FBI sees rise in computer crime

October 16, 2008 — 585

Source

Computer spying and theft of personal information have risen notably in the past year, costing tens of millions of dollars and threatening U.S. security, the FBI’s cyber division head said on Wednesday.

FBI Assistant Director Shawn Henry told reporters that organized-crime groups are drawn by the ease of reaching millions of potential victims.

He said as many as two dozen countries have taken an “aggressive interest” in penetrating the networks of U.S. companies and government agencies.

He declined to specify countries, but U.S. intelligence agencies have voiced concern over Russia and China’s abilities to electronically spy on the United States and disrupt U.S. computer networks.

As one possible example of Russia’s electronic spying prowess, Georgia accused Moscow in August of conducting “cyber warfare” to shut down Georgian government websites at the same time as it carried out a military offensive.

U.S. federal agents are stepping up efforts to fight computer crime, and working with foreign counterparts where the rising wave of computer attacks has awakened international interest, Henry said.

“Over the past year the malicious activity has become much more prevalent,” Henry said. “The threat continues to increase.”

An attack method growing in popularity is “botnets,” in which malicious software spreads via viruses to computers of unwitting individuals and companies forms networks that can then be used for data theft or shutting down a system,

Source

Tags: ,
Posted in Data Misuse, Data Theft, US Law. Tags: . No Comments »

Data Misuse: Shell

October 15, 2008 — 585

This month Shell has reported that it has issues with contractors who have been misusing their access to data (it appears to be access to employee information)

Shell appears to have done everything right, by terminating the contractors role with Shell, involving the local law enforcement, updating their employees and making a press announcement.

Despite this professional approach, incidents still happen, and always will do in the private sector (as with Deloitte recently).

However the private sector always appears to respond far quicker, and with more effect, than the club footed government.

 

 

 

 

 

Tags: ,
Posted in Data Misuse. Tags: , , . No Comments »

Spies Spying on us? Surely Not

October 12, 2008 — 585

In a book by former NSA staff the former spies have revealed how the technology of listening into phone calls was used to widely that they often listened into peoples private lives.

Listening into private conversations, sometimes for little reason other than personal gratification:

“Hey, check this out,” Faulk says he would be told, “there’s good phone sex or there’s some pillow talk, pull up this call, it’s really funny, go check it out. It would be some colonel making pillow talk and we would say, ‘Wow, this was crazy’,” Faulk told ABC News.

Faulk said he joined in to listen, and talk about it during breaks in Back Hall’s “smoke pit,” but ended up feeling badly about his actions.

“I feel that it was something that the people should not have done. Including me,” he said.

Faulk was a linguistics specialist with the NSA.

Other staff have spoken out about how the NSA spied on NGOs, Aid agencies and the like, with out any apparent suspicion.

Staff have also reported how this spying on personal calls, e.g. journalists, was not a random act but almost routine.

Coworkers of mine were ordered to transcribe these calls… Personal calls. Well, they were ordered to transcribe everything that came through. And when one of my coworkers went to a supervisor and said “But sir, these are personal calls,” the supervisor said my orders were to transcribe everything.

While this will probably shock some people, and denied by others, it really should not. In fact it  would be surprising if this did not happen.

In the UK we know that CCTV operators have been caught using the technology for their own personal gratification several times, including for their own voyeuristic purposes.

Police and Councils have also misused their access to data on numerous occasions.

It is, sadly, human nature that people will do this. The Data Guardians are almost always likely to breach our privacy; not all of them, and not even the majority of them, but some will. And as the system is not 100% secure it is 100% guaranteed to fail.

Posted in Data Misuse. Tags: , , . No Comments »

Charge Over Lost Data

September 29, 2008 — 585

The government officer who left the “Terror” Document on a train is be charged under the official secrets act, and not section 55 of the data protection act.

The individual has been charged under Section 8.1 of the Official Secrets Act.

Interestingly the BBC article on the issue states that the individual responsible, who can not be named, “was informed of the decision on Monday morning and was moved from his home to an undisclosed location.”

The systems are in place that allow for this massive failure, holding one man responsible for the entire government systems endemic failure hardly seems fair.

Tags: , ,
Posted in Data Loss, Data Misuse. Tags: , . No Comments »

Examples of misuse of medical records

September 23, 2008 — 585
  • The medical records of a68-year-old man showed he was homosexual. These were leaked to social services, and as such was refused a place in a care home. Source
  • A sales representative employed by a drugs company was given access to confidential National Health Service patient records to identify those who could be given an expensive new drug to treat cholesterol. Source  – MP Paul Flyn
  • Police gain access to medical records, Source
  • Medical Records, with full details including names and addresses passed to researchers. Which resulted in patients receiving intrusive phone calls from researchers. Source
  • A man who was working on a financial audit for the local health authority found that his niece had had an abortion, when he accessed her medical records. His niece had not told her parents about the abortion, so the uncle told them as they were very religious. Source

  • An MP was sent the medical records of a constituent , without the constituent’s consent (this is directly against the NHS own guidance). Source
  • Farrah Fawcetts medical records leaked to the press. Source
  • Britney Spears Medical Records accessed. Source
  • Patients data shared with council – Source
  • Medical Records to be shared with private companies – source

 

 

Tags: ,
Posted in Data Misuse, privacy. No Comments »

Terror Bill lets police scan NHS records (2001)

September 23, 2008 — 585

The Observer, Sunday November 25 2001

 

“Police forces across the world will get unrestricted access to medical records and bank details of Britons under radical powers granted by the new anti-terrorism Bill.

The new powers, which are set to receive their final approval in the House Of Commons tomorrow, have sparked the serious concern of health service regulators and furious opposition from the legal profession.

In an unprecedented move which critics say has ‘threatened to destroy doctor-patient confidentiality’ and ’swept away some of the last vestiges of privacy in the UK’, officials will be able to read NHS records and business details at will. Authorities will not have to establish that a criminal act may have occurred to gain access, as previous laws required.

David Blunkett, the Home Secretary, last week dismissed concerns over civil rights as the worries of ‘airy-fairy liberals’. The new powers, which the Government did not announce last week with the Bill’s other drastic measures, are introduced through a discreet appendix. In the Bill, ‘Clause 17′ makes it legal for police across the world to receive documents from public authorities whether they are relevant to a criminal investigation or not. The Bill lists documents covered by 53 different laws, the privacy of which was previously guaranteed. But they can now be read by police investigating any crime anywhere in the world.

Opposition groups have been enraged by the ‘blanket’ nature of the powers. Oliver Letwin, the Conservative Shadow Home Secretary, said: ‘It provides for disclosure of confidential information across an enormously wide range of government agencies. Even medical records could be disclosed. One of the more disturbing features is that the disclosure relates to any kind of criminal investigation no matter how slight.’”

 

Full Article

Posted in Data Misuse, Terrorism. Tags: , , . No Comments »

Germany to tighten laws after data theft scandal

September 9, 2008 — 585

BERLIN — Germany is to tighten data protection laws, Interior Minister Wolfgang Schaeuble said on Thursday, responding to revelations that Germans’ personal data can be bought easily on the Internet.

Mr. Schaeuble said a working group would draw up proposals on higher fines for data protection violations and tighter rules on the trade with personal and financial information.

“There will be no quick shots but speedy consultations to get the law proposal ready before the end of the year,” Mr. Schaeuble told a news conference after meeting Germany’s justice, economy and consumer protection ministers on the issue.

Germany’s latest privacy scandal was triggered by reports that a call centre employee alerted authorities to a problem with his company’s data collection practices by handing over data on some 17,000 addresses and bank account details to a privacy protection office.

Privacy officials have also said they had been able to buy millions of items of personal data, including bank and phone data, undercover on the Internet.

globeandmail.com: Germany to tighten laws after data theft scandal.

Posted in Data Loss, Data Misuse. Tags: , , , . No Comments »

Certegy Settles Consumer Data Theft Lawsuits

September 9, 2008 — 585

TAMPA – A federal judge has approved a settlement in two class-action lawsuits filed against a St. Petersburg check authorizing company that had more than 8.4 million consumer records stolen and sold to direct marketers.

