Archive for the ‘Identity Theft’ Category

So you like to talk sex…or to talk about sex. Hey, we’re all adults here. No problem. Uh, come to think of it. Yes problem. No, we’re all still adults – well most of us.

The problem is if you’ve been chatting on YouPorn and would prefer not to share that bit of trivia with others – like your husband/wife’s divorce lawyer, the Enquirer, TMZ, E! News, Homeland Security, the PTA and your parole officer.

According to the AP and others, up to one million users had their person information compromised. Or as a Huffington Post post “playfully” expressed it in a double entendre headline, “Up To 1 Million Adult Chat Users’ Email Addresses and Passwords Exposed”.

While the exact number could not be confirmed, security expert Anders Nilsson wrote in his blog that login information for more than a million accounts was made public, the leak probably caused by a programming error that made a debugging log – which collected usernames and passwords – open to public view.

Alexa, which provides free online global web metrics, notes YouPorn is the 98th most popular site in the U.S. and the 96th most popular website in the world. Manwin, which acquired YouPorn in 2011, owns the largest network of adult websites in the world, with more than 60 million visitors each day.

The Huffington Post quotes Kate Miller, a spokesperson for YouPorn’s parent company, emphasizing that YouPorn ”was not hacked, but that its third-party chat service ‘failed to take the appropriate precautions in securing its user data’ and has since been taken offline pending an investigation.’” You might say Ms. Miller accused YouPorn’s third-party chat service of being caught with its pants down.

The bad news for YouPorn chat users doesn’t necessarily stop at being “outed” as a talker. In his blog, security professional, Graham Cluley, points out that some YouPorn users may have utilized the same passwords to logon to other sites. “So, if your YouPorn password is now known, hackers might try that same password against your email address, your PayPal account, your Amazon account, and many other online resources.”

In a Forbes article, Kashmir Hill referred to a tag cloud created by Ashkan Soltani, an independent researcher, showing that some of the most used passwords were in the YouPorn data leak.

In a related story, a person claiming to be a 17-year-old hacker in Morocco said he accessed personal information of users of a Brazzers-operated adult site, which is also owned by Manwin. And, we thought you had to be 21 before you were permitted to hack an adult site – go figure.

There’s a sure way not having personal customer information compromised in a breach. And that’s choosing security solutions that don’t rely on passwords and Social Security numbers to verify user identity. In a word, that’s choosing ThreatMetrix™.

ThreatMetrix offers protection from every type of malware for every type of device. ThreatMetrix’s complete package of online protection provides secure browsing technology that protects smartphones and other devices against malware and stops man-in-the-browser (MitB) attacks. The ThreatMetrix™ Cybercrime Defender Platform is the first industry solution that integrates sophisticated malware detection and advanced device identification technologies in a single, unified platform. This unified approach to cybersecurity is a game changer. By integrating malware detection and device identification with shared, centralized intelligence, ThreatMetrix delivers the unique ability to protect the integrity of entire online transactions. And, it’s done without relying on passwords, user names and cookies to protect its clients. The ThreatMetrix Cybercrime Defender Platform uses anonymous data from the computer, its connection to the Internet and contextual data from a transaction to sniff out cybercriminals of all types, as well as spies and hackers of all types.

Or how about? Traveling in Scotland, I was robbed by two crazy men with guns. They got all my money and credit cards and cell phone. And, please send money FAST. Rob Ades told the San Jose Mercury News’ Mike Cassidy that’s pretty much the email friends, family, business associates, and acquaintances received from him recently. The trouble was (or the lack of trouble was) he was not robbed by two crazy men with guns. He was not traveling and he wasn’t in Scotland.

Cassidy writes, “When Ades, an Oakland contractor, was finally able to sign onto his Gmail account, he found that his list of 300 or 400 contacts had been obliterated, but apparently not before each one received his mythical tale of Scottish woe. The folder in which he kept receipts and other business correspondence was gone. So too were the folders where he stored the back-and-forth in his role as coach of his son’s Little League baseball team and the one with the notes related to his role as vice president of the local PTA. The photos from family and friends that he’d kept as attachments? Gone.”

