence”. Or as PleaseRobMe may say, please take from me and hurt me in the process. This isn’t tongue and cheek, it borders on “inciting violence.” And that day may come.

For years I’ve been barking about personal security as it relates to social media and the risks involved. I’ve written numerous times about how social media requires a risk vs. reward assessment. Plain and simple, putting all your life’s details in one place makes it easy for the bad guy to gather intelligence about you.

While I believe the site has the right intentions to bring awareness to the issue, and they’ve certainly made an impact, the site is irresponsible and unethical. It’s entirely inappropriate for them to shine a big bright light on people and say “Please Rob Me”. Because some whacko just may do it. Then what? Do the sites operators then say “I told you so” If they have a lawyer, he’s probably getting ready to buy a new home from all the money they will have to pay him.

Ending up featured on this site is the new “Scarlet Letter” of stupidity. Please, don’t be stupid.

Robert Siciliano personal security expert to Home Security Source discussing sharing too much in social media on the CBS Early Show

A webcam is certainly one way the bad guy can get intelligence about you. They can use it to spy on you. They can listen into everything you say all day. They know when you are home or not, whether or not you have an alarm, they watch you. But in my opinion, the real issue here isn’t the webcam, but the technology that allows for full remote control access to your network.

If you are a cave dwelling uni-bomber you may have missed the story about the family who is already involved in numerous civil judgments (litigious bugs me) suing their sons school for spying on him with the school issued laptop. Apparently, it’s not OK to spy on students who are issued a school laptop.

The school apparently installed laptop tracking software that is designed to find a stolen laptop. Laptop tracking is often IP and GPS based that provides location based detection when plugged into the Net. The trick to this particular laptop tracker was a peeping Tom technology called a RAT. AKA “Remote Access Trojans.”

RAT’s can capture every keystroke typed, take a snapshot of your screen and even take rolling video of your screen via a webcam. But what’s most damaging is full access to your files and if you use a password manager they have access to that as well.

RAT’s covertly monitor a PC generally without the user’s knowledge. RAT’s are a criminal hackers dream and are the key ingredient in spyware. Common RAT’s are the LANRev Trojan and “Backdoor Orifice”. This RAT allowed the school district full remote access to the student’s laptop, and at his home and in his bedroom. Creepola!.

Now the FBI is in the fray. According to the original complaint, the student was accused by his school’s assistant principal of “improper behavior in his home” and shown a photograph taken by his laptop as evidence. That kind of backdoor slap in the face for bad behavior certainly raises an eyebrow. For every action there is a reaction as they say.

Installing RAT’s can be done by full onsite access to the machine or opening an infected attachment, clicking links in a popup, installing a permissioned toolbar or any other software you think is clean. More ways include picking up a thumb-drive you find on the street or in a parking lot then plugging it in, and even buying off the shelf peripherals like a digital picture frame or extra hard drive that’s infected from the factory. The bad guys can also trick a person when playing a game as seen here in this YouTube video.

There are plenty of remote access programs that use legitimate back door technology that we consume every day. Examples include LogMeIn and GoToMyPC remote access. Your desktop has “remote desktop” which acts in a similar way. There are a dozen iPhone Apps that do the exact same thing.

Considerations:

An unprotected PC is the path of least resistance. Use anti-virus and anti-spyware. Run it automatically and often.

A PC not fully controlled by you is vulnerable. Use administrative access to lock down a PC preventing installation of anything.

Many people leave their PC on all day long. Consider shutting it down when not in use.

Unplug your webcam if you are freaked out by it. If it’s built into your laptop cover it up with tape. You may also be able to disable it on start-up and uninstall it and remove the drivers that make it work.

And invest in identity theft protection.

Protect your identity.

1. Get a credit freeze and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in anti-virus and keep it auto-updated and check out my spyware killer IDTheftSecurty HERE

3. With your iPhone get my book as an App or go to my website and get my FREE ebook on how to protect yourself from the bad guy.

4. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing Webcam Spying on The CW New York