laptop security

Ready to hack systems for sale

March 1st, 2013

An alleged Point-of-Sale cyber crime duo from California were confronted with criminal charges late last week in Boston, Massachusetts.

The US Justice Department (DoJ) reported that the pair, Shahin Abdollahi, 46, and Jeffrey Thomas Wilkinson, 35, were charged with one count of conspiracy to commit computer intrusion and wire fraud, and with one count of wire fraud.

The indictment alleges that they:

  • Hacked into at least 13 Subway Point-of-Sale (PoS) systems.
  • Fraudulently added at least $40,000 in value to Subway gift cards.
  • Used some of the hooky gift cards to make purchases at Subway.
  • Sold other fraudulent cards on eBay and Craigslist.

What makes this a bit different from the usual “alleged crooks steal ‘digital money’ from retailer through hacking” story is how the pair are said to have pulled off the cyber-break-and-enter part of the attack.

Abdollahi and Wilkinson, claims the DoJ, ran a number of Subway franchises in Southern California between 2005 and 2008.

During this time, it looks as though they didn’t just make lots of sandwiches. They also learned enough about Subway operations to come up with a plan to make money out of the franchise on two fronts at the same time.

So they quit the sandwich supply business and started a business calledPOS Doctor, selling and installing point-of-sale systems into the Subway ecosystem.

Yep! You guessed it!

The POS Doctor systems came with a handy additional feature, at no extra charge: a preconfigured remote-access toolkit that allowed the crooks to connect in after hours.

They regularly added fraudulent credit onto Subway gift cards in at least 13 Subway outlets around the USA.

As mentioned above, they then spent some of the gift cards at Subway branches in California (they must have developed a taste for the product during their time as franchisees), and sold others of them on eBay and Craigslist.

Amusingly, it looks as though the alleged crooks went to the trouble of registering their fraudulent cards online with Subway, using email addresses from domains they owned themselves.

This precaution gave them the chance to reclaim unused funds if any of their bogus cards were lost or stolen.

Of course, this “dishonour amongst thieves” also ensured that the DoJ has been able to rack up additional evidence connecting the alleged perpetrators with the claimed criminal activities.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

WhatsApp privacy practices under scrutiny

January 19th, 2013

One of the world’s most popular cross-platform applications “violates” international privacy laws, according to the Canadian and Dutch data protection authorities, because it requires users to provide their entire contact list to the service.

The Office of the Privacy Commissioner of Canada and the Dutch Data Protection Authority today announced their findings for what they called a “collaborative investigation into the handling of personal information” by the California-based company.

WhatsApp, an instant messenger application for iPhone, Android devices, and BlackBerry smart phones, provides a free service to rival text messaging, and sends more than 1 billion messages to users around the world every day.

In a statement, the agencies concluded that the application violated privacy laws in both the Netherlands and Canada because users had to provide access to all of their phone book contacts, including users and non-users of the application.

“The investigation revealed that users of WhatsApp — apart from iPhone users who have iOS 6 software — do not have a choice to use the app without granting access to their entire address book. The address book contains phone numbers of both users and non-users,” Jacob Johnstamm, chairman of the Dutch Data Protection Authority, said in a statement.

iPhone users running the iOS 6 mobile operating system are asked if they are willing to allow an application to access certain sensitive data on the device, such as location data, or in this case contact list data.

The two agencies explained that WhatsApp relies on a user’s phone number to populate the instant messenger’s contacts list. All the user’s phone numbers are transmitted to WhatsApp to “assist in the identification of other WhatsApp users.” But, rather than deleting the phone number of non-users, WhatsApp retains the numbers, albeit in an unreadable hash form.

This falls foul of both Canadian and Dutch privacy law, which states that personal data may only be retained for as long as it is required for the fulfillment of a certain service.

“Both users and non-users should have control over their personal data and users must be able to freely decide what contact details they wish to share with WhatsApp,” Johnstamm remarked.

“Our investigation has led to WhatsApp making and committing to make further changes in order to better protect users’ personal information,” Canadian Privacy Commissioner Jennifer Stoddart said in a statement.

While in breach of Dutch law, and though the Netherlands is a member of the European Union bloc of 27 member states, the mobile app is not thought to have breached wider European data protection law.

The Dutch authority will examine the California-based developer’s case in a “second phase” in which “further enforcement actions” may be enacted, including sanctions. While the Canadian authority does not have order-making powers, it will keep a close eye on the company.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

Internet, social media least trusted industries for privacy

January 15th, 2013

Internet and social media ranked at the bottom on a list of the most trusted industries for privacy, according to the Ponemon Institute.

Released yesterday, Ponemon’s “2012 Most Trusted Companies for Privacy” was compiled from a survey of U.S. adults asked to name the five companies they trust the most to protect the privacy of their personal information.

Based on more than 6,700 responses, the Top 20 list did not include several tech players that had been on it in past years.

Apple failed to make the list for the first time in four years. Google, Best Buy, Facebook, Yahoo, Dell, and AOL also were gone from the Top 20 after scoring good or decent grades in the past.

Those results aren’t surprising, as many of those polled expressed concern about certain technologies. A full 59 percent of the respondents said they feel their privacy rights are diminished or undermined by social media, smart mobile devices, and geotracking tools.

Almost half the people surveyed said they received one or more data breach notifications over the past two years. And 77 percent of those people said such notifications hurt their trust in the organization reporting the breach.

A majority of those polled said they’ve shared personal information with an organization they didn’t know or trust, with most admitting they did it for the convenience of online shopping. And only 35 percent feel they have control over their personal information, a percentage that has dropped steadily over the past seven years, the report said.

Identify theft was seen as the most significant threat to privacy, followed by government surveillance and data breaches.

And what do people expect from companies that use their personal information?

Security protection was named the most important feature. But a majority also said they don’t want their data shared without their consent and they want the ability to be forgotten.

On a more positive note, Hewlett-Packard took second place in the rankings, just behind American Express.

Amazon was third, followed by IBM in fourth. eBay grabbed ninth place, with Intuit rounding out the Top 10.

Among other technology providers, Microsoft and Mozilla joined the list for the first time, ranked 17 and 20, respectively. Verizon, AT&T, and WebMD also numbered among the Top 20.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta