With the shutdown of McColo by Internet Service Providers in November, global spam volumes dropped over 50 percent. Sadly, this appears to have been a short-term fix. According to a new Symantec report, the spammers have moved to new locations and the volumes are back up to 80 percent of pre-McColo levels.
While spam originates from a lot of places, the United States is still in the number one spot, with 27 percent of the spam observed originating from there. China and Brazil tied for second place with 7 percent of spam originating from these countries.
The report indicates that URLs in Canadian Pharmacy spam messages were noted as being top-level Chinese domains (.cn TLD). Could this mean that Chinese knock-off (counterfeit) prescriptions are trying to make it appear as if they are coming from Canada? Given the recent concerns of tainted and poisonous merchandise being exported from China, this might be a concern. Of course, I would think that buying prescription meds over the Internet should be a concern to most people, anyway.
In another variation of recently observed spam, a user is invited to join a social networking site. The link goes to a real group, which was created on the social networking site by the spammer. The group then links to a free blogging site, which redirects the victim to the ultimate destination URL. At the destination URL, personal information is requested, which is probably used to sell to marketing companies or used in other spam campaigns. Please note, although not mentioned in the report, that some of these campaigns might have malicious intent or be scams.
Also noted during the holiday season was a lot of e-Card spam. This spam sometimes comes with malware (malicious software) designed to steal personal and financial information or turn your machine in to a spam spewing zombie computer using your credentials.
A partcularly deceptive spam delivery method noted recently is spammers inserting their messages into legitimate newsletters. This method seems to get past spam filters pretty effectively. If the recipient clicks on the message, they are taken to a spammer site. Here again, it might be a site selling junk, but also could be a site with more malicious intent.
Another spam trend in vogue these days is to use the recession as a social engineering lure designed to get people to click on a spam link. Messages are being sent out in the millions touting easy bail-out money to be had and an assortment of the normal get-rich- quick schemes. If it's too good to be true and doesn't make sense, it's normally a scam, and I suspect that most of this type of spam is one.
Last but not least, the spammers are still using President-elect Barack Obama's name to market coin offers, a "Barackumentary DVD" and a free Visa card for helping the Obama clan pick their dog.
Shutting down McColo by reaching out to the ISPs — which was done largely through the work of Brian Krebs at Security Fix (Washington Post) -- showed that a significant impact can be made on spam when ISPs are held accountable. Given that Brian is one person and a journalist, this was an admirable piece of work. The fact that spam is approaching pre-McColo levels tells us that there are more ISPs that need to be held accountable. Maybe in the end, government and international agencies need to follow Brian's example and and make an impact on spam levels that will last a little longer.
Spam is a dangerous pain for everyone who uses e-mail. Most scams, questionable goods and services and cyber-attacks using malicious software start with a spam e-mail. Shutting down the spam operators can only make everyone's experience on the Internet a little more safe and sane.
Showing posts with label cybercime. Show all posts
Showing posts with label cybercime. Show all posts
Friday, January 09, 2009
Sunday, December 21, 2008
Who Hacked the Halls of Congress?
Came across an interesting story about the halls of Congress being hacked in October 2006. Although no one knows or is saying, some speculate that the attack can be traced to the Chinese, who seem to get accused of hacking into a lot of government systems (worldwide). Of course, the Chinese officially deny these allegations.
Shane Harris of the National Journal reported the attack was initially discovered in one office, but cyber-investigators eventually traced it to eight members' offices, where one or more computers were infected. Besides this, seven committee offices, including the Commission on China, Ways and Means and the International Relations Committee were identified as having compromised computers in them. The International Relations Committee (now the Foreign Affairs Committee) had 25 infected computers and an infected server found in it.
The virus discovered was a trojan designed to allow malware (malicious software) to invade government machines and steal information. The investigation revealed that the trojan was probably downloaded by an employee, who clicked on a link in a spam e-mail. This method of dropping a virus on a computer is usually referred to as Phishing.
Phishing attacks are normally designed to steal personal and financial information, which is later used to commit financial crimes and identity theft. While most phishing attacks (from a historical perspective) have been financially motivated, we are now seeing more person/position-targeted attacks. This type of phishing is referred to as spear phishing or whaling. In April, there were reports of spear phishing attacks against corporate executives all over the country.
The unidentified hackers used a wide-array of attack methods and the malware was downloaded from random Internet addresses. It's suspected they were using other infected machines to launch the attacks, which makes the activity even harder to trace. In this latest instance, it makes sense; the intent was to steal confidential and sensitive information.
