Hacker Group Anonymous Threatens Drug Cartel with Exposure

November 12, 2011

Anonymous has once again targeted a despicable group, and like the hacker group’s recent attack on pedophiles,[i] I find myself reluctantly cheering. It’s hard to feel sorry when a bunch of drug running thugs who dabble in other crimes like extortion get the tables turned on them.

It’s almost like Anonymous really is evolving into a band of digital superheroes – clear down to their masked appearance (as Guy Fawkes) in their YouTube video.

Unfortunately, like the superheroes of fiction, they’re operating as vigilantes – imagine the good that could be accomplished if their considerable skills were applied more directly towards collaborating with law enforcement.

According to the Anonymous YouTube video, it was the kidnapping of one of their hacktivists that triggered their threats against the Zetas, an ultra-violent Mexican drug cartel that in addition to their drug trafficking is also involved in extortion, assassinations and kidnappings.

The hacktivist group also set a Nov. 5th deadline for the release of their member timing it to coincide with Guy Fawkes Day, the anniversary of the discovery of the 1604 plot to blow up the British Parliament.

Anonymous threatens to release photos and names of everyone involved with the Zetas – from taxi drivers and journalists and on up the chain and says they want “the army and the navy to know that we are fed up with the criminal group Zetas.”

If the hackers really can pull off the exposure of the cartel’s participants – and given their track record the threat doesn’t seem idle – the cartel appears to be in an untenable position. Giving in to Anonymous’ threat makes them appear weak and leaves them vulnerable to other attacks in what is already a brutal struggle for dominance in the drug trade. On the other hand, ignoring the threat and being outed by name and with pictures leaves their entire cartel exposed in an open hunting season by law enforcement and competing thugs.

It will be curious to see how this unfolds. My hope is that the kidnapped hacktivist is returned safely AND the cartel is still served up on a platter.



Banks Blame Businesses When Hackers Empty Their Bank Accounts

August 18, 2011

“If every [business] knew their money was at risk [from online fraud] in small and medium-sized banks, they would move their accounts to JPMorgan Chase,” said James Woodhill, a venture capitalist who is leading an effort to get smaller banks to upgrade anti-fraud security for their online banking programs. “That’s because JPMorgan Chase is the only major U.S. bank that insures commercial deposits against the type of hacking that plagues smaller banks.

There is an excellent article in BusinessWeek titled Hackers Take $1 Billion a Year as Banks Blame Their Clients that is a must read piece. It provides a clear explanation of the insurance loophole that is wiping out businesses, school districts, churches, and local governments bank accounts, when and how cybercriminals strike; why small banks aren’t stepping  up,  why law enforcement is struggling to deal with  the issue; the role of malware in these exploits, and what led to the creation of the yourmoneyisnotsafeinthebank.org website.

Read it.


Start the Year in Control of Your Online Privacy

January 6, 2011

Want a New Year’s resolution that takes less than 10 minutes, can be done right now, is FREE, and will improve your life all year long? Take control of your online privacy.

Your digital footprint is comprised of your online actions and personal information whether you placed this information online, or some other entity did. This footprint is being tracked by companies and advertisers, digital brokers and cyberthieves, at unprecedented and rapidly escalating levels. While some of what is being tracked is of benefit to you, there are far too many instances where the data collection is exploitive, and you’d be outraged to discover what is being collected, shared, sold, or rented about you.

Those wanting to make a buck off your information say that people no longer care about their privacy; that we live in an era where exposing all our information is the new norm, and they’ve built their business models on this principle though you’ll notice that those on the forefront of espousing the ‘expose-all norm’ go to great lengths to protect their own information and privacy.

To help consumers, Congress and the FTC are now looking into the trampling of your privacy online and formulating legislation that would provide consumers better protections, but you don’t have to wait for an act of Congress to significantly improve your control of your own online privacy.

Take Those 10 Minutes to Greater Privacy NOW

I’ve blogged about PrivacyChoice.org in the past. They’re an organization dedicated to making privacy easier for consumers by offering tools that help you understand and make choices about your online privacy.

Designed and operated by Jim Brock, a technology entrepreneur, former Yahoo! executive and co-founder of Attributor, PrivacyChoice is a phenomenal resource that I highly recommend to you.

Note: I can’t claim the privilege of being associated in any way with this organization; this recommendation is purely my own opinion.

On the PrivacyChoice homepage you’ll see eight key links; four under “Curious?”, and four under “Want Control?” I recommend taking the time to go through all of these, but if you’re in a hurry go through the top three links under “Want control?” first.

Since I last blogged about them, PrivacyChoice has added some cool new tools:

  1. PrivacyCheck, which makes it easy to check the Facebook privacy status of your family and other loved ones. Try it here:
  2. PrivacyChoice Disconnect, which makes it easy to remove your email address from datamining services that connect it to your social network profile. Try it here:
  3. Added a quick way to see how ad companies view you all in one place. Try it here:
  4. Extended the coverage of the TrackerBlock service and added support for Internet Explorer, making it the most effective way to control whether you are tracked online. Try it here:

Once you’ve taken these steps, you will have significantly improved your control over your privacy.

