Showing posts with label hacking. Show all posts
Showing posts with label hacking. Show all posts

Wednesday, March 13, 2013

Michelle Obama among other celebrities with hacked financial info

FBI is currently investigating a Russian website (see below) containing names, social security numbers, dates of birth, and credit reports of the first lady, Michelle Obama, and other celebrities and politicians.

The list includes: Kim Kardashian, Joe Biden, Robert Mueller (FBI Director), Hillary Clinton, Eric Holder (U.S. Attorney General), Charlie Beck (LAPD Chief), Mel Gibson, Ashton Kutcher, Jay Z, Beyonce, Paris Hilton, Britney Spears, Sarah Palin, Hulk Hogan, Donald Trump, Arnold Schwarzenegger, Al Gore, Kanye West, Kris Jenner, Stacia Hylton (U.S. Marshals Service Director), Mitt Romney, Tiger Woods.
Huffingtonpost reports more details about how the hackers accessed the information:
UPDATE 4:19 p.m. -- Equifax, one of the three credit reporting agencies, said Tuesday that hackers who allegedly posted sensitive data belonging to 17 celebrities and political figures obtained some of that information from a website that allows consumers to access their credit reports.
The hackers entered enough personal identifying information, or PII, on four of the alleged hacking victims to log-in as them on the site annualcreditreport.com and obtain their credit reports, which contain sensitive financial data and Social Security numbers, according to Timothy Klein, a spokesman for Equifax.
It's interesting that thousands of people have their information stolen every year without much attention from the media and the government.  The credit monitoring business seems to be the latest scam to make the people feel better about protecting their information.  Let's be honest: no level of security can protect your personal or financial information.  There is always a human factor and every information has its price.

Besides the lack of the true security protecting our data, reliance on the social security number to tie in all the information is the one of the worst ideas ever.  First of all, SSN wasn't designed to be a secure identifier for all Americans, it was intended for the social security checks when people retired.  Then, IRS jumped on the wagon, state agencies, credit card companies, background checks, insurance companies, and rest of the commercial world looking for an easy way to identify customers.

Second of all, how can we protect the personal information in the digital age?  We just can't.  Hacking, phishing, social networks - it's all design to expose as much data as possible.  Can biometrics help in protecting our information?  Perhaps, using such technology will help but again, there is a human factor.  What prevents some crook from establishing a fake credit check agency and have access to all the information anyway?  Remember Global Payments and the hacking scandal that exposed 1.5 million credit and debit card numbers?  I will not even mention hundreds of other incidents.

Bottom line: if it's so easy to hack the First Lady and the Vice President, where do we go from here?  Putting pressure on the government and the companies to design a better security scheme would be a way to go.  For now, you can freeze your credit with all three major credit companies for a small fee to protect the release of your data.  Switching to one credit card and cash is another idea.  Keeping your passwords stronger is a must.  Above all, stay smart with whom you trust when providing your personal data.

Wednesday, October 24, 2012

Chicagoland Barnes & Nobles among hacked stores

Major Chicago newspapers, Chicago Tribune and Sun-Times, report the latest hacking scandal, this time at the popular bookstore chain, Barnes & Noble. Read about it here.
Barnes & Noble Inc. said Tuesday that devices used by customers to swipe credit and debit cards have been tampered with in 63 of its stores in nine states, including seven in Chicago and the surrounding area.
Photo by tnimalan at sxc.hu
Card swipers were outfitted to steal the credit and debit card numbers with pin combinations.  Obvious question is, who and how installed those devices?  You cannot trust your own employees these days?  Why do I care so much?  Because, I've purchased books and magazines in of those stores on several occasions!

But more pressing question is: why it took Barnes & Noble 5 weeks to release that information to the public?   They disconnected the swipers on September 14th, but knew about even earlier.  So much for letting loyal customers double check their statements and switch their cards in a timely manner.