The article points out that there is a lot of evidence that the Chinese have "penetrated deeply" into both government and corporate systems.
Just hours before the Olympics, Joel Brenner, the top U.S. counterintelligence official, warned Americans to leave their smart phones and other wireless computer devices at home. He told CBS News that the public security services in China can turn on a cell phone and activate its microphone when the owner thinks it's off. In July, Senator Sam Brownback also warned that China was planning to mount a massive espionage operation on guests staying at major hotels during the Olympics.
Last year there was speculation in the press that Commerce Secretary Carlos Gutierrez's laptop was hacked during a visit to China and the information was used to hack into government computers. Even scarier, rumors abound that Chinese hackers have already attacked power grids and that they are developing a cyber-warfare capability.
The article's conclusion points to a just released Report of the CSIS Commission on Cybersecurity for the 44th Presidency. The study recommends that President Elect Obama establish a Cyber-Security Directorate in the NSC, who would direct a National Office for Cyberspace.
As a mere observer of all of this, I think President Elect Obama needs to take this report seriously. We need to remember (especially while a financial crisis is going on) that besides being a threat to National security, hacking also threatens our financial stability. Although this post points to the Chinese, they certainly aren't the only players in the International hacking game, and the problem it presents isn't going away. Sadly, some believe the problem is getting worse.
There is little doubt that change is needed in the way we address this problem and hopefully this is what will occur.
Shane Harris of the National Journal reported the attack was initially discovered in one office, but cyber-investigators eventually traced it to eight members' offices, where one or more computers were infected. Besides this, seven committee offices, including the Commission on China, Ways and Means and the International Relations Committee were identified as having compromised computers in them. The International Relations Committee (now the Foreign Affairs Committee) had 25 infected computers and an infected server found in it.
The virus discovered was a trojan designed to allow malware (malicious software) to invade government machines and steal information. The investigation revealed that the trojan was probably downloaded by an employee, who clicked on a link in a spam e-mail. This method of dropping a virus on a computer is usually referred to as Phishing.
Phishing attacks are normally designed to steal personal and financial information, which is later used to commit financial crimes and identity theft. While most phishing attacks (from a historical perspective) have been financially motivated, we are now seeing more person/position-targeted attacks. This type of phishing is referred to as spear phishing or whaling. In April, there were reports of spear phishing attacks against corporate executives all over the country.
The unidentified hackers used a wide-array of attack methods and the malware was downloaded from random Internet addresses. It's suspected they were using other infected machines to launch the attacks, which makes the activity even harder to trace. In this latest instance, it makes sense; the intent was to steal confidential and sensitive information.
The article points out that there is a lot of evidence that the Chinese have "penetrated deeply" into both government and corporate systems.
Just hours before the Olympics, Joel Brenner, the top U.S. counterintelligence official, warned Americans to leave their smart phones and other wireless computer devices at home. He told CBS News that the public security services in China can turn on a cell phone and activate its microphone when the owner thinks it's off. In July, Senator Sam Brownback also warned that China was planning to mount a massive espionage operation on guests staying at major hotels during the Olympics.
Last year there was speculation in the press that Commerce Secretary Carlos Gutierrez's laptop was hacked during a visit to China and the information was used to hack into government computers. Even scarier, rumors abound that Chinese hackers have already attacked power grids and that they are developing a cyber-warfare capability.
The article's conclusion points to a just released Report of the CSIS Commission on Cybersecurity for the 44th Presidency. The study recommends that President Elect Obama establish a Cyber-Security Directorate in the NSC, who would direct a National Office for Cyberspace.
As a mere observer of all of this, I think President Elect Obama needs to take this report seriously. We need to remember (especially while a financial crisis is going on) that besides being a threat to National security, hacking also threatens our financial stability. Although this post points to the Chinese, they certainly aren't the only players in the International hacking game, and the problem it presents isn't going away. Sadly, some believe the problem is getting worse.
There is little doubt that change is needed in the way we address this problem and hopefully this is what will occur.
Saturday, December 06, 2008
Is the CheckFree Hack a New Information Theft Trend?
It was revealed earlier in the week that hackers had taken command and control of a free e-bill Web site called CheckFree.com. CheckFree offers their customers the ability to collect all their bills and pay them with a few clicks of a mouse.
CheckFree is one the larger companies in e-payment business and serves about 24.7 million customers. Given this, there is little doubt they have a large amount of personal and financial data passing through their site.
