Posts Tagged ‘online’

Digital Copy Machines Are Loaded With Secrets

By MSI in Background Checks, Crime, Debugging - Electronic Countermeasures, Investigations, MSI Detective Services, Safety, Security, Stolen Property, Technology, Terrorism, Theft Investigations, eavesdropping, harassment at May 18th, 2010 | No comments

Nearly every digital copier built since 2002 contains a hard drive just like the one on your personal computer – storing an image copy of every document copied, scanned, or emailed by copy machine according to a recent CBS News story.  This startling discover is a little secret that is starting to leak out thanks to recent news stories. If you’re in the identity theft business an old copiers could be a pot of gold.

The type of information found on some of these machines include social security numbers, birth certificates, bank records, income tax forms, medical records and more.

MSI Detective Services offers forensic wiping of hard drives on copiers, computers and other devices that contain electronic storage.  Since a free program could easily capture and deliver to a bad guy all of your previously copied documents, the potential of identity theft is huge.

An industry expert picked four machines based on price and the number of pages printed. In less than two hours his selections were packed and loaded onto a truck. The cost? About $300 each.

One of the copiers had documents still on the copier glass, from the Buffalo, N.Y., Police Sex Crimes Division.

It took the expert just 30 minutes to pull the hard drives out of the copiers. Then, using a forensic software program he ran a scan – downloading tens of thousands of documents in less than 12 hours.

The results were shocking including from the sex crimes unit there were detailed domestic violence complaints and a list of wanted sex offenders. On a second machine from the Buffalo Police Narcotics Unit a list of targets in a major drug raid was found. A third machine, from a New York construction company that contained design plans for a building near Ground Zero in Manhattan as well as 95 pages of pay stubs with names, addresses and social security numbers and $40,000 in copied checks.

The fourth machine from Affinity Health Plan, a New York insurance company contained the most disturbing documents including 300 pages of individual medical records. It had everything from drug prescriptions, to blood test results, to a cancer diagnosis. A serious breach of federal privacy law.

The Buffalo Police Department and the New York construction company declined comment when CBS . Affinity Health Plan, issued a statement that said they are taking the necessary steps to ensure that none of their customers’ personal information remains on other previously leased copiers, and that no personal information will be released inadvertently in the future.

The New Jersey warehouse where these copiers were stores contained two shipping containers packed with used copiers were headed overseas – loaded with secrets on their way to unknown buyers in Argentina and Singapore.

Want to read more?  Check it here!

Tags: , , , , , , , , , , , , , , , ,

After data loss, ID theft risk soars

By MSI in Debugging - Electronic Countermeasures, Harrassment, Safety, Security, Stalking Cases at November 21st, 2009 | No comments

Posted: Friday, November 20 2009 at 06:00 am CT by Bob Sullivan

I call them Dear John data letters, because of the bad news they bring and their decidedly warm and fuzzy tone.

“Dear Consumer. We’ve lost your personal information. It’s fallen off a truck/was on a laptop that was lost/was stolen by a hacker. We’re sorry and we promise to be better in the future. Good luck.”

About one in nine consumers receives a Dear John data letter each year, and nearly half of all consumers have received at least one since the year 2000, when California law forced these kinds of disclosures on corporations and government agencies, according to a new study. The letters have become so familiar that many folks just ignore them and relegate them to the junk mail heap. But that’s a big mistake. That same study shows consumers who receive such a notice are four times more likely to be hit with identity theft than members of the general population.

In fact, U.S. adults who get a Dear John data letter have a one in five chance of being victimized in the next 12 months, according to the survey, conducted by financial services research firm Javelin Research.

The researchers have concluded that consumers don’t take the notices seriously enough. Even after they are victims of ID theft, most consumers don’t blame the company for the leaked data. While 19.5 percent of those who received a fraud letter were victims of ID theft, only 2 percent linked the crime to the data leak, according to study author Mary Monahan.

“People don’t connect the dots,” said Monahan, Javelin’s research director. “They don’t understand the risk. … People don’t even seem to understand what the letters mean.”

The results are consistent with previous research showing consumers don’t react strongly to the announcements. In fact, the vast majority don’t even take up a company’s offer of free services like credit monitoring as apology for the transgression. After the infamous Lexis Nexis data leak in 2005, 305,000 letters went out with offers of free credit monitoring. Only 18,000 consumers, or 6 percent, signed up. In a similar incident, after Citibank sent out 4 million letters after a data leak, only 4 percent signed up.

Those results show consumers just aren’t being helped by the notification letters, Monahan said.