Ades couldn’t send out a mass email telling everybody he was okay because all his email contacts were gone. His next thought was going through Facebook only to find out his account had been suspended because of suspicious activity from Cameroon. Because it was a Gmail account that had been hacked, his next stop was Google, which seems to have an unlisted custom service number. In other words, Google appears only to offer automated online support for help in recovering lost data.

Cassidy writes, “Google says an online system is more efficient than a phone system and it provides better security when verifying accountholders’ identities.” You’d better believe the security is better. According to Cassidy, “When [Ades] clicks [the link, he] gets a message telling him to try again later.” No malefactor is about to breach a wall with that kind of protection. The link to nowhere.

With identity thefts occurring at an alarming pace, Cassidy decided to touch bases with a professional cybercriminal hunter, a man who’d seen many similar cases. “When it happens, it is really harrowing,” said Alisdair Faulkner, who as chief products officer with ThreatMetrix of San Jose has dedicated his working life to preventing security breaches. “It’s like a bad cold. Once you’ve got it, it’s hard to shake.”

Though Ades acknowledged his old password was relatively unsophisticated and had been used across different websites, nobody can say for sure how his identity was stolen. But one thing is certain, reliance on passwords and Social Security numbers is not the safest bet for companies which have to protect their and their customers’ online assets.

Without relying on passwords, user names and cookies to protect clients, ThreatMetrix™ offers protection from every type of malware for every type of device. ThreatMetrix’s complete package of online protection provides secure browsing technology that protects smartphones and other devices against malware and stops man-in-the-browser (MitB) attacks. The ThreatMetrix™ Cybercrime Defender Platform is the first industry solution that integrates sophisticated malware detection and advanced device identification technologies in a single, unified platform. This unified approach to cybersecurity is a game changer. By integrating malware detection and device identification with shared, centralized intelligence, ThreatMetrix delivers the unique ability to protect the integrity of entire online transactions. The ThreatMetrix Cybercrime Defender Platform uses anonymous data from the computer, its connection to the Internet and contextual data from a transaction to sniff out cybercriminals of all types, as well as spies and hackers of all types.

Cybercriminals are classic entrepreneurs who, seeing a growing market, jump in and exploit it. In 2012, that growing market is cell phones. And with the crush to get smarter and smarter ones, cybercrooks have found smarter and smarter ways to hack them. Which means cell phone owners had better get smarter and smarter defenses.

To find out how to build a wall between cyberthieves and cell phones, reporter Kate Murphy contacted Chuck Bokath, an engineer at Atlanta’s Georgia Tech Research Institute.

According to her article in The New York Times, “Mr. Bokath can hack into your cell phone just by dialing the number. He can remotely listen to your calls, read your text messages, snap pictures with your phone’s camera and track your movements around town — not to mention access the password to your online bank account.” Bokath says hacking into a cell phone is “trivial.” By trivial, we assume he means easy. Maybe that’s because instructions on hacking are available online. (Note: If you decide to check out whether hacking instructions are really online, make sure the website and link are safe or you’ll end up hacked yourself. Of course, if you’re planning on taking up a career in cybercrime hacking, please feel free to ignore this advice.)

Current estimates by experts say that more than a million phones have already been hacked. With more and more financial and personal information stored on cell phones, it’s either get protected or get two tin cans and a very long string.

Following are some hacker traps and how to avoid them.

The man-in-the-middle attack (MitM). That’s when a cybercriminal hacks into a phone’s operating system and reroutes data to a third party before sending it on to its destination. ”[T]he hacker can listen to your calls, read your text messages, follow your Internet browsing activity and keystrokes and pinpoint your geographical location. A sophisticated perpetrator of a MitM attack can even instruct your phone to transmit audio and video when your phone is turned off so intimate encounters and sensitive business negotiations essentially become broadcast news.”

