Protecting kids might not be a walk in the park

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

Par­ents in 22 states have the right to freeze their children’s cred­it to pre­vent iden­ti­ty theft. But in oth­er states, pro­tect­ing your child can be a real fight. Of the three cred­it bureaus, only Equifax allows par­ents from any state to set up a freeze for a minor. Equifax will cre­ate a cred­it file if one doesn’t already exist for a child, then sup­press it—the equiv­a­lent of the cred­it freeze that adults can request. Exper­ian lim­its freezes on minors’ cred­it reports to the states that express­ly require it and won’t freeze a file unless it finds that one already has been cre­at­ed. If a minor has a cred­it file, then his or her iden­ti­ty like­ly already has been stolen, since minors aren’t sup­posed to be giv­en cred­it. Tran­sUnion will cre­ate and sup­press a cred­it file for a minor if there’s evi­dence the child’s iden­ti­ty has been stolen, but the bureau dis­cour­ages par­ents from ask­ing for such freezes as a pre­cau­tion­ary mea­sure. Source: Bankrate

Stop the press releases!

sh_printing press_280Two defen­dants agreed to pay $30 mil­lion to set­tle Secu­ri­ties and Exchange Com­mis­sion civ­il insid­er trad­ing charges over a scheme to hack into net­works that dis­trib­ute cor­po­rate news releas­es, the reg­u­la­tor said. Jaspen Cap­i­tal Part­ners and CEO Andriy Supra­nonok, both from Kiev, Ukraine, are the first of 34 defen­dants to set­tle SEC charges over alle­ga­tions of the theft of more than 150,000 press releas­es from Busi­ness Wire, Mar­ketwired and PR Newswire before the news became pub­lic. The SEC said the scheme result­ed in more than $100 mil­lion in ille­gal prof­it in a five-year peri­od. Author­i­ties said traders would give hack­ers “shop­ping lists” of news releas­es they want­ed to see in advance, then make trades based on them. Source: Reuters via NBC News

Setting up a federal shield

Sen­ate Finance Com­mit­tee Chair­man Orrin Hatch, R-Utah, and rank­ing mem­ber Ron Wyden, D-Ore., said the pan­el will mark up an orig­i­nal bipar­ti­san bill to curb iden­ti­ty theft and tax refund fraud on Sept. 16. “Pro­tect­ing the pri­vate infor­ma­tion of tax­pay­ers at the Inter­nal Rev­enue Ser­vice should be of high­est impor­tance to the agency and Con­gress,” Hatch said. “Unfor­tu­nate­ly, as we learned this year, high­ly valu­able infor­ma­tion housed at the agency is sus­cep­ti­ble to cyber crim­i­nals. Since this threat will not end, Con­gress should take appro­pri­ate bipar­ti­san action to imple­ment need­ed leg­isla­tive poli­cies that will bet­ter pro­tect tax­pay­ers and shield tax­pay­er dol­lars from thieves.” Source: Policy.com

Book ’em: Hackers hit librarians’ site

sh_librarian_280Hack­ers took over the Amer­i­can Library Association’s Face­book page and post­ed an end­less stream of click­bait arti­cles and spam for three days. The librar­i­ans made the best of the sit­u­a­tion by post­ing jol­ly respons­es to the arti­cles, includ­ing call num­bers for var­i­ous books on eso­teric top­ics, such as one to accom­pa­ny a pic­ture of female sol­diers and the odd dif­fer­ences in style of dress in Dubai. Every­thing was returned to nor­mal on Mon­day. Source: Tech Crunch

Maybe not a charitable cause

A Flori­da pri­vate inves­ti­ga­tor was bust­ed for try­ing to hack into a New York City charity’s com­put­er net­work in an attempt to find out whether it was financ­ing Mid­dle East ter­ror­ist groups, accord­ing to court papers. Tim­o­thy Sed­lak was charged in Orlan­do fed­er­al court with com­put­er hack­ing. He made almost 400,000 attempts to hack into the charity’s net­work using a “brute force” pass­word-crack­ing tool that’s designed to launch a relent­less bar­rage of pos­si­ble pass­words at an account, pros­e­cu­tors said. When ques­tioned by Secret Ser­vice agents, Sed­lak said he “con­duct­ed research of char­i­ta­ble orga­ni­za­tions to try to deter­mine if such orga­ni­za­tions are unin­ten­tion­al­ly financ­ing jihadist groups by send­ing, to char­i­ta­ble orga­ni­za­tions in the Mid­dle East, funds which are then seized by jihadist groups,” his crim­i­nal com­plaint states. Source: The New York Post

Bit by Bitcoin

sh_Bitcoin_280A man accused of run­ning a Bit­coin exchange that laun­dered mon­ey for hack­ers and who has been linked to a cyber attack on JPMor­gan Chase in an FBI memo, is in plea dis­cus­sions with U.S. pros­e­cu­tors. Antho­ny Mur­gio was charged with a sec­ond man, Yuri Lebe­dev, with oper­at­ing an ille­gal Bit­coin exchange named Coin.mx. Mur­gio has been linked to a group in Rus­sia and Israel being inves­ti­gat­ed by the FBI for theft of cus­tomer data from JPMor­gan. Mur­gio and a col­lege fra­ter­ni­ty broth­er were linked to a hack last year of JPMor­gan, which com­pro­mised the per­son­al data of 83 mil­lion bank cus­tomers. Source: Bloomberg Busi­ness

