Posts Tagged ‘cybercrime’

TJX Breach Sentence: Man Gets 5 Years in Prison and Must Pay $600,000 Restitution; Is It Enough?

Sunday, September 16th, 2007

On September 13, Florida Attorney General Bill McCollum announced Irving Escobar, the alleged leader of a Florida fraud ring that used stolen credit card information linked to the TJX, data breach was sentenced to five years in prison and must pay nearly $600,000 in restitution.

(more…)

07/07/07! Lucky for Cybercriminals?

Saturday, July 7th, 2007

I’ve always been fascinated with numbers. Math has always been fun, and one of my degrees is in math. I’ve never really studied numerology, but today’s date, 07/07/07, only happens once each century, and it is interesting to see how many people are celebrating it in various ways.

(more…)

“Over 1 Million Computer Victims” Can Lead To Some Interesting, Awareness-Raising, Discussions

Tuesday, June 26th, 2007

Here’s a great conversation starter for a nice chat with your business leaders, “The FBI has found over 1 million computers are controlled by criminal botnets.”
Be prepared to answer some follow-up questions from your business leaders after telling them this, such as…

(more…)

New Information Security and Cybercrime Initiatives Planned in the EU

Monday, June 4th, 2007

As cybercrime continues to occur in more varied ways, as more incidents are reported every day, as new threats emerge, as more vulnerabilities are found within software and systems, often within those products that companies buy to improve security, the more bills, plans, initiatives and laws that emerge worldwide to address these issues.

(more…)

Web Hackers Fined $15 Million by SEC

Sunday, June 3rd, 2007

I remember reading in an issue of 2600 The Hacker Quarterly magazine several years back about how easy it is to commit crime, without being noticed, by hacking poorly secured web sites.
Hacking is often viewed to be a safe, almost anonymous, type of crime that is often very hard to pin upon one individual.

(more…)

Insider Threat Example: Engineer Leaks U.S. Military Secrets

Friday, May 11th, 2007

There has been a lot of talk and blogging recently about whether or not there is a need for an information security industry/profession. Um sure, and there is no need for the physical security industry/profession either, is there?
As long as humans touch information in any way, electronically or physically, information security will be needed to provide them with policies, procedures, standards, guidance, training, ongoing awareness, and responding to and fixing the security messes and privacy breaches they cause.

(more…)

Keyloggers + Social Engineering = Identity Theft: Fraudsters Exploit Human Frailties with Seductive Messages

Friday, April 27th, 2007

Fraudsters and cybercriminals continue to find creative ways to exploit technology and human weakness to facilitate their crimes. Another new exploit they are using is hijacking popular Google search terms, typically targeting bank sites, and then inserting HTML into the legitimate response pages to get end-users to provide personally identifiable information (PII), typically website user IDs and passwords, often in conjunction with keyloggers they download to the victims’ computers.

(more…)

SMBs, Identity Theft & Insider Threat: Bad SMB Security Impacts Organizations of All Sizes

Wednesday, April 18th, 2007

There are many articles written about the insider threat, several have been done, and often the focus is on large organizations where those employees with malicious intent are often either in positions of trust way down in the org chart, or the perpetrator is the person at the helm of the organization.

(more…)

How Good are the Security Practices for “America’s Most Admired Companies 2007”?

Tuesday, March 6th, 2007

Yesterday CNN reported the results of the FORTUNE 2007 survey of business people for the companies, in any industry, they admired most.
The rankings were based upon 8 key score areas:

(more…)