Sponsor Robert Siciliano as he runs the Boston Marathon for Miles for Miracles, Children's Hospital Boston
ROBERT SICILIANO, CEO of www.IDTheftSecurity.com is fiercely committed to informing, educating, and empowering Americans so they can be protected from violence and crime in the physical and virtual worlds.

FREE EBOOK

Check here if you're human

Sponsors

Home Security begins at the Entrance

0
Pin It

If you were to design the ultimate security system for a house, what would you focus on? These days, many people would immediately think in terms of the most technologically advanced alarm system—one that’s voice activated, detects motion anywhere, can be remotely controlled and allows remote viewing of the home, etc.

5HBut even in this day and age of connectedness, the best security system begins with the front door. That’s because, essentially, the door is potentially your home’s weakest link—no matter how high tech the alarm system is.

Contrary to TV and movie depictions—even TV commercials for security systems—of burglars always smashing through windows in the dark (makes a noisier, more dramatic effect), by far the No. 1 entrance for an intruder is the front door. And often, it’s kicked in.

That’s because typically, only two or four mite-sized screws are holding up one or two little strike plates, attached to a weak door frame of thin pine. If you only knew how easy it is to sever pine. 10 year old kids in karate classes do this with their bare hands.

What if your door included one-sixteenth inch of heavy steel? Try kicking through that. And what about a four foot bar that’s installed over the strike plates, screwed right into the door’s frame? Wow, you have one tough-ass security system for your door: The Door Devil Anti Kick Door Jamb Security Kit. It includes:

  • Three and a half inch heavy screws, which go into 2 x 4 studs located behind the door frame
  • Steel door jamb reinforcement (48 inches): replaces the small brass strike plate
  • Three inch screws for reinforcing the door hinges

In addition, there are other things you can do to make your door more impenetrable.

  • A door bar jammer or door brace: One end fits snuggly under the doorknob, while the other end is angled out and affixed to the floor.
  • Deadbolt wrap: This will reinforce the area around the door lock.
  • A better strike plate: Thicker means better.
  • Door frame reinforcement: This steel implement is up to four feet in length, and some versions are decorative.

Of course, all of these measures add up to zero protection if you leave your door unlocked. Many intruders gain entry through unlocked doors. It’s that simple. But don’t forget that even a very determined burglar tires out and does not want to be standing there all day trying to kick down a heavily reinforced door.

Robert Siciliano is a home and personal security expert to DoorDevil.com discussing Anti-Kick door reinforcement on YouTube. Disclosures.

Filed Under: home security

Inside the Business E-mail Compromise Scam

0
Pin It

Trick e-mail = fraudulent wire transfer = hundreds of thousands to millions of dollars stolen.

emailThat’s what’s happening with business executives in select industries (e.g., chemical operations, manufacturing), says a report at threatpost.com, citing a finding from Dell SecureWorks.

The phishing e-mails are part of those Nigerian scams you’ve heard so much about, a business e-mail compromise scheme.

Security researchers have gotten a good glimpse into the inner workings of the BEC, thanks to one of the hackers, a key player, accidentally infesting his computer with the BEC malware.

The threatpost.com article explains that Joe Stewart of Dell’s Counter Threat Unit says that this hackster routinely uploads keystroke logs and screenshots to a server. This data includes many identities of the hacking group, and has been given to law enforcement for investigation. Stewart says that, thanks to the accidental infection, researchers have gained insight into the innards of their operation, such as viewing the group’s desktops.

What the hackers do is scour websites of specific industries for e-mail addresses. They construct e-mails, add malicious attachments, then send them along, hoping to get into a user’s account, which they then compromise. Their goal is monetary transactions between the target company and the hackers pose as a vendor which the company may already deal with.

The hacker/vendor replies with invoice and payment instructions, and the company is not aware that the recipient is the hacker. The hacker forwards the e-mail to the buyer who is tricked into wiring funds to the hacker. Though this group is not sophisticated, they’ve managed to come away with hundreds of thousands of dollars just from one company. Upon success the wired funds are directed to the hackers.

Overall, the scams have resulted in $3.1 billion lost, says the FBI. The article points out that the BEC scheme is not to be confused with the BES scams (business e-mail spoofing). The BEC operation doesn’t send spoofed e-mails; it uses malware or exploits to gain control of e-mail accounts.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Filed Under: Identity Theft online safety online security

Why go with a Wireless Security System?

