Search
Web firm sounds alert on criminal data trove - Via Reuters:
LONDON (Reuters) - A Web security firm said on Tuesday it had tipped off international banks and police after finding a huge trove of stolen business and personal data amassed on a server in the space of just three weeks.
Finjan Inc said it had notified the U.S. Federal Bureau of Investigation, police in various countries and more than 40 financial institutions in the United States, Europe and India about the discovery of the so-called "crimeserver".
"This server was running for about three weeks and within this period it managed to collect 1.4 gigabytes of data. It is indeed the largest treasure we've found in this very short time," Yuval Ben-Itzhak, chief technology officer of the California-based firm, said in a phone interview from Israel.
The stolen data consisted of 5,388 unique log files including 1,037 from Turkey, 621 from Germany, 571 from the United States, 322 from France, 308 from India and 232 from Britain. read more »
"Crimeserver" Full of Personal/Business Data Found - Via Slashdot:
Presto Vivace sends news of a server found by security firm Finjin that contained a 1.4-GB cache of stolen data, accumulated over a period of less than a month from compromised PCs around the world. The "crimeserver," as Finjin dubs it, "provided command and control functions for malware attacks in addition to being a drop site for data harvested from compromised computers... The stolen data consisted of 5,388 unique log files including 1,037 from Turkey, 621 from Germany, 571 from the United States, 322 from France, 308 from India and 232 from Britain." Oddly enough, the data was stored in the open, with not even basic auth to protect it. Finjin notes in their press release that this huge trove of data gathered over a short period of time indicates that the crimeware problem is far larger than most observers have been assuming.
(Read Original Article - Via Slashdot.)
Bill Would Track Down Tax Cheats Through Banks - Via Privacy - Topix.net:
"This is just more of a fishing expedition"
Minnesota tax collectors want to enlist banks -- and their electronic records -- in their search for the assets of tax cheats.
The state Revenue Department is pushing a plan to collect an extra $10 million a year in outstanding taxes by making banks, credit unions, life insurance companies and money market mutual funds scan their records regularly and pass on data on tax debtors so the state can get its money.
The provision made it into Republican Gov. Tim Pawlenty's budget recommendations and budget bills in both houses of the Democrat-controlled Legislature -- much to the dismay of banks and consumer privacy watchdogs. Read more
(Read Original Article - Via Privacy - Topix.net.)
TIGTA: IRS should safeguard taxpayers from identity theft - Via FCW :
The Internal Revenue Service needs to do more to combat identity theft, which is increasingly being used to commit tax fraud and obtain employment, the Treasury Inspector General for Tax Administration (TIGTA) said in a report released today.
The IRS primarily focuses on public outreach — which it has improved — to prevent identity theft by educating people, but that is not an adequate deterrent, the report also said.
“The IRS has placed only limited emphasis on employment-related and tax fraud identity theft,” said J. Russell George, the Treasury Department's inspector general for tax administration. “The IRS' policy…that identity theft will only be investigated if it is committed in conjunction with other criminal offenses is having a large tax impact,” he said. read more »
New banking code cracks down on out-of-date software - Via The Register(UK) :
The banking industry has re-affirmed a policy that makes online banking customers responsible for losses if they have out of date anti-virus or anti-phishing protection. New Banking Codes for consumers and businesses took effect on Monday.
The Banking Code produced by the British Bankers' Association (BBA), and followed by most banks, makes it clear that banks will not be responsible for losses on online bank accounts if consumers do not have up to date anti-virus, anti-spyware, and firewall software installed on their machines.
"If you act without reasonable care, and this causes losses, you may be responsible for them," says the code. "This may apply, for example, if you do not follow section 12.5 or 12.9." read more »
UK Banking Law Blames Customers For Insecure OS - Via Slashdot: Your Rights Online:
twitter writes "If you use an insecure OS in the UK and someone drains your bank account, the banks say it's your fault. The Register reports: 'The Banking Code produced by the British Bankers' Association (BBA), and followed by most banks, makes it clear that banks will not be responsible for losses on online bank accounts if consumers do not have up to date anti-virus, anti-spyware, and firewall software installed on their machines.'" twitter went on to note that the majority of consumer PCs use an operating system with a history of security issues. Should end users be ultimately responsible for the state of their systems?