How does the cybercriminal get into the operating system in the first place? “[A] common ruse …is to send the target a text message that claims to be from his or her cell service provider asking for permission to ‘reprovision’ or otherwise reconfigure the phone’s settings due to a network outage or other problem.”

Countering the MitM. Countering the attack can be a matter of just plain old common sense. If you have even the slightest doubt about a request or question a link, call your carrier to see if the message is bogus.

To bump up security another notch, use a prepaid SIM (subscriber identity module) card. SIMs are supported by AT&T and T-Mobile. (Note, they are not supported by Verizon or Sprint.) Then, after the line of credit is used up, throw away the card. “A SIM card digitally identifies the cell phone’s user, not only to the cell phone provider but also to hackers. It can take several months for the cell phone registry to associate you with a new SIM. So regularly changing the SIM card, even if you have a contract, will make you harder to target.”

The app with the added “bonus” feature – malware. With a phone app for just about every occasion, you might expect there’d be phone apps for hackers to upload malware and download stolen data. And there are — many. But, even some legitimate apps are so poorly designed, hackers are able to exploit their security weaknesses and leave malware on a cell.

Countering the malware threat. “Roman Schlegel, a computer scientist at City University of Hong Kong who specializes in mobile security threats, advise[s], ‘Only buy apps from a well-known vendor like Google or Apple, not some lonely developer.’”

Schlegal also advises actually reading apps “permissions” before downloading. Yeah, it’s easy to be lazy or dismiss permissions as boilerplate. Don’t. Apps asking for permission to make phone calls, connect to the Internet or reveal the user’s identity and location, are apt to be bad-news — unless you’re a cyberthief.

“The Google Android Market, Microsoft Windows Phone Marketplace, Research in Motion BlackBerry App World and Appstore for Android on Amazon.com all disclose the permissions of apps they sell. The Apple iTunes App Store does not, because Apple says it vets all the apps in its store.”

Additionally, security experts say it’s a good idea to avoid free or unofficial versions of apps like Angry Birds or Fruit Ninja, because malware is often hidden in their code.

Some of the following is a “well duh,” but repeating it can’t hurt unless you’re bored easily. Okay: “Clues that you might have already been infected include delayed receipt of e-mails and texts, sluggish performance while surfing the Internet and shorter battery life. Also look for unexplained charges on your cell phone bill.”

So, what happens if you discover your phone has been hacked. Well to instantly stop the flow of information to the hacker, just yank out the battery. However, if you’re mechanically challenged and aren’t sure how to remove the battery, simply take your phone, place it under your auto’s right front tire. Then, making certain the road is clear, put your car in drive. (The same procedure works equally well with cars with a stick shift.)

Anyway… As a general rule it’s safer using a 3G network than public Wi-Fi where it’s easier for hackers to get a shot at your data.

Now, if after you’ve taken all the precautions previously mentioned, but still feel vulnerable…and you have a spare $3,000 lying around, you might want to look into General Dynamics’ Sectéra Edge. Commissioned by the Department of Defense, this phone is super secure. Currently, it’s only available to U.S. government agents and the military. Sorry we got your hopes up. But, were you really going to spend three grand on a smartphone?

ThreatMetrix™ offers a complete package of online protection including secure browsing technology that protects smart phones and other devices against malware and stops MitB attacks.

Most recently ThreatMetrix announced TrustDefender™ Mobile, a new mobile software development kit (SDK) that helps identify fraudulent transactions originating from mobile applications.

“The PC era is in its sunset years and unfortunately smartphones have more limited form factors that make remote device verification difficult,” said Alisdair Faulkner, chief products officer, ThreatMetrix. “The iPhone blocks third-party cookies by default and when Apple released iOS 5, gone was the ability to globally identify a device based on its UDID. TrustDefender Mobile ensures that trusted user device identification and reputation is tightly integrated into a single platform for reducing risk across all web transactions and applications. This additional anonymous machine-level intelligence helps identify suspicious activities, such as when a criminal jailbreaks an iPhone in order to wipe the device’s identity.