The hacking method appeared to be a little less than sophisticated. Someone stole the username and password to the site and put in changes that directed users to a page that installs malware on the user's machine. This was done by changing the address in CheckFree.com's domain name system (DNS) to redirect visitors to an Internet address in the Ukraine. Although CheckFree is still analyzing the malware, Brian Krebs at the Washington Post was able to quote Trend Micro as saying the malware was designed to steal user credentials.
The registrar, Network Solutions, was quick to claim there had been no breach of their system. At this point in the game — since no one knows or is saying -- my guess is that this statement probably means there was one that they don't know of at this time. Network Solutions did warn their customers about a phishing attack on their customers about a month ago. This has led to speculation that the credentials were stolen by information-stealing malware, or by social engineering (someone being tricked into giving them up).
The Washington Post story also mentions that U.S. Bank might have been affected by this attack, but isn't commenting. In a subsequent post in Security Fix (Washington Post), Brian Krebs noted that Internet security firm known as Internet Identity reported that 71 other domains were pointed at the Ukrainian domain in question during the attack.
Thus far, about 5,000 victims have been identified. As in the past, instances where identities were compromised are being offered free identity theft protection for their unfortunate circumstance.
I decided to look at the CheckFree site itself. The reason I did this is because whenever I see the word "free," especially in cyberspace, I've learned to be wary.
According to CheckFree.com, everything is free on their site except for fees charged for the use of credit cards and emergency (rush payments). On the site, they publish in bold phrases like "one easy," "secure location," "no charge," and "100% guarantee."
They even run an ad for FreeCreditReport.com on the main page of their site. Although I have to admit that the guitar dude FreeCreditReport.com uses on their ad is pleasing to the eye, the catch is that you automatically sign up for a service that charges you $14.95 a month. You can get around this by cancelling within the first seven days. If you read the fine print disclaimer on FreeCreditReport.com, it says, "ConsumerInfo.com, Inc. and FreeCreditReport.com are not affiliated with the annual free credit report program. Under a new Federal law, you have the right to receive a free copy of your credit report once every 12 months from each of the three nationwide consumer reporting companies. To request your free annual report under that law, you must go to http://www.annualcreditreport.com/." Most experts agree that a person can do the same thing these services offer for free and that most of them do not protect from all forms of identity theft.
I got a little off-track with the FreeCreditReport.com ad, but it amazes me how few people read the small print on guarantees. Because of this, I decided to check out some of the small print on the CheckFree site.
So far as the fraud guarantee — if you read the disclaimer — you have to notify them within two days of the transactions to limit your liability to $50.00. It's pretty unlikely that anyone falling for a fraud on a financial transaction is going to figure it out in two days.
It also guarantees payments will make it on time, as long as you send them within the time period specified in the service agreement. In looking at the service agreement, this is two days before the bill is due. Of course, they do offer rush payments for a fee.
So far as "secure location" statement, if hackers were able to get the admin username and password to their site, this assertion is, at the very best, questionable.
In a second post about this story in Security Fix (Washington Post), it brings up evidence that registrars have been identified by the cyber-criminal community as lucrative targets. This assertion is backed up by recent security studies on the security of domain registrars. This makes sense because some of these sites like CheckFree are a window to hundreds of financial institutions, protected by a single username and password.
I'm surprised no one has raised the question of whether or not the financial information — which presumably has to be stored for record keeping purposes — might have been compromised.
In my limited experience with domain registrars, I've run into some frustrating experiences when trying to report sites (sometimes laden with malware) that were set up for no other reason than to steal personal and financial information. I've found that if you want to get a quick response with some of them, you need to be persistent to the point of being a pest. Given that most fake sites are designed to only stay in operation for a short period of time before they move on, it's like playing a game of whack-a-mole. Because of these experiences, I'm not confident they will be quick to react to this new security challenge. Let's hope I'm wrong.
In the world where outsourcing and contracting have become the norm, it isn't surprising that financial institutions are using third-party platforms to perform financial transactions. Every time information is given to a third party, it makes protecting it more difficult. The reason for this is different standards for protecting information (especially when international borders are crossed) and the fact that back door access is being given to more and more people. In the end, it is human beings who come up with the schemes to steal, not computers.
Whether or not this becomes a trend or not probably depends on how financially lucrative this method of attack becomes for the hackers who did the dirty deed. Of course, if we learn from it and take immediate action, perhaps we can limit some of the damage that could occur. I guess time will be the best judge of that.
CheckFree is one the larger companies in e-payment business and serves about 24.7 million customers. Given this, there is little doubt they have a large amount of personal and financial data passing through their site.