0
Pin It

One reason to go wireless is obvious: Who wants all sorts of wires built under their house, which requires more than just the abilities of a recreational DIY enthusiast, like the old fashioned home security systems required? Not only is this a hairy, time consuming installation project, but a crook could clip the wires (if he gets into your house).

4WBenefits of Wireless

  • Installs in minutes.
  • Someone with basic DIY skills can install it.
  • All sorts of plans for all budgets.

Beware, though, that if a wireless system is not installed correctly, a burglar could get past it and doesn’t even have to enter your house to disable it.

However, do not let this turn you away, because when installed right, a wireless system has many benefits:

  • Full remote access from your smartphone or any connected device.
  • Easy install and easy removal if you are an apartment dweller.
  • Wireless systems can be as robust as wired and include security cameras.

You may be a candidate for wireless if:

  • You want to feel safer checking on the status of your home before going inside after being out for a while.
  • You have kids and must be away when they return home from school and you want to check in on them.
  • An elderly relative lives with you and you want to make periodic realtime checks.

Three Types of Wireless Connections

  • Landline. A wireless system can run through a landline, which means they are not dependent upon the Internet or a cellphone signal. It will stay activated during a power outage. Landline is cheaper than cellular or broadband wireless.
  • Cellular. Signals go to a cell tower and are faster than with landline. Seconds count in an emergency, and the faster signal means faster help. Cellular offers remote capabilities, being able to monitor your home far away on your smartphone.
  • Broadband. Instead of the signal being directed to a cell tower, it goes though the broadband Internet connection. This type of system is comparable in price to the cellular, and the signal is much faster than that of a landline connection.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Filed Under: Wireless

Case allows Employees to run amok on Social Media

0
Pin It

Lesson learned: If you run a fast-food restaurant or any company for that matter, you’d better treat your employees right. After all, they have a legal right to tweet all they want about you.

14DA Chipotle Mexican Grill in Havertown, PA, had a ban in place: Employees are prohibited from using social media to spread “inaccurate information” or “disparaging, false or misleading statements.”

But the National Labor Relations Board recently deemed that this rule violates federal labor law, even though an employee, James Kennedy, had tweeted less-than-favorable information about working conditions and had also circulated a petition (that the franchise tried to ban).

Chipotle violated the NRLA, according to the administrative law judge, when it demanded that Kennedy cease tweeting and delete the other tweets.

Another violation on Chipotle’s part was the firing of Kennedy, who had refused to stop circulating a petition among coworkers after a manager ordered him to do so. Kennedy’s use of social media was a protected activity under the law, and so was his circulation of the petition. The establishment was ordered to reinstate Kennedy and pay him lost wages.

Just what exactly was Chipotle’s rule about circulating a petition? It barred employees from doing this even during non-working hours and within visual or hearing range of patrons.

Chipotle was ordered by the NLRB to reverse its rules pertaining to social media and solicitation of petitions. And believe it or not, Chipotle even had a policy in place that banned discussing politics on the job. This ban, too, was lifted, courtesy of NRLB’s order.

Chipotle corporate was also required to make sure that all of its employees in the U.S. would be made aware of these policy reversals.

As of August 19, neither Chipotle nor its legal team have responded to any requests to comment.

Frankly, as an employer, this ruling is scary. And knowing employees often blather on about anything and everything, this ruling may open a can of worms that can’t be put back in.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Filed Under: social media privacy

Pokemon Go a Network Malware Nightmare

0
Pin It

Pokémon Go has taken the world by storm, even though it is nothing more than a silly little game that people play on their mobile device. And it is not just child’s play, either. Plenty of adults are hooked on Pokémon Go—including college degreed professionals who conduct business on company owned devices as well as mobile devices of their own that they bring to work.

6DPokémon Go is chockful of security risks, says the International Association of IT Asset Managers. If you run a company in which employees use your mobile devices, and/or you permit or know that employees conduct your company’s business on their personal phones, you’d better take this warning seriously.

Employer solution: ban the Pokémon Go application from mobile devices: those given to workers by the company, and those personally owned by the workers who bring them to the workplace.

Pokémon Go malware is on the upswing, and it poses a security threat to company e-mail. It also presents a possible malware threat to cloud storage.