“TrustDefender Mobile is introduced during a time when the mobile channel is becoming a hotbed for fraudsters. Enterprise security organizations are still grappling with the increase in the number of unmanaged endpoint devices that are not owned and supported by internal IT.  Since many companies are allowing employees to use their own personal mobile device today, confidential company information passes over an unprotected device. There are also personal transactions made on the same device used for work, which if not fully protected, can lead to hacked company information and infiltration,” added Faulkner.

The ThreatMetrix™ Cybercrime Defender Platform is the first industry solution that integrates sophisticated malware detection and advanced device identification technologies in a single, unified platform. This unified approach to cybersecurity is a game changer. By integrating malware detection and device identification with shared, centralized intelligence, ThreatMetrix delivers the unique ability to protect the integrity of entire online transactions. And, it’s done without relying on passwords, user names and cookies to protect its clients. The ThreatMetrix Cybercrime Defender Platform uses anonymous data from the computer, its connection to the Internet and contextual data from a transaction to sniff out cybercriminals of all types, as well as spies and hackers of all types.

Nothing quite says, “I love your money” like an e-card chock full of malware from your friendly local malware distributor.

Based on the volume of spam last year, ITweb.com quotes McAfee as saying that it expects global volumes of messages with Valentine’s Day themes to quadruple. Not to mention those too cheap to buy a gift, did you ever realize there were so many people too cheap to even buy a card, stick a stamp on it, and send it snail mail?  Of course, you may ignore that last remark if you happen to be one of those people.

Anyway… ITweb.com says Valentine’s Day scams include spam mail soliciting users’ bank details, links to malware, dating scams, and phoney Web sites offering Valentine’s Day products.

Consumers are warned to be wary of email subject lines like: “Want to give your sweetheart a nice gift this Valentine’s Day?” Now, who would open an email with a subject line like that with menace and mayhem written all over it?  Okay, just about anybody. That’s why consumers have to be extremely careful opening email solicitations and searching online for Valentine gifts. It puts them one click away from a bogus site where in exchange for their credit card info, they get nothing.  Well, not quite nothing.  They get their identity stolen and bank account downsized.

Clicking on a Valentine’s Day email is enough to trigger a malware download onto the user’s device. ITweb.com reports “a recent example [where] recipients received an e-card that appeared to come from a legitimate greeting card site. However, when the e-card was opened, it prompted recipients to download the latest version of Flash Player in order to view the card. [T]he download installed a virus on recipients’ machines that tried to access their contacts and other personal information, which potentially left recipients open to identity theft.”

Obviously, the warning about being careful about clicking on Valentine’s Day emails also holds true for Valentine’s-themed videos, wallpaper, love songs and rogue apps, which can also infect devices.

ITweb.com says last year Facebook users “were invited to click on a link to send a love poem to ‘someone special’. However, when users clicked on the link, it spammed their contacts’ Facebook walls with status updates or surveys that asked for personal information.”

February 14 is when singles go on the hunt for other singles. Fraudsters take advantage of “mating calls” by posting fake profiles on dating sites. Victims are asked to send money or valuables and share their personal information. You don’t have to be Einstein to know what happens next – and it ain’t a vine-covered cottage with white picket fence.

If netizens really want to look for love online, they should only make use of paid dating sites like those protected by ThreatMetrix™. Some of these include myYearbook, Chellaul and Christian Dating for Free. To learn more, check out ThreatMetrix’s latest releases:

• myYearbook Moves to the Head of the Fraud Prevention Class 
• Cheallaul Online Dating Sites Stopping Scammers 
• Scammers Beware: Christian Dating for Free Makes a Date with ThreatMetrix to Help Prevent Online Frauds and Scams

Users should always be wary of people who fall in love too fast and request personal information like financials and those who refuse to provide a rap sheet. We’re joking about the rap sheet. We hope.  The best advice is to stick with ThreatMetrix protected sites.

Wow. All these scam warnings are enough to turn the most ardent romantic into a Himalayan hermit or cloistered nun. Well, they would be, if ThreatMetrix weren’t on the job to protect not only dating sites, but all companies with online assets who also want to offer their customers maximum protection.