The hacking method appeared to be a little less than sophisticated. Someone stole the username and password to the site and put in changes that directed users to a page that installs malware on the user's machine. This was done by changing the address in CheckFree.com's domain name system (DNS) to redirect visitors to an Internet address in the Ukraine. Although CheckFree is still analyzing the malware, Brian Krebs at the Washington Post was able to quote Trend Micro as saying the malware was designed to steal user credentials.
The registrar, Network Solutions, was quick to claim there had been no breach of their system. At this point in the game — since no one knows or is saying -- my guess is that this statement probably means there was one that they don't know of at this time. Network Solutions did warn their customers about a phishing attack on their customers about a month ago. This has led to speculation that the credentials were stolen by information-stealing malware, or by social engineering (someone being tricked into giving them up).
The Washington Post story also mentions that U.S. Bank might have been affected by this attack, but isn't commenting. In a subsequent post in Security Fix (Washington Post), Brian Krebs noted that Internet security firm known as Internet Identity reported that 71 other domains were pointed at the Ukrainian domain in question during the attack.
Thus far, about 5,000 victims have been identified. As in the past, instances where identities were compromised are being offered free identity theft protection for their unfortunate circumstance.
I decided to look at the CheckFree site itself. The reason I did this is because whenever I see the word "free," especially in cyberspace, I've learned to be wary.
According to CheckFree.com, everything is free on their site except for fees charged for the use of credit cards and emergency (rush payments). On the site, they publish in bold phrases like "one easy," "secure location," "no charge," and "100% guarantee."
They even run an ad for FreeCreditReport.com on the main page of their site. Although I have to admit that the guitar dude FreeCreditReport.com uses on their ad is pleasing to the eye, the catch is that you automatically sign up for a service that charges you $14.95 a month. You can get around this by cancelling within the first seven days. If you read the fine print disclaimer on FreeCreditReport.com, it says, "ConsumerInfo.com, Inc. and FreeCreditReport.com are not affiliated with the annual free credit report program. Under a new Federal law, you have the right to receive a free copy of your credit report once every 12 months from each of the three nationwide consumer reporting companies. To request your free annual report under that law, you must go to http://www.annualcreditreport.com/." Most experts agree that a person can do the same thing these services offer for free and that most of them do not protect from all forms of identity theft.
I got a little off-track with the FreeCreditReport.com ad, but it amazes me how few people read the small print on guarantees. Because of this, I decided to check out some of the small print on the CheckFree site.
So far as the fraud guarantee — if you read the disclaimer — you have to notify them within two days of the transactions to limit your liability to $50.00. It's pretty unlikely that anyone falling for a fraud on a financial transaction is going to figure it out in two days.
It also guarantees payments will make it on time, as long as you send them within the time period specified in the service agreement. In looking at the service agreement, this is two days before the bill is due. Of course, they do offer rush payments for a fee.
So far as "secure location" statement, if hackers were able to get the admin username and password to their site, this assertion is, at the very best, questionable.
In a second post about this story in Security Fix (Washington Post), it brings up evidence that registrars have been identified by the cyber-criminal community as lucrative targets. This assertion is backed up by recent security studies on the security of domain registrars. This makes sense because some of these sites like CheckFree are a window to hundreds of financial institutions, protected by a single username and password.
I'm surprised no one has raised the question of whether or not the financial information — which presumably has to be stored for record keeping purposes — might have been compromised.
In my limited experience with domain registrars, I've run into some frustrating experiences when trying to report sites (sometimes laden with malware) that were set up for no other reason than to steal personal and financial information. I've found that if you want to get a quick response with some of them, you need to be persistent to the point of being a pest. Given that most fake sites are designed to only stay in operation for a short period of time before they move on, it's like playing a game of whack-a-mole. Because of these experiences, I'm not confident they will be quick to react to this new security challenge. Let's hope I'm wrong.
In the world where outsourcing and contracting have become the norm, it isn't surprising that financial institutions are using third-party platforms to perform financial transactions. Every time information is given to a third party, it makes protecting it more difficult. The reason for this is different standards for protecting information (especially when international borders are crossed) and the fact that back door access is being given to more and more people. In the end, it is human beings who come up with the schemes to steal, not computers.
Whether or not this becomes a trend or not probably depends on how financially lucrative this method of attack becomes for the hackers who did the dirty deed. Of course, if we learn from it and take immediate action, perhaps we can limit some of the damage that could occur. I guess time will be the best judge of that.
