New-Age Hackers

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.timesdaily.com/news/local/article_c622a1c2-4a88-11e3-9cb9-001a4bcf6878.html

The number of identity theft cases reported to law enforcement continues to
grow each year and so do the methods used to steal the identity, officials
said.

“Dumpster diving used to be the method of choice, and it is still used, but
things are changing just as technology is changing,” said Miranda Perry, an
official with Scambook, an Internet consumer advocacy organization based in
Los Angeles. “So much information can be found online, through the use of
technology, hackers don’t have to dumpster dive as much.”

According to the Bureau of Justice Statistics, an estimated 8.6 million
households in the U.S. had at least one person, age 12 or older, have their
identity stolen in 2010.

Those same statistics point out that in 2010, the last year reported,
identity theft resulted in $13.3 billion in direct financial loses.

Florence police detective Justin Wright said they are seeing more and more
identity theft cases.

“Criminals are smart. They are using technology to their advantage,” Wright
said.

He recalled an incident where someone hacked into the computer system of a
business to get credit card numbers.

“Then those credit card account numbers were used all over the country,”
Wright said. “It’s pretty amazing what can be done.”

Paul Daymond, public affairs specialist with the FBI, said there is
“spyware” available that has the capability of taking over the components
of a mobile device.

“When it is installed, the mobile device can be remotely controlled and
monitored no matter where it is,” Daymond said. “Technology is a wonderful
thing, but you have to be safe with it.”

Perry said because so much information is stored on cellphones, iPods and
iPads, these devices are targeted by “new-age hackers.”

“There is so much personal information we carry around in our pockets, that
a clever hacker can use technology to get all the information they need to
steal an identity,” Perry said. “They can use the GPS in the iPhones to
find out where you live, where you bank, all kinds of information.

“We have seen where people were robbed because someone hacked into a
Twitter account or other social media account and found out where they
were.”

Michelle Mason, president of the Better Business Bureau of North Alabama,
said people don’t think about someone hacking into their cellphones, iPods
or iPads.

“We used these handheld devices for so many things on a daily basis, people
don’t stop and think how much of their personal information they have on
their devices and how important it is to take safety precautions against
identity theft,” Mason said. “If they get their identity stolen, they don’t
know how, they just know it happened.

“In today’s society it is critical that individuals and businesses deploy
the same security measures against hackers getting into their cellphones as
they (have on their) personal computers.”

Todd Humphreys, a professor at the University of Texas, said two students
were able to take over the guidance of a yacht at sea to prove that it
could be done. They went through the boat’s GPS unit.

He said it doesn’t take an elaborate scheme to get information from
someone’s mobile device.

“Suppose I look over your shoulder when you’re entering your iPad passcode
and later steal your iPad,” Humphreys said. “Then during a few glorious
hours (until you realize your iPad is stolen and furiously shut down access
to your many applications), I can be reading your email and writing to your
contacts; I can see everything on your facebook page, etc.”

Law enforcement officials said as technology increase, so does the number
of identity thefts.

“It’s scary to think that everything about us is right there in the palm of
you hand, and your livelihood can be stolen by someone using basically the
same technology,” Daymond said.

Perry said the only way to combat these new-age hackers is to understand
how they steal.

“Honestly, I don’t know if we can completely stop it from happening, but we
can do a better job of protecting ourselves,” she said. “Put a password or
code on you mobile device. Be aware that the information is out there, be
aware where you put down your phone and monitor the personal information
you put on the device.”

She said another good rule of thumb is to frequently check bank accounts to
make sure there have not been unauthorized transactions.

“Just be aware that it can happen and it is happening.”

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

# OWASP http://www.appsecusa.org
# Builders, Breakers and Defenders
# Time Square, NYC 20-21 Nov
o()xxxx[{::::::::::::::::::::::::::::::::::::::::>

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security offers security intelligence, risk management services and customized security solutions. The 
YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk 
mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.