ThreatMetrix offers a complete package of online protection including secure browsing technology that protects smartphones and other devices against malware and stops man-in-the-browser (MitB) attacks. The ThreatMetrix™ Cybercrime Defender Platform is the first industry solution that integrates sophisticated malware detection and advanced device identification technologies in a single, unified platform. This unified approach to cybersecurity is a game changer. By integrating malware detection and device identification with shared, centralized intelligence, ThreatMetrix delivers the unique ability to protect the integrity of entire online transactions. And, it’s done without relying on passwords, user names and cookies to protect its clients. The ThreatMetrix Cybercrime Defender Platform uses anonymous data from the computer, its connection to the Internet and contextual data from a transaction to sniff out cybercriminals of all types, as well as spies and hackers of all types.

Incorporating the features and functionality from their respective fraud prevention platforms, ThreatMetrix and TransUnion joined forces to create two powerful new anti-cybercrime platforms. They are designed for high-volume, high-risk e-commerce businesses, as well as new account origination and account management for financial institutions and social media sites.

ThreatMetrix is leveraging the TransUnion Contact Verification Service within the ThreatMetrix™ Cybercrime Defender Platform. The solution is called the TrustDefender™ Identity Verification Service and it provides ThreatMetrix customers with enhanced real-time online contact verification.

TransUnion is also formally launching its Device Verification Service. Fully integrated with the ThreatMetrix Cybercrime Defender Platform, TransUnion’s Identity Manager platform offers the Device Verification Service to its customers in addition to its existing Identity Risk alerts and Fraud Scores. This gives TransUnion customers a one-stop platform to assess the risk associated with both individuals initiating the transaction and the device used for the transaction. The Device Verification component helps identify potential cybercriminals trying to mask their identity through cookie manipulation, the use of hidden proxies or invalid IP addresses, or other device anomalies from originating devices such as laptops, smartphones and tablet computers.

Customers wanting to lower risk associated with a new account origination or high-value transaction can now confirm a customer’s identity against TransUnion’s Contact Verification Service. In addition, they can do a fraud analysis of the originating device being used in the transaction with the ThreatMetrix™ Cybercrime Defender Platform.

Reed Taussig, president and CEO, ThreatMetrix said, “We’re excited to be working with TransUnion, a leader in information management and identity verification, to provide our e-commerce and social networking customers with the ability to perform automatic identity verification when processing high-value transactions and creating new accounts. This collaborative effort is another example of the continuing evolution of ThreatMetrix’s market-leading fraud prevention platform.”  He added, “The combination of these powerful services can help dramatically reduce fraud risk for ThreatMetrix and TransUnion customers.”

Jeff Brown, vice president, Identity Risk Solutions, observed, “Today’s reality is that device identity is a critical component of a person’s overall online identity.  The combination of personal and device identity verification now available through the TransUnion and ThreatMetrix platforms is good for consumers in that it can prevent unauthorized transactions if their online identity has been compromised. It’s good for businesses because it can reduce the level of fraud that they experience on their sites and enable them to validate more customers more quickly, while enhancing the customer’s online experience.”

The new integrated service from ThreatMetrix and TransUnion includes:

• Positive identity confirmation and device threat assessment in real-time.  This comprehensive verification presents a single risk score that is especially important for merchants, financial institutions and other online services when determining whether or not to approve transactions that exceed risk thresholds. Social networking sites can also leverage the integrated solution to positively assert the true identity of the customer.

• Seamless integration of identity and device verification to provide companies with operational efficiencies through a single service offering available through real-time interfaces.

• Significant fraud reduction by combining device identification scoring with supplemental identity verification. When new members sign up for an account, layered validation of customer identity information in combination with device identification provides added assurance that customers are who they claim to be.

• Supports compliance with FFIEC’s 2011 guidelines to provide a one-stop platform that is a risk-based, layered, fraud detection and prevention solution that includes rigorous customer and transaction authentication.