“The letter is made so the consumer will take action, but the notification is not working because it’s not clear enough, consumers don’t understand and it’s putting them at risk for fraud,” she said. “This calls into question the effectiveness of the data breach notification laws in 45 states, as well as consumer education around data breaches in general.”

It might be an oversimplification to simply declare consumers lazy, however. The quality of the letters varies widely. Some appear like urgent government notices. Some are easily-missed one-page letters in thin envelopes. Most have scant details, and don’t tell consumers how their data was lost, or in some cases, even what specific data was put at risk.

The quality of free credit monitoring offers also varies. In many cases, the offers are thinly disguised marketing schemes for $10-a-month monitoring services offered by the nation’s credit bureaus. Sometimes, the free offer is more like a free trial of three months, following by automated enrollment in the subscription program. 

And there might be another reason: previous research, including one report by Javelin, suggested there was little connection between data breaches and identity theft. Monahan said improved research techniques account for the new finding.

With all these factors conspiring to lull consumers into ignoring the notices, a real opportunity to stem identity theft crime is being lost, the Javelin report concludes. Timing is critical for consumers who are victims. Those who discover the crime quickly have a far easier time cleaning up the mess than those who are in the dark for four or five months. According to the survey, victims who take up to five months to detect fraud suffer nearly three times the average consumer cost in lost time, wages and other expenses ($933) as those who discovered fraud within one day ($323) and double the cost of those who discover it in a week ($484).

Still, most consumers are befuddled when they get a Dear John data letter. They don’t know which agencies to call, how to place credit freezes on their reports or the odds that they will become identity theft victims.

“Obviously consumers do need to have more guidance on what to do,” Monahan said. “While the idea of notification is to provide an opportunity for consumers to take action, apparently they do not. This suggests that notification is not working.”

Red Tape Wrestling Tips

A step-by-step list of “what to do if your ID is stolen can be found in this story.:

And here’s a what-to-do chart provided by Javelin.

IDTheftHelp


Tags: , , , , ,

Teen Freed After Facebook Alibi

By Jeff L in MSI Detective Services, Safety, Security at November 14th, 2009 | 2 comments

cuffsIt seems like one of those questions that there’s no hope in answering: “Where were you on Tuesday the 3rd at 10pm?” Thinking…thinking…thinking…do I tell these guys that I don’t know where I was this morning, let alone three weeks ago on a Tuesday. No, they’d just think I was being sarcastic. They’be be right.

Although our world is filled with technical wonders that enable us to see in the dark, send messages to one another without pen or paper, and even watch movies while driving, we haven’t come up with an alibi tool that can aid us in proving where were at such-and-such time.  Thus, it is our responsibility to recall:

  • Where we were on a specific date (and time)
  • What we were doing on said date
  • If there are corroborating witnesses to back our story

After reading Rodney Bradley’s story, it struck me that I had better figure out a method of documenting my whereabouts in some measurable method, or I could end up answering questions for which I don’t have any answers.


Bradford

Bradford

On October 17th, two men were mugged at gunpoint in Brooklyn, NY. Rodney Bradford, facing a 2009 robbery indictment for an unrelated case, learned that he was not only a suspect in the October 17th mugging, but the police were actively searching for him. Having absolutely nothing to fear, Bradford turned himself in, thinking that he would be quickly exonerated as a suspect and go his merry way. That’s not the way things worked out; he was identified in a police lineup, charged with first degree robbery, and was on his way to Rikers Island that afternoon.

Luckily, his father discovered that son Rodney had updated his Facebook status a minute prior to the crime. Or, he updated his status and then ran all the way to Brooklyn to commit the crime. From Harlem. No, there’s absolutely no way Rodney could have committed the crime. Thus, his attorney subpoenaed Facebook to provide documentation that would prove the account was updated from his Harlem location. It worked, and the case was thrown out of court.

Good or bad, we live in a society where our location can be determined by what cell phone tower bounced a mobile phone call, surveillance cameras exist on street corners, in businesses, and on poles in high-crime areas, and computers date stamp everything. According to attorney Jonathan Handel;

“We’re in a much more trackable world…The extent to which it means that the right people get prosecuted and the innocent get their cases dropped, that’s all the good.”

And the bad? Invasion of privacy.

One possibility, not addressed in court, is that Brandon committed the crime while an accomplice updated his Facebook page; if this is the case, we may be opening a can of worms, aka; “The Facebook Defense.”

Tags: , , , , , , , , , , , , , , , , ,