A Cyber Warning -- by T_Duxbury on Friday, November 21 2008

Young people post quite a bit of personal information on cyber bulletin boards: photos, addresses, etc. Even seemingly innocuous things like a pet’s name, mother’s maiden name, father’s middle name, birth date, and birth place can weaken the security of financial accounts. Information like this may be used to, for example, reset or recover an account password.

One measure of the sensitivity of some of this information is the monetary value attached to it by cyber thieves. Herbert Thompson, founder of People Security, a New York-based IT security consulting firm, says that thieves on underground forums typically charge 10 to 12 times more for stolen credit card numbers with the owner’s mother’s maiden name or pet’s name than for the number alone. If you were to post your maternal grandfather’s name, seemingly innocent enough, you would be posting your mother’s maiden name, an item popularly used as a security challenge.

Customers would benefit from advice that reminds them that when they or their children post personal information in cyberspace indiscriminately, they may be creating a black hole whose strong magnetism might one day attract their hard-earned assets.

Security Weaknesses Shocking -- by T_Duxbury on Tuesday, November 4 2008

Baton Rouge-based TraceSecurity, Inc., is a company that performs a security service growing in popularity in this modern age of information security vulnerability – penetration testing (also called “red team” or “red cell” work). One of the missions of TraceSecurity in a recent series of tests was to slip past bankers in branch facilities and compromise whatever they could without doing damage. This meant the sanctioned stealing of sensitive things.

The success of the teams was alarming. Disguised as officials such as fire inspectors, exterminators, contractors, and government safety monitors, team members were able to utilize these uncomplicated disguises, along with email trickery and fast-talk schmoozing, to steal loan documentation, laptops, and backup tapes of customer databases. They were even reportedly able to walk off with large computer servers. These items were all carried out the front doors. The thefts were successful in 963 of the total 1,000 individual attempts! The report of the study indicated that in all 963 instances bank security policies or procedures were compromised.

Powder Scares -- by T_Duxbury on Thursday, October 30 2008

In early October, letters, many of which contained a “white powdery substance,” were sent to Morgan Chase offices and to offices of two other financial institutions in several states. Also receiving white powder in envelopes were the New York Times headquarters in New York and, later in the month, the New York newsroom of Reuters News. According to the evidence held by the FBI, the letters sent to the financial institutions were threatening, including in their message the words, “It’s payback time.”

Authorities have been sensitive to, and on the lookout for, such letters since 2001, when letters laced with anthrax were sent to lawmakers and media personnel. Five people died as a result, and the fear struck in the American public was very real and very effective. In the case of the Reuters incident, the 19th floor of the Times Square building was evacuated for three hours before people were allowed to return to work.

Authorities were unable to establish any ties linking either the New York Times or Reuters incident to the ones involving the financial institutions.