Is convenience trumping the awareness and danger of the cashless society?  Not likely.  The crooks are just getting better at their game.  With a wide access to the latest online technology and sophisticated electronics, scamming people became an easy income source.
 Remember the Subway stores hacking scandal?  Fortunately, the black hats were caught.  Ars Technica reports about the investigation:
Two Romanian men have admitted to participating in an international conspiracy that hacked into credit-card payment terminals at more than 150 Subway restaurant franchises and stole data for more than 146,000 accounts. The heist, which spanned the years 2009 to 2011, racked up more than $10 million in losses, federal prosecutors said.
What can you do to protect your online activities and your credit/debit car info?
The big 4 include:
  • Use stronger online passwords. Use my tips here.
  • Use credit cards instead of debit cards whenever possible.  By law, you are only responsible for $50 or fraudulent purchases. 
  • Replace your debit card if you think it was compromised.  I was able to replace my debit card in one of the Chicagoland Chase bank branches the same day the news broke out.  It took literally 5 minutes to print the card and setup new PIN.  On Chase website, look for a branch that "Offers Instant Debit Card Replacement".
  • Use Radio-frequency identification (RFID) shield to protect your credit cards with RFID chips and the new RFID passports.  Even the simple credit card shield sleeve will protect you from the electronic pickpocket.  
Black Friday and Cyber Monday are coming up, following by the Kwanzaa-Hanukkah-Christmas shopping spree.  Stay aware you laptop Jedi knights with your plastic swords.  We don't want Luke to overcharge his father.

Thursday, June 14, 2012

Stronger online passwords? A must.

Recently, it seems like every week some new website or company is being hacked.  With the abundance of web connected laptops, tablets, e-readers, and smartphones, the Internet and social networks are accessible 24/7/365 to most users.  

In the 4th quarter of 2011, Americans spent 38.6 hours online.  That's a work week!  But Canadians beat U.S. into shame with 45.3 hours in the same quarter.  What's that all aeboot!

With all that net presence, it's becoming more and more burdensome to remember all the passwords to secure access to web services.  Feeble, duplicate, obvious, and stupid passwords are the weakest link in online security.  LinkedIn is a perfect example: six million passwords were hacked and exposed last week forcing users to change their passwords.  Other sites like eHarmony and Last.fm shared the same fate.  

So what can one do to protect web accounts?

Avoid weak passwords.
1. password
2. 123456
3. 12345678
4. qwerty
5. abc123
6. monkey
7. 1234567
8. letmein
9. trustno1
10. dragon
11. baseball
12. 111111
13. iloveyou
14. master
15. sunshine
16. ashley
17. bailey
18. passw0rd
19. shadow
20. 123123
21. 654321
22. superman
23. qazwsx
24. michael
25. football
Avoid reusing passwords on multiple websites.
It sounds easy: you think of one amazing (in your mind) password and you use it on every website.  In reality, if someone hacks your email account and tries the same password on your bank site or social site, chances are they will succeed.  It's a pain in gluteus maximus but the reward is your security.

Keep your password private.
Obvious but surprisingly common.  Do you know how many people I've seen having password taped to the back of their laptop?  Too many. 

Use mnemonics to create strong passwords.
One lesson one can learn from Johnny Mnemonic movie, is that people have trouble remembering things.  With millions of interesting websites, who can remember all unique passwords?  Well, Johnny can, but he had a hard drive implanted in his head. 

You can use password managers built into web browsers or change a number at the end of your main password, but those are questionable ways of securing your access.

My favorite way for strong passwords is an abbreviation of a unique sentence.
Let's say you owned an orange 1969 Chevy Camaro in your twenties.  You loved that car.  Especially on Saturday nights.  What a sweet time!  Right?

So come up with your sentence: I loved my orange 1969 Chevy Camaro 
Now, abbreviate first letters mixing upper and lower case: ILmo1969CC
For more security, add special characters: My hot wife was right on the money!
Now, abbreviate: MHwwRot$!
You get the idea.
This simple way allows you to cherish your memories and have secure passwords.

Use longer passwords.
The longer the password, the harder it is for a hacker to crack it.  So use 8 or more characters, mixed with numbers, upper and lower case letters, and special characters. 

Delete emails asking for your credentials.
Legitimate websites will never ask for your credentials in the form of an email.  Or any form.  They will simply reset your password if needed.  So delete all emails asking for an account update or password, even if they appear legit.  To confirm, you can always call the customer service or the help desk to check if the company or site sent that email.

I invite you to comment and add your ideas to secure your online access.