Figuring the risks of a policy

Two cyber­se­cu­ri­ty risk providers will col­lab­o­rate with AIR World­wide, a cat­a­stro­phe risk-mod­el­ing soft­ware provider, to cre­ate an up-to-date cyber risk mod­el for insur­ers, AIR said. Risk Based Secu­ri­ty, which pro­vides infor­ma­tion secu­ri­ty solu­tions and Bit­Sight Tech­nolo­gies, which ana­lyzes and rates the secu­ri­ty lev­el of com­pa­ny data, will work with AIR to build the AIR Cyber Risk Mod­el, to assist the insur­ance indus­try in mit­i­gat­ing cyber attacks. “Cyber­se­cu­ri­ty is viewed as a top pri­or­i­ty for many com­pa­nies,” said Ira Scharf, gen­er­al man­ag­er of world­wide cyber insur­ance at Bit­Sight. “As more and more com­pa­nies pur­chase cyber insur­ance, insur­ers are becom­ing increas­ing­ly con­cerned with aggre­ga­tion risk. We’re col­lab­o­rat­ing with AIR to help them more accu­rate­ly account for cyber risk in the entire sup­ply chain, such as secu­ri­ty vul­ner­a­bil­i­ties on host­ing com­pa­nies, cloud providers, and oth­er third-par­ty sup­pli­ers.” Source: Busi­ness Insur­ance

Easy to use, but easy to hack?

sh_toll booths_280Uni­ver­sal elec­tron­ic tolling on the Mass­a­chu­setts Turn­pike is due by the end of next year in an effort to elim­i­nate the state’s cost­ly toll tak­ers and let dri­vers whiz through with­out stop­ping. The move could force tens of thou­sands of dri­vers to switch to E-ZPass­es. But experts say the elec­tron­ic transpon­ders are sus­cep­ti­ble to hack­ing and already have trig­gered con­cerns in New York. “They’re not using encryp­tion, so unbe­knownst to most E-ZPass users, the tag can be read from almost any­where,” cyber­se­cu­ri­ty expert Gary Milief­sky said, adding that crooks could trav­el on your dime. “Hack­ers could eas­i­ly read your num­ber from your car and make their own pass using your account num­ber.” Mean­while, in New York, city and state offi­cials have been track­ing E-ZPass users all over the city—even in loca­tions that were nowhere near a toll—according to a recent report by the New York Civ­il Lib­er­ties Union. Source: Boston Her­ald

From the toolbox

ABA Insur­ance Ser­vices launched a new cyber insur­ance prod­uct for banks that are insured through ABAIS to help them pre­vent, pre­pare for, and respond to data secu­ri­ty inci­dents. BakerHostetler’s pri­va­cy and data pro­tec­tion team will pro­vide legal ser­vices for insured com­pa­nies. ABAIS’s clients will have 24-hour access to BakerHostetler’s team of inci­dent-response attor­neys through an 800 num­ber. Banks that expe­ri­ence an actu­al or sus­pect­ed data secu­ri­ty inci­dent will get a free one-hour con­sul­ta­tive post-breach call and pre­ferred rates for addi­tion­al post-breach data pri­va­cy ser­vices. Source: Insur­ance Jour­nal

Keep on truckin’

sh_trucks_280The U.S. trans­porta­tion indus­try is in the crosshairs of the cyber-crime trend, espe­cial­ly truck­ing, as many car­ri­ers con­tin­ue to rely on a “patch­work” of dif­fer­ent infor­ma­tion tech­nol­o­gy sys­tems to con­duct busi­ness elec­tron­i­cal­ly, not­ed Matt For­oughi, vice pres­i­dent of infor­ma­tion secu­ri­ty for the Descartes Sys­tems Group. “Truck­ing com­pa­nies … may have many dif­fer­ent lega­cy sys­tems spread across a wide geog­ra­phy. Patch­ing and stay­ing up to date is essen­tial.” The val­ue of data and the need to offer greater pro­tec­tion for it also is going to dri­ve the cost of cyber-spe­cif­ic insur­ance poli­cies high­er, not­ed Allianz Glob­al Cor­po­rate Spe­cial­ty Insur­ance in its report, A Guide to Cyber Risk: Man­ag­ing The Impact of Increas­ing Inter­con­nec­tiv­i­ty. The com­pa­ny not­ed that increas­ing aware­ness of cyber expo­sures, as well as reg­u­la­to­ry change, will pro­pel the future rapid growth of cyber insur­ance, with the pre­mi­ums for cyber insur­ance pro­ject­ed to grow glob­al­ly from $2 bil­lion per year today to more than $20 bil­lion in the next decade—a com­pound annu­al growth rate of more than 20 per­cent. Source: Fleet Own­er

More than a few good men

The Pen­ta­gon plans to com­plete the estab­lish­ment of a new Cyber Mis­sion Force made up of 133 teams of more than 6,000 “cyber oper­a­tors” by 2018, and it’s already near­ly halfway there, the Fed­er­a­tion of Amer­i­can Sci­en­tists report­ed. “The Pen­ta­gon intends to spend $1.878 bil­lion to pay for the Cyber Mis­sions Force con­sist­ing of approx­i­mate­ly 6,100 indi­vid­u­als in the four mil­i­tary ser­vices,” a Pen­ta­gon state­ment said. FAS not­ed that “today, the Pen­ta­gon has 3,100 per­son­nel assigned to 58 of the 133 teams,” near­ly 50 per­cent of the intend­ed capac­i­ty. The Depart­ment of Defense has three pri­ma­ry mis­sions in cyber space: defend­ing the Pentagon’s infor­ma­tion net­works to pro­tect its mis­sions; defend­ing the U.S. against cyber attacks; and pro­vid­ing full-spec­trum cyber options to sup­port con­tin­gency plans and mil­i­tary oper­a­tions, Assis­tant Sec­re­tary of Defense, Eric Rosen­bach is report­ed to have said. Source: Mid­dle East Mon­i­tor