Will Microsoft’s “Putting People First” ad campaign and blog post slamming Google’s privacy changes give netizens the courage to fight for more privacy? Heart. Brain. Courage. Will these allusions to the Wizard of Oz never end?

Danny Sullivan, a search engine guru, who’s been quoted in media from the Wall Street Journal, Los Angeles Times and Forbes to the New Yorker and Nightline, has covered Google since the company’s founding. Recently, Sullivan did an exhaustive MarketingLand.com piece on Google’s privacy changes and Microsoft’s reaction.

So, could Google use a brain? Sullivan says, “Last September, Google CEO Larry Page warned Google’s biggest threat was Google itself. His words are ringing true, as Google arch-nemesis Microsoft is seizing on Google’s recent missteps to score some points through a newspaper ad campaign that pitches Microsoft’s products as treating customers better than Google’s do.”

One of the recent missteps, and the one Microsoft landed on hard, was Google’s announcement “that its privacy policy would change, to allow it the right to share data between its various properties in ways that its current set of more than 70 different privacy policies don’t allow.”

What this means to users is that they have to use the same name and password to logon to Gmail and YouTube. It works that way across all Google platforms except for Google Wallet, Chrome and Google Books. These changes offer Google the ability to share data between its properties more easily…which is another way of saying Google can track users better…which is another way of saying Google users are losing more privacy.

Considering privacy has become such a hot topic, was it smart for Google to change its privacy policy – especially now? Sullivan says, “It took only two days for Google to get a letter from members of the U.S. Congress asking for clarification about the new privacy changes. Plenty of headlines painted a negative picture of the move….

“I’ve seen numerous people in the tech press shaking their virtual heads wondering at what’s seemed some very odd moves from Google. I’ve been one of them. That’s made the ground ripe for Microsoft to harvest some potential anti-Google anger.”

So, is Microsoft attempting to take advantage of this potential anti-Google user backlash? Microsoft corporate communications chief Frank X. Shaw sees it this way, “Over the past couple of weeks, there have been a number of decisions that Google has made that have caused people to pause and think about their relationship with Google. That’s why we decided to run some ads. To say, ‘Hey, we have a different point of view, and you should check out these services. They don’t come with the same set of trade-offs’.”

So is Microsoft running down a competitor for ad bucks or sticking up for “the little guy’s” right to privacy? Has big, bad Microshaft become a gentler, kindlier company, striving to live up to its Wall Street nickname, Mr. Softee? In short, has this one-time bastion of cold technological calculation become a company with a heart?

Here’s a link to the ad so you can decide for yourself.

But, if you don’t want to bother clicking, here’s the ad copy (FYI, the visuals leave a lot to be desired. Or put another way, there are no visuals. So, the copy pretty much says it all.):

“Google is in the process of making some unpopular changes to some of their most popular products. Those changes, cloaked in language like “transparency,” “simplicity” and “consistency,” are really about one thing: making it easier for Google to connect the dots between everything you search, send, say or stream while using one of their services.

But, the way they’re doing it is making it harder for you to maintain control of your personal information. Why are they so interested in doing this that they would risk this kind of backlash? One logical reason: Every data point they collect and connect to you increases how valuable you are to an advertiser.

To be clear, there’s nothing inherently wrong with wanting to improve the quality of an advertising product. But, that effort needs to be balanced with continuing to meet the needs and interests of users. Every business finds its own balance and attracts users who share those priorities. Google’s new changes have upset that balance, with users’ priorities being de-prioritized. That’s why people are concerned and looking for alternatives.

If these changes rub you the wrong way, please consider using our portfolio of award-winning products and services….

Sullivan takes a balanced view of both companies’ privacy policies, “Whether Microsoft’s various privacy policies give more or less rights than Google’s forthcoming one is quite possibly an impossible task for anyone to properly measure, given how open-ended they all seem to be.”

And Sullivan offers a promise of privacy from both companies. “Even if you could itemize all the rights in the privacy policies, there still remain controls that users have with services at both Google and Microsoft which may prevent information from being logged or shared.”

Ultimately, the issue of privacy rests with the people who demand it – the online users who have the courage to stand up for their rights.

