Donating cell phone could put you at risk

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

When you give away an old cell phone, you may be hand­ing over a lot of per­son­al information—even if you think you’ve cleared your phone. “It is a trea­sure trove for iden­ti­ty theft,” said Antho­ny Ser­apiglia, assis­tant pro­fes­sor of com­put­ing and infor­ma­tion sys­tems at St. Vin­cent Col­lege. Ser­apiglia and his stu­dents exam­ined old cell phones to see if they could uncov­er any infor­ma­tion left behind. “We found a lot of text mes­sages, con­ver­sa­tions, per­son­al items, even Snapchat—things that you think are going to be gone,” Ser­apiglia said. One dam­aged iPhone was filled with ille­gal activ­i­ty. “It had text mes­sages of drug deals, pros­ti­tu­tion and gam­bling,” he said. Ser­apiglia also was able to extract data from anoth­er old cell phone that revealed pho­tos from the pre­vi­ous user. With a Google and Face­book search, Ser­apiglia was able to piece togeth­er the pre­vi­ous owner’s name, birth­day, address and wife’s name. Using soft­ware avail­able to any­one, Ser­apiglia and his stu­dents scanned phones pur­chased from Good­will. All the phones were sold in bulk online. Of the 80 phones they pur­chased, 47 had use­ful infor­ma­tion. Source: CBS News

North Korean hackers might have been behind $81 million bank heist

The U.S. is inves­ti­gat­ing whether the theft of $81 mil­lion from a Bangladesh cen­tral bank account at the New York Fed is linked to North Korea because of the sim­i­lar­i­ty of the hack of Sony Pic­tures Enter­tain­ment. Some cyber­se­cu­ri­ty experts con­clud­ed last year’s theft from the Bangladesh cen­tral bank’s account was done with some of the same hack­ing tools used in the 2014 attack on Sony Pic­tures. The Sony hack, linked to North Korea by the FBI, was fol­lowed that year by a black­out of North Korea’s inter­net that a U.S. law­mak­er said was retal­i­a­tion, with­out say­ing who was respon­si­ble for the out­age. Source: Crain’s

Senate votes down privacy protection rules; bill now goes to House

The Sen­ate vot­ed to repeal reg­u­la­tions requir­ing inter­net ser­vice providers to do more to pro­tect cus­tomers’ pri­va­cy than web­sites such as Google or Face­book. Accord­ing to the rules approved by the Fed­er­al Com­mu­ni­ca­tions Com­mis­sion in Octo­ber under then-Pres­i­dent Oba­ma, inter­net providers would need to obtain con­sumer con­sent before using pre­cise geolo­ca­tion, finan­cial infor­ma­tion, health infor­ma­tion, children’s infor­ma­tion and web brows­ing his­to­ry for adver­tis­ing and inter­nal mar­ket­ing. The vote was a vic­to­ry for inter­net providers such as AT&T, Com­cast and Ver­i­zon, which had strong­ly opposed the rules. The bill now goes to the House. Source: Reuters

Getting student loan aid just got a little more difficult

The IRS and the Depart­ment of Edu­ca­tion tem­porar­i­ly shut down the IRS’s Data Retrieval Tool, a ser­vice designed to make it eas­i­er to com­plete the Edu­ca­tion Department’s Free Appli­ca­tion for Fed­er­al Stu­dent Aid (FAFSA)—a lengthy form that serves as the start­ing point for stu­dents seek­ing fed­er­al finan­cial assis­tance to pay for col­lege or career school. It was a “pre­cau­tion­ary step fol­low­ing con­cerns that infor­ma­tion from the tool could poten­tial­ly be mis­used by iden­ti­ty thieves,” the IRS said. Source: Krebs on Security

Personal data stored on job seekers’ service 

America’s JobLink of Tope­ka, Kansas, has become the vic­tim of a hack­ing inci­dent from an out­side source in which the names, dates of birth and Social Secu­ri­ty num­bers of an unspec­i­fied num­ber of job-seek­ers in up to 10 states were accessed. The states include Alaba­ma, Ari­zona, Arkansas, Delaware, Ida­ho, Illi­nois, Kansas, Okla­homa, Ver­mont and Maine. America’s JobLink has patched the secu­ri­ty hole. New accounts cre­at­ed on or after March 16 were not affect­ed. Source: The Port­land (Maine) Press Herald