The settlement provides for a range of credit monitoring services and reimbursement of expenses for those whose identity was stolen. The company, Certegy Check Services, also is reimbursing more than $2 million in legal expenses to the law firms involved in the cases.

William G. Sullivan, a former analyst for Certegy, was sentenced in July to four years and nine months in federal prison for stealing the records. A judge also ordered Sullivan to pay $3.2 million in restitution to Certegy.

A federal prosecutor said at the sentencing hearing that Certegy had to spend $3.2 million to notify the 5.9 million customers whose private financial information was stolen. The victims were in all 50 states, the District of Columbia, the Virgin Islands, Puerto Rico and overseas. Some customers had data stolen that was not deemed to be private financial information.

The class covered by the settlement includes anyone in the United States and Puerto Rico whose credit card, debit card, checking or demand deposit account numbers or other information was included in multiple databases. It excludes anyone who decided to opt out of the settlement after being notified it was pending.

Under the settlement, Certegy is required to pay $2.35 million in attorney fees, costs and expenses. Two representative plaintiffs, Linda Beringer and Dana M. Lockwood, were awarded $500 each. Other named plaintiffs were awarded $250 each.

Certegy Settles Consumer Data Theft Lawsuits.

Tags:
Posted in Data Loss, Data Misuse, US Law. Tags: , , . No Comments »

4 Caught for GS Caltex Data Theft

September 8, 2008 — 585

Police detained two employees of a subcontractor of GS Caltex and two of their friends, Sunday, for the alleged theft of personal information of more than 11 million customers of the oil refiner.

The four planned to sell the information to the highest bidder, according to police.

The personal information of the 11.19 million customers included resident registration numbers, home and company addresses, and phone numbers, in what is the country’s largest-ever data theft case.

One of the subcontractor workers, Jeong, 28, was one of the 12 people authorized to access the database and is suspected of stealing the information between July and August. He asked another worker to make a simplified chart of the customer information and record it in Microsoft Excel files on compact discs (CDs), according to the police.

Afterward, two accomplices attempted to spread news of the theft, by pretending they found the CDs by chance; one of them contacted a newspaper company and said he had picked up the CDs at a garbage dump in a leisure district in southern, Seoul. Police will seek arrest warrants for three of the four.

“They tried to make the `leak’ a social issue by reporting it to the media, as they would be able to sell the information later for a high price if the media reported that the CDs included the personal information of many customers, including high-profile figures,” a police officer at the National Police Agency said.

Police, however, have found some inconsistencies in the testimony of the four and are continuing to question them over details of the crime, and are looking for other possible accomplices.

4 Caught for GS Caltex Data Theft.

Posted in Data Loss, Data Misuse. Tags: . No Comments »

Echelon: European Parliment Report

September 8, 2008 — 585

ECHELON, has long been talked about by individuals claiming to know things we don’t know about.

However, in 1999 the BBC reported on its existing, suddenly giving the “black helicopter” type sites credibility.

What is not widely reported is that in July 2001 the European Parliament produced a detailed report into the investigation of  Global Interception of Communications.

The report  clearly states that ECHELON does exist and is fully working. In one of its opening paragraphs (page 11 of 194) the report states that:

“the existence of a global system for intercepting communications, operating by means of cooperation proportionate to their capabilities among the USA, the UK, Canada, Australia and New Zealand under the UK/USA Agreement, is no longer in doubt;”

It also states that:

“there can now be no doubt that the purpose of the system is to intercept, at the very least, private and commercial communications”

The 194 page report provides numerous documents proving the existence of ECHELON, from papers released by t he Naval Security Group Activity (NAVSECGRUACT), NASA, and the NSA, to comments made by the former head of the Italian Secret Service.

Full Report on the European Parliament Web site

Downloaded copy of report




Tags: ,
Posted in Data Misuse, Mobile Phones, data retention. Tags: . No Comments »
« Older posts
Newer posts »