Skip to content

Weekly News Roundup for May 6, 2010

by Neal O'Farrell on May 14th, 2010

Computer contractor gets five years for $2 Million credit union theft

In a stark reminder of the danger of dishonest insiders, a computer technician in Utah was just sentenced to five years in prison for stealing nearly $2 million from four credit unions he was working for. The case highlighted the risk every business and individual takes when you allow a third party access to your computer or your information.

In the Utah case, the technician was employed by a third-party contractor hired by the credit unions to provide computer and network support services. Which of course allowed him access to their most valuable assets – their data. He used that access to simply transfer money from the credit union accounts into his own account.

It’s bad enough that he managed to steal nearly $2 million from the credit unions, but he was able to steal large sums of money from their accounts, undetected, for two years.

According to an article on the theft in Network World, thefts, frauds and cybercrimes by insiders are the biggest threat for many organizations. Not only are the individuals able to use inside knowledge to carry out their crimes, they often have the knowledge needed to hide their tracks – for months, years, or possibly even forever.

Lessons learned?

  • Know where your money is at all times; monitoring credit data is a very good idea. It’s crazy that nobody was able to detect these unauthorized transactions for up to two years and sound the alarm.
  • If you’re going to let someone have access to your computer or network, even at home (1) make sure you check their backgrounds first – a criminal background check is very affordable; (2) only give them access to what they really need to work on; and (3) don’t be afraid to let the individual know that you’ll be watching, double-checking, and verifying everything they do. For extra security, change your password.

Computer contractor gets five years for $2M credit union theft

Fake anti-virus software now makes up 15% of malware according to Google

It’s probably safe to say that no-one knows the Internet better than Google. Which is why I paid attention to a report from Google about how a scan of nearly a quarter of a billion of their own web pages between January 2009 and February 2010 uncovered a very troubling trend.

Google found that 15% of the malicious software or malware hidden in these sites waiting to infect unsuspecting or protected surfers was in fact fake anti-virus software.

Fake anti-virus software is a scam that nets crooks hundreds of millions of dollars every year by infecting unprotected computers, generating pop-ups that warn users that the fake anti-virus software has detected a virus, and that for a modest fee – often the cost of real anti-virus software – the virus will be removed.

Of course the anti-virus software is no more real than the virus it supposedly detected. And to make matters worse, paying what’s essentially a ransom is no guarantee that the real infection on your computer – the fake anti-virus software – will simply go away.

And even the most secure sites are not immune. Only this week it was reported that the web site of the US Treasury had been hacked into and was actively serving up malicious software to visitors to that site.

Lessons learned?

  • There are millions of web sites that hide malicious malware ready to infect unsuspecting surfers. The best way to avoid being the next victim is to make sure you constantly update your operating system, browser, firewall, and anti-virus software. It can all be done automatically so there’s no excuse.
  • Consider using one of the many free browser security tools, like Finjan’s free SecureBrowsing tool that checks and verifies web sites for lurking malware infections before you click on the site.
  • A product like ID Vault can help make sure you don’t end up on web sites you didn’t intend to visit (like mistyping a url), and can also protect any information you send to legitimate sites, like your username and password.

Google: Fake antivirus is 15 percent of all malware

US Treasury Web Sites Hacked, Serving Malware

The Federal Trade Commission tries to romance your mom into avoiding identity theft

For some strange reason, the Federal Trade Commission (FTC) has chosen Mother’s Day to make mothers around the world more aware of the dangers of identity theft. Not sure why they’re picking on mothers but I suppose any improvement in awareness is a good thing.

But what struck me was the FTC’s risqué attempt at creativity. They decided to create an ecard for Mother’s Day – a link you can send to your mom who in turn can pick up an online ecard and listen to a pleasant elevator tune while getting a serious lecture on avoiding the perils of identity theft.

Now I applaud the FTC for looking at creative ways to make moms more security aware. But since the security community has been trying for years to teach users to avoid ecards from unusual sources (because they’re such an effective way to spread viruses, Trojans and other pests), I’m not sure the FTC really thought this one through.

Here’s the link to the ad – judge for yourself. And Happy Mother’s Day.

Facebook users still giving it all away

A study just released by Consumer Reports into the online behavior of Facebook users told us nothing that we didn’t already know, yet it’s still worth paying attention to.

The study of 2,000 households earlier this year exposed the risky habits of Facebook users that constantly expose themselves and their families to a whole host of creepy threats.

For example:

  • More than half of users surveyed admitted to posting a variety of information that is a goldmine for scammers, stalkers, and identity thieves. Information like date of birth, employer and home address.
  • 38% of users still post their entire birthday – month, day and year. What they don’t know is how valuable that small piece of information is to thieves trying to put together the key pieces required to clone a stranger’s identity.
  • 21% posted photos of their children.
  • 13% posted the names of their children.

So it looks like the security and privacy message is still not getting through to most Facebook users.

Lessons learned?

  • Talk about trivial things, like the weather, as much as you want. But before posting anything more serious, think first: what would an identity thief want?
  • Talk about your plans, like a vacation, after the event. That way it’s too late for anyone to take advantage of it. Besides, won’t your friends want to know how great your European road trip actually went, more than when you’re heading for the airport?
  • Get intimately acquainted with the Privacy Settings on Facebook because they can be your best friend. And once you become good friends, take full advantage of them.

Social network users found to endanger privacy (San Francisco Chronicle)

From → Uncategorized