To further improve control over your privacy:

  1. Make sure you have antivirus and antispyware software on all computers. If your computer isn’t protected, it IS infected – and crooks ARE stealing your information.
  2. Review the privacy terms and conditions of every social site you use, AND review your personal privacy settings choices on those sites.
  3. Search yourself using at least two search engines. There is likely to be considerably more than what you have posted. If you want any information removed, work with the websites to see what can be taken down.
  4. Consider whether you want your home to be displayed on online maps, if not, learn How to Remove Images of Your Home from Google’s Street View
  5. Change all your passwords. Learn how to do so smartly here: Safe passwords don’t have to be hard to create; just hard to guess
  6. Do some online “pruning.” Review all your personal contacts in instant messaging (IM), email, social networking sites, forums, blogs, etc. Are they still relevant? Remove anyone you no longer interact with.
  7. Look to find the tracking policies of the key websites you use.
    1. The Wall Street Journal  wrote an excellent series titled What they Know that gives you a tool to look at the top websites and see how they share your information, and you can go directly to their site, or see how I put the privacy issue into context with my blog Could Facebook Go the Way of MySpace?
    2. Install and use PrivacyChoice’s Trackerscan tool. Once you install it, you can click to see what tracking tools are being used on any website you visit. For example, in this picture you’ll see that I looked up the companies that track users on the New York Times website.

I am not opposed to online advertising — it’s what funds our ‘free’ use of internet services. What does concern me is knowing which companies are tracking me and how they are doing so, understanding the privacy elements that are in place to protect me, and being able to opt out if I choose to do so.

Have a Happy, and private, New Year!


Death Threats from Sellers for Trying to Return an Online Purchase

December 13, 2010

You don’t expect to get death threats over an online purchase, but that’s now been the experience of at least two separate shoppers, one on each side of the country.

In the first incident, police arrested cyber merchant Vitaly Borker from in Brooklyn after allegedly threatening customers requesting refunds. The New York Times investigated and found Borker was threatening customers in an effort to get his business to score higher on Google search rankings.

Then, this week in Seattle, a couple contacted an online merchant to return what were obviously knockoff Nike shoes and the company contact responded to their refund request with a threat ” ‘Okay, our boss said we will employ a guy to kill you!’ ”

Interviewed by Komo TV on the incident, cyber specialist and president of the Safe Internet Alliance, Linda Criddle, said she thinks it’s an empty threat given the company is based in China, but never-the-less a very unpleasant experience.

“You need to do your homework,” Criddle said. “You need to type that store’s name and the word ‘review’ into a search engine and see how they’re reviewed. You want to see lots of reviews about a store.” She suggests searching complaints too.

Criddle also recommends shoppers think twice if the company is based out of country. “If it’s coming from abroad you need to be very careful ’cause you don’t have the ability to go after them in some fashion,” Criddle said.

See the blog ‘Tis the Season – 10 Steps to Safer Holiday Shopping Online for more information on how you can increase your safety while shopping online.

To watch the TV segment from Komo News, click here.

Small Businesses Don’t Think They are Cybercrime Targets – That Puts YOU at Risk

December 2, 2010

85% of small business owners believe their companies are less of a target for cybercrime than large companies according to a new survey released by National Cyber Security Alliance (NCSA) and Visa, Inc.

Because of this perceived sense of lower risk, nearly 50% of all small business owners believe the high cost in time and money to fully secure their business is not justified by the threat.

This misplaced view of risk means that though 65% of small businesses store customer data, including 43% that store financial records and 33% that store credit card information:


  • 47% of small business owners have provided no network or mobile device security training whatsoever in the past year (75% have provided less than 3 hours of training for employees)
  • Only 36% have run a criminal background check on employees that handle payment data.
  • Only 43% have a plan in place to respond to the loss of customer data, such as credit or debit card information or personal identifying data.
  • Only 41% have a corporate policy preventing employees from connecting company devices to unsecured wireless networks.
  • Only 36% of small businesses say they are compliant with the Payment Card Industry Data Security Standard – in spite of the fact that compliance is required of all businesses that accept payment cards.
  • Only 21% say the payment application they use has been validated against the Payment Card Industry Data Security Standard

What this means to you

Cybercriminals look for the easiest targets, and that is no longer the big companies with millions of records as these companies have had to step up their security measures.  According to security experts and law enforcement groups, the new targets that hackers and cyber criminals are honing in on are small businesses. The report notes that just last month, Ukraine authorities arrested five individuals who allegedly stole $70 million from U.S. bank accounts in an elaborate scheme targeted at U.S. small and medium-sized businesses.

“The greatest threat to a company’s cybersecurity is complacency,” said Michael Kaiser, executive director of the NCSA.  “We encourage small business owners to take the necessary precautions to protect their customers, employees and their businesses.”