Wednesday, April 02, 2008
NATO Summit and EU Conference address the global reaches of illict cyber activity
On the Internet -- crime, espionage and some say, terrorism can cross a border with the click of a mouse. Because of this, it probably shouldn't be surprising that this is a hot topic at the NATO summit, as well as, a seperate conference conducted by the EU.
The AP is reporting:
Last year, there was the much written about attack on the government of Estonia, also.
The EU conference will also address more financially motivated criminal activity on the Internet, also.
The AP article quotes a German University Professor, Marco Gercke, who specializes in computer law as saying:
A little more teamwork and forward thinking might go a long way towards solving the problem. Of course, taking some of the players out from the opposition (bad guys) would go a long way, also!
To close this brief post, I would like to point to matters a little closer at home. An American computer law expert recently wrote a forward thinking article on the Hannaford data breach, where hackers stole 4.2 million payment (credit/debit) card numbers and the recent settlement between TJX and the FTC.
In his well thought out article, Ben Wright of SANS writes:
To me, this means that instead of spending all our resources on inadequate security and filing litigation against the "unlucky targets" of organized cyber crime, we need to start addressing the root of the problem. I'll give anyone reading this one guess, who that might be?
The AP is reporting:
At a two-day conference starting Tuesday in Strasbourg, France, the Council of Europe will to review implementation of the international Convention on Cybercrime and discuss ways to improve international cooperation.Cyber defense is increasingly becoming a concern. For instance, there is increasing evidence that the Chinese have been hacking into other government's systems and have a cyber war doctrine being developed.
Cyber defense also will be on the agenda when heads of state from NATO's 26 member nations gather in Bucharest Wednesday for three days. The leaders are expected to debate new guidelines for coordinating cyber defense.
Last year, there was the much written about attack on the government of Estonia, also.
The EU conference will also address more financially motivated criminal activity on the Internet, also.
The AP article quotes a German University Professor, Marco Gercke, who specializes in computer law as saying:
Compared to regular terror attacks, it is much easier for the offenders to hide their identity. There are at least 10 unique challenges that make it very difficult to fight computer-related crime," said Gercke, one of the conference participants. "The success rate of cybercrime is very high."While it is unknown, whether or not, these meetings of the minds will yield any results -- the fact is that unless there is greater cooperation and collusion between the good guys -- the problems of undesirable activity being spread with the click of a mouse is likely to continue growing at an alarming rate.
A little more teamwork and forward thinking might go a long way towards solving the problem. Of course, taking some of the players out from the opposition (bad guys) would go a long way, also!
To close this brief post, I would like to point to matters a little closer at home. An American computer law expert recently wrote a forward thinking article on the Hannaford data breach, where hackers stole 4.2 million payment (credit/debit) card numbers and the recent settlement between TJX and the FTC.
In his well thought out article, Ben Wright of SANS writes:
The FTC is well-meaning here, but it is misdirected. By singling out TJX and chastising it with the “unfairness” “bad guy” rhetoric, the FTC distracts the necessary public conversation. It implies that if we can just punish these lazy merchants enough (and force them to comply with the PCI and similar controls), then credit cards will be safe. That’s wrong.
The criminal warfare directed at the credit card system is more powerful than the theory behind PCI. The whole credit card system needs to change. As a society we need to focus on beating the criminals, and stop flogging victims like TJX as unfair privacy infringers.
To me, this means that instead of spending all our resources on inadequate security and filing litigation against the "unlucky targets" of organized cyber crime, we need to start addressing the root of the problem. I'll give anyone reading this one guess, who that might be?
Thursday, June 14, 2007
FBI roasts a few Bot-Herders, which will free up to a million Zombies
Sick and tired of all the spam filling up your inbox, despite filtering technology that doesn't seem to work very well? If you are, Operation Bot Roast is a story that might catch your interest, or if you are like me, is chicken soup for the soul.
Botnets are a primary cause for the ever increasing levels of spam. Botnets are infected computers that their masters (bot-herders) turn into zombies, spewing out spam e-mails by the millions.
These bot-herders cause a lot of us, a whole lot of grief.
The FBI press release announced yesterday:
Full story from the FBI, here.
Also contained are a lot of useful links on protect yourself -- and of course your computer -- and what to do if you think your computer was turned into a zombie.
Bot-herders have been reported to rent out their illicit networks to organized criminals by the hour.
What your computer must feel like after being turned into a zombie (Courtesy of Wikipedia).