Researchers Expose New Credit Card Fraud Risk - Via Slashdot:
An anonymous reader writes "Researchers from the University of Cambridge have discovered flaws in the card payment systems used by millions of customers worldwide. Ross Anderson, Saar Drimer, and Steven Murdoch demonstrated how a simple paper clip can be used to capture account numbers and PINs from so-called 'tamper-proof' equipment. In their paper (PDF), they warn how with a little technical skill and off-the-shelf electronics, fraudsters could empty customers' accounts. British television featured a demonstration of the attack on BBC Newsnight."
(Read Original Article - Via Slashdot.)
Swiss Bank Drops WikiLeaks Case - Via Threat Level:
Julius Baer Bank and Trust dropped its case Wednesday against WikiLeaks, days after a federal judge allowed the renegade, whistle-blowing site to resume operations.
Two weeks ago, U.S. District Judge Jeffrey White signed an order that effectively took down the WikiLeaks site in the United States and also locked the WikiLeaks.org domain name to prevent transfer of the domain name to a different domain registrar. On Friday, after intense media scrutiny, the judge did an about-face, saying he went too far. read more »
Bank Drops Case Against Wikileaks - Via ACLU Blog - Free Speech:
Swiss Bank Julius Baer announced today that it’s dropping its lawsuit against whistleblower website Wikileaks.
If you’ve been following the case, you know that it all started when the bank filed a lawsuit against the site because of some documents posted there by a former bank employee that allegedly detailed illicit activities by the bank in the Cayman Islands. A federal judge initially ordered (PDF) the domain name wikileaks.org disabled, which meant none of the documents posted there- related to the bank or otherwise- could be accessed through that domain name. read more »
Judge Dissolves Wikileaks.org Injunction - Via EFF: Breaking News:
San Francisco - A federal district court judge in San Francisco today rescinded a controversial order that disabled the "wikileaks.org" domain name which had -- until two weeks ago -- pointed to Wikileaks, a website designed to give whistleblowers a forum for posting materials of public concern.
This week, the Electronic Frontier Foundation (EFF) moved to intervene in the case, along with the American Civil Liberties Union (ACLU), and the American Civil Liberties Union Foundation of Northern California and the Project on Government Oversight (POGO). In a hearing in federal court today, EFF and its fellow intervenors and amici argued that the order infringed on the First Amendment rights of Internet users who have an interest in accessing material of public concern on the site. Ruling from the bench, Judge Jeffrey White cited concerns about the First Amendment, the effectiveness of disabling the wikileaks.org domain name, and the court's own jurisdiction over the case as reasons to dissolve his previous orders. read more »
Free Speech Triumphs in Wikileaks Case - Via ACLU Blog - Free Speech:
Today was a really good day for the First Amendment. And it was also a good day for our court system. From the very beginning of the argument over what should happen in the Wikileaks case, the judge made it clear that he took the Constitutional issues seriously, at one point reminding the lawyers for the Bank that he had taken an oath to uphold the Constitution. In the end the Court not only dissolved the permanent injunction locking up the Wikileaks.org domain name, he also denied the Bank’s motion for a preliminary injunction that would have required Wikileaks either to take the documents down in their entirety or to redact (black-out) some of the information. read more »
Is WikiLeaks Judge Having Second Thoughts? - Via Threat Level:
The WikiLeaks judge might be softening.
U.S. District Judge Jeffrey White issued a document late Thursday suggesting he might have erred last week when he signed an order that took down the WikiLeaks site and also locked "the WikiLeaks.org domain name to prevent transfer of the domain name to a different domain registrar."
