This embarrasing news for Diebold, posted on bradblog.com, details how hackers recreated a master key for Diebold voting machines from images posted on the Diebold website.

DIEBOLD VOTING MACHINE KEY COPIED FROM PHOTO AT COMPANY’S OWN ONLINE STORE!

The Palm Beach Post reports on a recent lecture on identity theft by famous con man Frank Abagnale, whose criminal activities were made into the movie “Catch Me If You Can”.

From the article –

Frank Abagnale knew about identity theft before it had a name.

In fact, he practiced it with precision.

His legendary exploits as a con man were immortalized in the 2002 Steven Spielberg movie Catch Me If You Can, with Leonardo DiCaprio playing the role of Abagnale.

Between the ages of 19 and 21, Abagnale cashed $2.5 million in fraudulent checks in every state and 26 foreign countries. He posed as a Pan Am airline pilot, an attorney, a college professor and a pediatrician. He also served time in French, Swedish and U.S. prisons starting when he was 21.

”How could I say my life was glamorous?” he said. ”If I had been brilliant, if I had been a genius, I don’t know that I would have felt the need to break the law.” Now a consultant for the FBI and banks such as Morgan Stanley, he spoke earlier this month about his life and about the dangers of identity theft to an audience of around 150 people at Florida Atlantic University in Boca Raton.

When Abagnale, 58, did it more than 30 years ago, the process of stealing someone’s identity was simple, if a bit time-consuming. It required going to the county clerk’s office, finding the name and Social Security number of a dead child, asking for a copy of the birth certificate and using that certificate to obtain a driver’s license. With the Social Security number and driver’s license, the financial world was his oyster — and still is for today’s crooks.

The rest of the article discusses the use of technology in modern identity theft and some ways for people to protect themselves.

You can read the full article @ ‘Catch Me’ con man offers advice on avoiding identity theft

CIO.com is reporting the online ‘phishing’ fraud scams will likely manage to steal as much as $2.6 billion dollars from people in 2006.

From the post –

Browser makers may have added new antiphishing features to their products in recent months, but the criminals are still gaining ground in their efforts to defraud U.S. consumers, according to the Gartner research firm.

Phishers have hit more victims with their online attacks, and while fewer people are losing money to phishers, successful attempts have been yielding bigger payoffs, said Avivah Litan, vice president and distinguished analyst at Gartner. “When they do succeed, they’re stealing five times more than they stole last year.”

The average loss per phishing attack was US$1,244 this year, Litan said, up from $256. Gartner estimates that the total financial losses attributable to phishing will total $2.8 billion this year.

And users who are taken in by phishing scams are less likely to recover their money, Litan said. In 2005, 80 percent of victims got their money back. This year, that number dropped to 54 percent.

Gartner estimates that 3.5 million Americans will give up sensitive information to phishers in 2006—up from an estimated 1.9 million last year.

Source: Phishers to Bilk Consumers Out of $2.8B in ‘06

Canada and Germany are rated as the top countries when it comes to privacy protection on their citizens, according to a recent AP article that highlights the findings of an international watchdog group.

From the article –

Germany and Canada are the best defenders of privacy, and Malaysia and China the worst, an international rights group said in a report released Wednesday.

Britain was rated as an endemic surveillance society, at No. 33, just above Russia and Singapore on a ranking of 37 nations’ privacy protections by London-based Privacy International.

The United States did only slightly better, at No. 30, ranked between Israel and Thailand, with few safeguards and widespread surveillance, the group said.

The watchdog organization tracks surveillance and privacy violations by governments and corporations, said director Simon Davies. It studied the reach of governments in their use of video surveillance in private locations, workplace monitoring and identity protection, among other areas.

Source: Germany, Canada top watchdog’s list as countries with best privacy protection

On Wednesday November 1st at 9 PM / 12 AM ET CNBC will premiere a news special called “Big Brother, Big Business” that will take a look at the government and big business involvement in recording and analyzing the personal information and activities of everyday people.

From the CNBC site –

The rapid advance of technology allows companies to monitor our every move and record our most private personal information. Driving habits are being recorded; employees are monitored, shoppers and diners are observed and analyzed; internet searches are saved and used as evidence in court.

It is big business that collects most of the data about us. But increasingly, it is the government that’s using it.

BIG BROTHER, BIG BUSINESS takes an enlightening and sometimes disturbing look at how the growth of the information society may be eroding the freedoms many people take for granted.

Source: Big Brother, Big Business

Sometimes high tech personal identification is “too smart by half”. The New York Times reports on how easy it is to hack no-swipe ( RFID ) credit cards and retrieve the personal identification information that is encoded on the cards.

From the article –

Tom Heydt-Benjamin tapped an envelope against a black plastic box connected to his computer. Within moments, the screen showed a garbled string of characters that included this: fu/kevine, along with some numbers.

Mr. Heydt-Benjamin then ripped open the envelope. Inside was a credit card, fresh from the issuing bank. The card bore the name of Kevin E. Fu, a computer science professor at the University of Massachusetts, Amherst, who was standing nearby. The card number and expiration date matched those numbers on the screen.

The demonstration revealed potential security and privacy holes in a new generation of credit cards — cards whose data is relayed by radio waves without need of a signature or physical swiping through a machine.

Source: Researchers See Privacy Pitfalls in No-Swipe Credit Cards

ABC News is reporting on a Chicago voter database that has been hacked by a non-partisan civic organization, exposing the personal information, including social security numbers, of over 1 million people.

From the report –

As if there weren’t enough concerns about the integrity of the vote, a non-partisan civic organization today claimed it had hacked into the voter database for the 1.35 million voters in the city of Chicago.