FBI looks into Russian election hack

The FBI is active­ly inves­ti­gat­ing Russia’s attempts to influ­ence the 2016 U.S. pres­i­den­tial elec­tion and pos­si­ble coop­er­a­tion from Pres­i­dent Trump’s cam­paign, agency direc­tor James Comey con­firmed. The exis­tence of an inves­ti­ga­tion isn’t a sur­prise, but Comey’s announce­ment is the first time the FBI has acknowl­edged an active case. The FBI typ­i­cal­ly does not com­ment on active inves­ti­ga­tions, but the Russ­ian actions tar­get­ing the U.S. elec­tion rep­re­sents an “unusu­al” case, he told mem­bers of the House of Rep­re­sen­ta­tives Intel­li­gence Com­mit­tee. Source: Com­put­er World

Google, Jigsaw step up to shield voting results

Google and sis­ter com­pa­ny Jig­saw are join­ing forces to defend elec­tion orga­niz­ers and civic groups against cyber attacks free of charge as the broad­er tech indus­try fights crit­i­cism that it is not doing enough to stop online efforts to dis­tort elec­tions. The free Pro­tect Your Elec­tion pack­age, a ser­vice to ward off web­site attacks, already has been offered to news orga­ni­za­tions for the past year under what is known as Project Shield. Source: Reuters

Packed electronic devices might put their security at risk

The U.S. gov­ern­ment intro­duced a device restric­tion on trav­el­ers fly­ing non­stop to the Unit­ed States from 10 air­ports in eight Mus­lim-major­i­ty coun­tries, and nine air­lines from those coun­tries. Pas­sen­gers must pack large elec­tron­ics (tablets, cam­eras and lap­tops) into checked lug­gage. That rais­es fears of some­one hav­ing phys­i­cal access to a device. Data can be cloned for lat­er exam­i­na­tion, or some­one can install spy­ware or hard­ware. Soft­ware can be installed for lat­er log­ging or remote con­trol; pro­tec­tions can be dis­abled or manip­u­lat­ed. Source: Elec­tron­ic Fron­tier Foundation

 Suspect accused of $100 million fraud scam against companies

The FBI arrest­ed a Lithuan­ian man accused of run­ning a scam in which he posed as a hard­ware com­pa­ny to defraud multi­na­tion­al inter­net com­pa­nies of over $100 mil­lion. Eval­das Rimasauskas is accused of oper­at­ing an elab­o­rate busi­ness email com­pro­mise scheme that defraud­ed two unnamed U.S.-based glob­al com­pa­nies. One firm is described as a multi­na­tion­al tech­nol­o­gy com­pa­ny and a sec­ond is a social-media and net­work­ing com­pa­ny. Source: CSO

Amazon puts protective AI company into shopping cart

Ama­zon has acquired arti­fi­cial intel­li­gence-based cyber­se­cu­ri­ty com­pa­ny Harvest.ai, which uses AI-based algo­rithms to iden­ti­fy the most impor­tant doc­u­ments and intel­lec­tu­al prop­er­ty of a busi­ness. It then com­bines user behav­ior ana­lyt­ics with data-loss pre­ven­tion tech­niques to pro­tect them from cyber attacks. Harvest.ai boasts for­mer mem­bers of the Nation­al Secu­ri­ty Agency, FBI and Depart­ment of Defense, as well as for­mer employ­ees of Web­sense and Fire­Eye. Source: Newsweek

Google maps addition could reveal more than you want

New fea­tures for Google Maps make it eas­i­er to share your loca­tion with con­tacts, which could spur pri­va­cy con­cerns. Peo­ple can let any­one know where they are by send­ing a text mes­sage with a link. The link can be opened by any­one, even if they don’t have the Maps app. Peo­ple can also share their loca­tion with­in the app to oth­ers who use Maps through a sim­ple copy and paste, whether or not the orig­i­nal user intend­ed their infor­ma­tion to be known. Source: ReCode