Company decision makers must not be swayed by the popularity of this game, and instead, must see it for what it truly is: just a game. So yes, it just might be one of the smartest moves a company may make to outright prohibit this app for BYOD and company owned mobile phones. Or, at least, abolish it on just the company owned devices. But something needs to be done, urges the IAITAM.

Company decision makers can ask themselves a classic question: “Is my company better with Pokémon Go or without it?” Or, to put it another way, create a risk-benefit ratio. How can this game possibly benefit employees? How can this game harm the business? See which list is longer or has more compelling answers.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Filed Under: malware

Computers perfectly forge Handwriting

0
Pin It

Handwriting analysts really have their work cut out from them now, thanks to the development of new software that can forge—better than a human can—a person’s handwriting. So if you are worried about identity theft, add one more element to the kettle: a crook getting ahold of this software (developed at the University College London) and perfectly duplicating your signature.

Computer crime concept

Previous attempts to create computer generated forgery that looked real have flopped, a la, “This looks like a computer did it!”

A new algorithm has been invented that very much simulates the way a human creates handwriting. One of the tell-tale signs of computer generated signatures or other cursive is that it looks too perfect, particularly the linking of characters to each other.

The new algorithm captures the human qualities of penmanship, including:

  • The joining of the characters. Note that with those fancy fonts that look handwritten, the joining of each letter is so perfect that you can tell it is computer generated.
  • Varying degrees of thickness of the characters—which results from continuous changes of pressure that a person exerts on the writing implement, as well as varying flow of ink from the pen.
  • Horizontal and vertical spacing of characters.

These variations mimic the handwriting of a human, not robot. All the algorithm needs is one paragraph of someone’s handwriting to calculate and deliver the replication.

And you are probably wondering why this algorithm was developed, aside from maybe the researchers’ hunger for finally figuring out the puzzle to replicating handwriting with a computer. Obviously, this technology can get into the wrong hands, such as those of identity thieves, plaintiffs in personal injury lawsuits who want to forge a doctor’s signature, and other litigants in legal cases.

But this algorithm has a place in the world of good. For instance, for those whose ability to physically generate cursive is impaired can use this tool to create stylish handwriting or writing that looks like theirs used to.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Filed Under: computer security

Ransomware a $2.5 Million Service

0
Pin It

One bitcoin = $590.

11DIf you’re sucked into a ransomware scam, you’ll likely be charged at least one bitcoin for the cyber key to unlock your computer’s files—that are being held hostage by hackers.

A report from Check Point Software Technologies and IntSights has discovered a gigantic ransomware-as-a-service (RaaS) ring, raking in $2.5 million yearly. Eight new scam campaigns are launched every day, with dozens of campaigns already in action, tricking people into allowing the ransomware software (namely Cerber) to take control of their computer.

Just in July, it is believed that victims were cleaned out of $200,000. Ransomware specialists have become quite sophisticated, having developed what is called bitcoin mixing: This prevents ransomware profits from being traced. Their technique bypasses even the blockchain, which is a database that records every Bitcoin transaction.

The crooks so not pool all of their profits into one “wallet,” but rather, they mix things up, splintering the profits into thousands of different wallets, creating a jumble that makes it impossible to track individual transactions or their origins.

Cerber is being sent out with automated tools that attack the unsuspecting in large masses; no longer is this ransomware software the weapon of only the highly skilled master hacker. In fact, the software can even be rented for malicious use, and a high level of tech savvy isn’t even required.

All a thief need do is get on the Dark Web and pay a hacker to commit the crime. Of course, the hacker will have to get a nice chunk of the pie. Though several other countries are getting hit harder with Cerber, the U.S. is in the fourth spot for the most targeted country.

Not surprisingly, the phishing e-mail is the scam of choice for ransomware specialists, with malicious attachments that recipients are tricked into opening—which then download the infection. The other way that Cerber takes control of computers is via the exploit kit-based campaign.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Filed Under: Ransomware

Jihadis using easy to get Privacy Software

0
Pin It

Over the past two years, the media has tended to sensationalize jihadists’ rapid adoption and strategic use of social media. Despite perpetual news coverage on the issue, the public, by and large, continues to be relatively in the dark about the intricate ways in which many jihadists maintain robust yet secretive online presences.

To accomplish their goals — ranging from propaganda dissemination and recruitment to launching attacks — jihadists must skillfully leverage various digital technologies that are widely advertised and freely accessible online.

Just as smartphones and portable devices have transformed the way much of the world communicates and interacts, jihadists, too, have rapidly adopted and availed themselves of these technologies.