Botnets are a primary cause for the ever increasing levels of spam. Botnets are infected computers that their masters (bot-herders) turn into zombies, spewing out spam e-mails by the millions.
These bot-herders cause a lot of us, a whole lot of grief.
The FBI press release announced yesterday:
They’re called “bot-herders:” hackers who install malicious software on computers through the Internet without the owners’ knowledge. Once the software is loaded, they can control the computer remotely. And once they’ve compromised enough computers, they have a robot network or botnet.According to the press release, several people have been arrested, including three of the big-time "masters."
Some botnets are huge: tens of thousands of infected computers. Or more. As a result of Operation Bot Roast, an ongoing and coordinated initiative to disrupt and dismantle these bot-herders, we’ve identified about 1 million computers across the country that have been compromised.
Full story from the FBI, here.
Also contained are a lot of useful links on protect yourself -- and of course your computer -- and what to do if you think your computer was turned into a zombie.
Bot-herders have been reported to rent out their illicit networks to organized criminals by the hour.
What your computer must feel like after being turned into a zombie (Courtesy of Wikipedia).
Saturday, December 16, 2006
Discarded Computers might still have a lot of Sensitive Information on them
One of the ways identities are compromised is when computers are discarded without properly "washing" the hard-drive with specialized software, or destroying the hard-drive, itself.
I did a post in about this, here.
Bill Lambrecht of the St. Louis Post - Dispatch wrote an interesting article, where they purchased several old computers in Nigeria and were able to get a lot of information from them.
Interestingly enough, he quotes a prominent Nigerian, Oladele Osibanjo, who is a regional coordinator for the Basel Convention - a global treaty intended to protect people from the mishandling of hazardous materials as saying:
"The e-waste you are exporting is coming back to you in the form of cyber-crime. Maybe when Americans realize what is happening, they will be a little more careful."
While Mr. Osibanjo is trying to warn us about identity theft, I'm certain his true concerns lie more with hazardous materials that are damaging people's health in other countries. When I went to their site, the fact that this occurs, alarmed me.
St. Louis Post - Dispatch article, here.
Although the article is extremely informative - and there is ample proof of fraud coming from Nigeria - I continue to be amazed at the amount of press they receive about it.
With the recent ABC 20 20 story brought about by a certain former politician, who is behind bars and might be Chelsea Clinton's father-in-law someday, Nigerian fraud is again making headlines.
Stealing and using information is a worldwide problem and there are criminals involved in the "trade" in a lot of places.
So far as Chelsea, it must be hard to be Bill and Hillary's daughter, and she certainly doesn't seem to get in as much trouble as some twins, who were in South America recently.
Saying that, the story calls attention to what I consider the potential of a huge problem. Companies and organizations are constantly upgrading their computers and a lot of them get discarded.
Besides identity theft, there is a huge potential that "sensitive information" could be sifted from these hard-drives that would compromise trade secrets, or even government information.
I did a post in about this, here.
Bill Lambrecht of the St. Louis Post - Dispatch wrote an interesting article, where they purchased several old computers in Nigeria and were able to get a lot of information from them.
Interestingly enough, he quotes a prominent Nigerian, Oladele Osibanjo, who is a regional coordinator for the Basel Convention - a global treaty intended to protect people from the mishandling of hazardous materials as saying:
"The e-waste you are exporting is coming back to you in the form of cyber-crime. Maybe when Americans realize what is happening, they will be a little more careful."
While Mr. Osibanjo is trying to warn us about identity theft, I'm certain his true concerns lie more with hazardous materials that are damaging people's health in other countries. When I went to their site, the fact that this occurs, alarmed me.
St. Louis Post - Dispatch article, here.
Although the article is extremely informative - and there is ample proof of fraud coming from Nigeria - I continue to be amazed at the amount of press they receive about it.
With the recent ABC 20 20 story brought about by a certain former politician, who is behind bars and might be Chelsea Clinton's father-in-law someday, Nigerian fraud is again making headlines.
Stealing and using information is a worldwide problem and there are criminals involved in the "trade" in a lot of places.
So far as Chelsea, it must be hard to be Bill and Hillary's daughter, and she certainly doesn't seem to get in as much trouble as some twins, who were in South America recently.
Saying that, the story calls attention to what I consider the potential of a huge problem. Companies and organizations are constantly upgrading their computers and a lot of them get discarded.
Besides identity theft, there is a huge potential that "sensitive information" could be sifted from these hard-drives that would compromise trade secrets, or even government information.
Subscribe to:
Posts (Atom)