Bob Wilson, an official with the Illinois Ballot Integrity Project — which bills itself as a not-for-profit civic organization dedicated to the correction of election system deficiencies — tells ABC News that last week his organization hacked the database, which contains detailed information about hundreds of thousands of Chicago voters, including their Social Security numbers, and dates of birth.

“It was a serious identity theft problem, but also a problem that could potentially create problems with the election,” Wilson said.

A nefarious hacker could have changed every voter’s status from active to inactive, which would have prevented them from voting, he said.

“Or we could’ve changed the information on what precinct you were in or what polling place you were supposed to go to,” he said. “So there were ways that we could potentially change the entire online data base and disenfranchise voters throughout the entire city of Chicago.”

“If we’d wanted to, we could’ve wiped the entire database out,” Wilson claimed.

Source: ABC News

This recent blog posting on the Wichita Eagle web site discusses a new software program that employers can use to record all communications made from your office PC, including your use of any personal email sites like Yahoo; instant messaging programs or VOIP programs.

Reprinted from Kansas.com -

There is no privacy in the workplace computer.

If you are convinced the folks in IT enjoy reading your e-mail, they will soon have even more to keep them entertained. Your company may be getting new software to capture every screen you ever pulled up — and it’s perfectly legal. Thanks to executives who brought down companies like Enron and WorldCom, the Sarbanes-Oxley Act of 2002 was created requiring every publicly traded company to maintain electronic records of all information passing through a company system.

British computer company Chronicle Solutions has created software designed for businesses that will capture every e-mail (including your personal Yahoo account), all instant messages, Web pages viewed, and voice-over IP phone calls. It’s a sort of TiVo, or digital video recorder, for the business world.

Any information obtained through your company’s modem is downloaded and saved, able to be pulled up by request for years to come. Companies are required to store it on tape or another server for future access.

So beware of system breaches. If the backup tape is misplaced, you may find your presumed private conversation with your Friday night poker buddy a top-rated hit on the Internet.

Source: Kansas.com.

The Federal Citizen Information Center states that over 88 million personal data records for US citizens have been exposed in security breaches since February 2005. Identity theft is the fastest growing crime in the country.

The FCIC advises the following 10 steps to protect your personal information from identity theft:

• Check your credit reports regularly:

Under federal law, everyone can obtain a free annual copy of their credit report (this doesn’t include your credit score) from each of the three credit reporting agencies Equifax, Experian, and TransUnion. Visit www.annualcreditreport.com to request your reports. Become familiar with all the information in them so you can recognize any fraudulent accounts or transactions. Also be sure to request your medical information file, free once annually from MIB, Inc.

• Put a security freeze on your credit report:

See if your state gives you this important weapon to prevent identity theft. A security freeze lets you stop thieves from getting credit in your name by locking or freezing access to the consumer credit report and credit score. Without this information, a business will not issue new credit to a thief. When the consumer wants to get new credit, he or she uses a PIN to unlock access to the credit file.

• Opt out of information sharing:

You have the right to opt-out when companies want to share your personal information. You might receive privacy notices in the mail from many types of companies with which you do business. Read these notices carefully and make sure you understand how your information gets used. You always have the right to tell them to stop sharing your information. You can also opt-out of receiving unsolicited emails and telemarketing phone calls, and get your name removed from mailing lists. Stop receiving pre-approved credit offers by calling 1-888-5-OPTOUT (1-888-567-8688). Note: You will be asked to provide your Social Security number; the consumer reporting companies need it to match you with your file.

• Use unique or unpredictable passwords:

Place strong passwords on all of your accounts including credit card, bank and phone accounts, and all online accounts where you access sensitive information. Avoid using easily available information such as your mother’s maiden name, your birth date, the last four digits of your Social Security Number (SSN) or your phone number, or a series of consecutive numbers.

• Secure personal information in your home:

Especially if you have roommates, employ outside help, or are having work done in your home.

• Treat your mail and trash carefully:

Deposit your outgoing mail in a post office collection box rather than in an unsecured mailbox and promptly remove mail from your mailbox. If you won’t be home to pick up your mail for an extended period of time request a vacation hold. When ordering new checks, pick them up from the bank instead of having them mailed to your home mailbox. Many thieves search through trash to find information people toss out; be sure to tear or shred your charge receipts, copies of credit applications, insurance forms, physician statements, checks and bank statements, expired charge cards that you’re discarding, and credit offers you get in the mail.

• When you go out:

Carry only the identification information and the credit and debit cards that you’ll actually need. Leave your Social Security number card at home in a secure place.

• Keep your purse or wallet in a safe place at work:

Do the same with copies of administrative forms that contain your sensitive personal information. Use a locked filing cabinet if possible.

• Give your Social Security number only when absolutely necessary:

Ask to use other types of identifiers. For example, NEVER use your Social Security number as your drivers license number, student identification number, health insurance policy number, etc.

• Be cautious when responding to promotions:

Identity thieves may create phony promotional offers to trick you into giving them your personal information—this is especially true for email and telephone offers. NEVER give personal information unless you initiated the contact with the company.

The AP is reporting that AOL’s Chief Technology Officer has resigned and 2 other workers have been fired, after a privacy breach involving the intentional release of over 650,000 subscriber’s web searches.

From the article –

Although AOL had substituted numeric IDs for the subscribers’ user names, the search queries themselves contained Social Security numbers, medical conditions and other data that could be traced to an individual. In fact, The New York Times was able to trace user 4417749 to Thelma Arnold, 62, of Lilburn, Ga.

You can read the entire article @ 3 Leave AOL in Search-Data Fallout.