Their grasp of technology, which is quite savvy, yields one of the most frequently asked questions about the jihadists today: What is in their digital toolbox and how do they exploit these technologies to benefit their activities? This report explores these questions.

ISIS is no exception to the many entities out there, good and evil, who want a strong grasp on technical savvy, particularly software that can oppose surveillance. The Dark Web is abuzz with jihadist threads about how to beat surveillance systems. And they’re learning a lot, says a report from Flashpoint, a cybersecurity firm.

For instance, ISIS knows how to use Tor and Opera to scavenge the Web undetected. That’s just the beginning of their software knowledge. Jihadists also use:

In short, ISIS is very well keeping up with communications technology. Evil can be technologically savvy, too. Do not underestimate the technical prowess of jihadists, even though it seems as though some of them live rather primitively.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Filed Under: online safety online security privacy

Man raises a Family on Dead Man’s Stolen Identity

0
Pin It

Imagine you learn your husband (or wife) of 25 years is really a different person. That’s what happened to Mary Hickman—25 years after she married a man who had identified himself all those years back as Terry Jude Symansky. The Florida couple had a son and lead an uneventful life, with Symansky working different jobs and even acquiring a pilot’s license.

11DIn actuality, Symansky was really Richard Hoagland, who’d been married twice before, who had lived in Indiana and then mysteriously disappeared and was eventually presumed dead. He had stolen the real Terry Jude Symansky’s identity and got away with this for 25 years—until he was busted by Symansky’s nephew.

The nephew learned of the identity theft, something he never even suspected, via Ancestry.com. He reported this to the police, who then alerted Hickman.

Hickman subsequently came upon documents in the attic proving that her husband was an imposter of a man who had died in 1991 in a drowning accident. Hoagland, 63, was arrested.

So why had he vanished from Indiana? There, he’d had four kids with two wives. He had wanted to get away from one of the wives, so he up and left, though he told her it was because the FBI wanted him for the theft of millions of dollars—a claim that has yet to be substantiated.

How did Hoagland steal Symansky’s identity in the first place? It certainly helped that he had once been living with the dead man’s father, where he had found a copy of Symansky’s death certificate. He had used this document to get a birth certificate, and armed with that, he was on his way to assuming the identify of a man who had never even been married nor had any kids—which had made it even easier for Hoagland to pull off his caper.

We can probably thank those Ancestry.com commercials for causing the chain of events that led up to the crook’s arrest.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Filed Under: Identity Theft

What age is it OK to leave Kids home alone?

0
Pin It

Sooner or later, you’ll need to leave your child home—unsupervised, alone—for an extended period. And even though you may have smart devices to keep a constant check on your child, this doesn’t mean you can instantly teleport home in the event your smart security system relays a realtime video of a kitchen fire.

12DIt’s one of the toughest challenges facing parents: At what age can they leave a child home alone without breaking the law, without endangering that child? Even if your child is older than the minimum age to be legally left alone, this doesn’t mean they’re ready to face this new chapter.

  • A very emotionally mature, 10-year-old child may be very small for their age, and a crook passing by the house may peer in and think that a seven-year-old is all alone inside—making a break-in tempting.
  • An eight-year-old may be the size of an 11-year-old, which could fool a prowler peering in, but having the mind of an eight-year-old won’t help in a crisis situation.
  • Your feisty but responsible nine-year-old may be begging to be left home alone, have passed a first-aid test and be a junior blackbelt.
  • Or, your skittish 13-year-old may be very bright, but…to put it succinctly, be a scaredy cat.
  • Is the neighborhood popular with burglars?
  • Is the child sick?

Laws are ambiguous. Just what is “adequate supervision” anyways? And is it redefined with different ages? Obviously, you don’t want to leave a nine-year-old alone for even one hour with the new, 95-pound rescue dog, or leave a young child home during a storm. A 12-year-old may seem old enough to be left home alone for a few hours, but not in charge of his two-year-old sibling.

The various U.S. states do not have clear explanations; it’s up to the parent to interpret each circumstance. And only three states specify the minimum age: Maryland is eight; Oregon is 10; and Illinois is 14 … even though many girls begin babysitting late into the night at age 11.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Filed Under: home security security
Xtreme School

Featured in

Anderson Cooper John Stossel Robert Siciliano Featured in
Browse by Month

Browse by Category