A hearing on the issue is scheduled for Friday morning in U.S. District Court in San Francisco. read more »
NY Offers Credit Monitoring After Tax Mailing Gaffe - Via PogoWasRIght - Privacy News Headlines:
The New York City Department of Finance has sent tax forms to thousands of people in defective envelopes that allowed Social Security numbers to be seen from the outside. It's offering the recipients free credit monitoring services.
The finance department mailed 2007 tax forms for unincorporated businesses in envelopes that were too big to about 12,000 people. It says the recipients' Social Security or employee identification numbers were visible through the windows on the envelopes.
Source - My Fox Raleigh
(Read Original Article - Via PogoWasRIght - Privacy News Headlines.)
Bank of America, HSBC Most Prone to I.D. Theft, Report Says - Updated - Via Threat Level:
In a first ever study of which companies have the most identity theft incidents, Bank of America, HSBC, and Washington Mutual were named as the companies with the most incidents per billions of dollars of deposits, according to a study released Wednesday by Berkeley Law School fellow Chris Hoofnagle.
Among the nations' largest banks, ING Bank looks to be the safest, with only 0.085 identity theft complaints per billion dollars of insured deposits.
In terms of sheer numbers of complaints, Bank of America, AT&T and Sprint were named most often in the complaints, followed closely by Chase, Capital One and Citibank.
The study, entitled Measuring Identity Theft at Top Banks (Version 1.0), looks to be the first-ever attempt to name-and-shame companies based on their identity theft protections, or lack thereof. read more »
Note to Bank: Don't Wage War With the Internets - Via ACLU Blog - Free Speech:
If you follow the political blogs, you probably know about the Wikileaks case. In a nutshell, last week a district court judge ruled in favor of Swiss Bank Julius Baer and ordered the Wikileaks domain name shut down because a former bank employee allegedly used the site to post proof that the bank is involved in a money laundering scheme. Wired's Threat Level gives an excellent, thorough run-down of the story. read more »
Banks, Wall St. Feel Pinch from Computer Intrusion - Via Slashdot:
An anonymous reader writes "Financial institutions and companies in the securities/futures business are reporting sizable increases in the amount of losses and suspicious activity attributed to computer intrusions and identity theft, says the Washington Post's Security Fix blog. The Post obtained a confidential report compiled by the FDIC which analyzed Suspicious Activity Reports from the 2nd Quarter of 2007. SARs are filed when banks experience fraud or fishy transactions that exceed $5,000. read more »
Cayman Islands Bank Gets Wikileaks Taken Offline in U.S. -- Updated with Links - Via Threat Level:
Wikileaks, the whistleblower site that recently leaked documents related to prisons in Iraq and Guantanamo Bay, was taken offline last week by its U.S. host after posting documents that implicate a Cayman Islands bank in money laundering and tax evasion activities.
In a pretty extraordinary ex-parte move, the Julius Baer Bank and Trust got Dynadot, the U.S. hosting company and domain registrar for Wikileaks, to agree not only to take down the Wikileaks site but also to "lock the wikileaks.org domain name to prevent transfer of the domain name to a different domain registrar." A judge in the U.S. District Court for Northern California signed off on the stipulation between the two parties last week without giving Wikileaks a chance to address the issue in court. read more »
Cayman Islands Bank Gets Wikileaks Taken Offline in U.S. - Via Threat Level:
Wikileaks, the whistleblower site that recently leaked documents related to prisons in Iraq and Guantanamo Bay, was taken offline last week by its U.S. host after posting documents that implicate a Cayman Islands bank in money laundering and tax evasion activities.
In a pretty extraordinary ex-parte move, the Julius Baer Bank and Trust got Dynadot, the U.S. hosting company for Wikileaks, to agree not only to take down the Wikileaks site but also to "
lock the wikileaks.org domain name to prevent transfer of the domain name to a different domain registrar." A judge in the U.S. District Court for Northern California signed off on the stipulation between the two parties last week without giving Wikileaks a chance to address the issue in court. read more »
Delicious
Digg
Reddit
Google
Yahoo
Technorati