Your safety and privacy are directly impacted by the security measures – or lack of security measures – taken by the companies with whom you do business.  If these companies fail to have up-to-date security and privacy measures in place it only takes moments for all their consumers – you – to be placed in harm’s way and in many instances you won’t even be notified of the breach.

As you go about your interactions with companies and services of any size, ask or look to find a notice of what security measures are in place, what precautions they’ve taken to screen their employees, and the steps they take to protect your privacy.

In today’s world, you simply can’t assume your information is being treated with the care it is due.


6 Steps to Staying Safer this Tax Season

April 3, 2010

Whether you file your taxes online or use a tax program on your computer, cybercrooks are hoping you’ll make a security or safety mistake this tax season. And they are poised to take full advantage of it if you do. Last year online scams cost Americans $559.7 million dollars, according to the FBI’s 2009 Annual Report on Internet Crime, more than double the amount scammed from in 2008.  Following a few basic precautions will significantly increase your safety.
6 Steps to Staying Safer this Tax Season:

  1. Secure your computer – if your computer is infected with malware, criminals will be stealing every piece of information you put on it.  Computer security is vital every day of the year, but especially critical before entering your most sensitive financial information.
    1. You must have anti-virus and anti-spyware software installed and up-to-date. If your computer isn’t protected from Trojans, viruses and other malware your financial information, passwords and identity will be stolen. This concept is so basic, yet only 20% of the US population adequately protects their computers. If the cost of security software is prohibitive, use a free service.
    2. Secure your internet connection – Make sure your computer’s firewall is on. If you use a wireless network it needs to be encrypted so someone who is lurking outside the house can’t collect your information. If you need a free firewall, click here. Never use a public WiFi service for any type of financial transaction or other type of sensitive information transfer.
    3. Use added protection on sensitive financial information with passwords or store on a flash drive, CD or external hard drive For added protection all year, keep your finances inaccessible to anyone who uses (or hacks into) your computer. You can do this by password protecting individual files or folders on your computer, or choose to keep this information on a flash drive or CD that you keep in your safe or other secure location.
  2. Drive, don’t be pulled to tax websites – Chances are, the internet holds the answers to your tax questions. But safely searching for tax forms, advice on deductibles, tax preparers, etc. requires that you don’t get fooled into landing on malicious sites.  Trust is Key. Know the Site. Know the User. Know the Company.
    1. Navigate to the websites yourself by conducting your own search. Always use a tool that helps you see the safety rating of the search results. There are many website safety rating services, and both Firefox and IE offer tools as well.
    2. Or, type in the URL of a trusted site. Just be careful that you don’t mistype the URL, criminals are quick to buy URL’s that are just a common typo away from the legitimate sites, and can make their fake sites appear legit.
    3. Never allow yourself to be pulled to a site by using a link sent in email, or found on someone’s blog, or by clicking on an advertisement. The website you land on may look just like the real site (just as the ad may have looked like a legitimate ad) but it may be a well crafted fake.
  3. Don’t fall for email, web, or social networking scams – tax time brings tax scams. The scams may tout tax rebates, offer great deals on tax preparation, or offer a free tax calculator tool, etc. If you did not solicit the information, it’s a scam.
    1. If the email claims to be from the IRS, it’s a scam – the IRS will not contact you via email.
    2. If the email appears to be from your employer, bank, broker, etc. claiming there is an issue with what they reported for you and you need to verify some information – it’s a scam.
    3. If you feel any temptation whatsoever to believe an online notice, check it out BEFORE responding. Use a site like Snopes and type in the email’s subject to see if the scam has been reported. If it comes from a company, find the company’s contact information yourself and call. Do Not use information contained in the email to check it out, if it’s a scam the information will be part of the scam.
  4. Never send sensitive information in email unless that sensitive information is in a password protected attachment (Word document, Excel file, etc). Basic email is not secure; it can be trapped and read by criminals. There are some email services that encrypt email, you will know if you have one of these.
    1. Do not include the attachment’s password in the email – call and share the password over the phone.
  5. Use strong passwords – A weak password is all it takes for someone to steal your information. “Password” or “123456” are not secure options, and neither are names, birthdates, words found in dictionaries, etc.. If you use the same password on multiple sites (or everywhere) you are asking for real trouble. Learn how to make strong passwords that aren’t hard to remember, just hard to guess.
  6. Use a reputable tax preparer that follows strict data security guidelines. Even when you’ve secured information on your computer, information can ‘leak’ from whomever you share your information with.
    1. If you are using a new tax preparer, check them out with the Better Business Bureau or get references and check them carefully.
    2. Ask about the data security precautions the tax preparer uses to protect your information – if their computers aren’t secure, your information isn’t either.

Of all the things you need to worry about during tax preparation, don’t make financial safety be one of them. Your actions today can significantly decrease your chances of becoming one of the 300,000 thousand or more victims expected to contact the Internet Crime Complaint Center this year.