How about your company? Does it feel like you have to compromise security for privacy or the other way around? With ThreatMetrix™ you can have both.

Without relying on passwords, user names and cookies to protect its clients, the ThreatMetrix™ Cybercrime Defender Platform uses anonymous data from the computer, its connection to the Internet and contextual data from a transaction to sniff out cybercriminals. The ThreatMetrix Cybercrime Defender Platform is the first industry solution that integrates sophisticated malware detection and advanced device identification technologies in a single, unified platform. This unified approach to cybersecurity is a game changer. By integrating malware detection and device identification with shared, centralized intelligence, ThreatMetrix delivers the unique ability to protect the integrity of entire online transactions.

Child identity theft is exactly like stealing candy from babies. Easy. It’s easy because the crime is often not detected until the baby is an adult and has his/her credit and reputation ruined.

The Huffington Post relates the story of Jennifer Andrushko.   

When Jennifer Andrushko applied for public aid two years ago, a state employee entered her son Carter’s Social Security number into a computer and discovered something strange: The boy appeared to have been earning wages for the past eight years.

“I thought, ‘How could this be happening? He’s only three years old,’” Andrushko said.

It turned out an undocumented immigrant had been using Carter’s number to acquire jobs since before [Carter] was born. But Carter proved relatively fortunate. Unlike many child identity theft victims who do not realize their credit is ruined until they reach adulthood, his case was caught while he was young, giving him time to recover his good name.

Carter was lucky. He was living in Utah, one of the few states that cross-references its employment database with a list of children receiving public assistance. Well he wasn’t all that lucky. His mother was applying for public assistance.  Anyway, according to the Huffington Post, Utah found thousands of instances of child identity theft, including one where nine people used one nine-year-old’s Social Security number to get employment.

Parents hand over children’s Social Security numbers to schools and health care providers, and other institutions that often don’t have sufficient safeguards in place. It’s been suggested that a solution, or at least a partial one, would be if the Social Security Administration could do something with the numbers to make it possible for credit agencies to know that the holder is a minor.

Last year, more than 18,000 cases of child identity theft were reported to the Federal Trade Commission. The Huffington Post suggests even 18,000 doesn’t come close. “The real figure…is probably much higher because the crime often goes undetected….. ID Analytics estimates that more than 140,000 children are victims of identity theft each year, based on a one-year study of those enrolled in the firm’s identity protection service.

“In the largest study on child identity theft to date, researchers at Carnegie Mellon University found that 10 percent of children were victims of identity theft, compared with less than 1 percent of adults. The study, which was published this spring, analyzed more than 800,000 records — including 40,000 belonging to minors — compromised by data breaches in 2009 and 2010. The data was provided by the credit monitoring service Debix.”

The Huffington Post story says, “Thieves now exploit a gap in the system used by the three major credit bureaus to check consumer credit. When the bureaus pull reports, they look for matching names, birthdates and Social Security numbers. But identity thieves escape detection by pairing a child’s number with a different name and birth date, creating the appearance of a consumer who is applying for credit for the first time. Debix says it recently ran credit reports on 381 cases of confirmed child identity theft and found that credit reports only turned up fraudulent activity in four cases, or 1 percent.”

Companies are able to cross check names, birthdates and SSNs with the Social Security Administration, but the agency charges a $5,000 fee upfront, plus $1 for each check – a tab many companies don’t care to pay.

Stuart Pratt, president of the Consumer Data Industry Association, the trade association for the three credit reporting agencies, asked, “How can somebody open up any kind of account with just a name and Social on its own? Authentication should be much more than that. It has to be robust.”

In the late 1980s, the Social Security Administration started requiring parents to list their children’s SSNs to claim them as dependents. Newborns got spanking new credit histories that remained that way till they turned eighteen. It was an open invitation to crooks.

So what happens when thieves have a multi-year head start?  The Huffington Post relates the story of Jaleesa Suell of Oakland, California.  When Jaleesa was 17, a thief stole her identity to open a credit card. She didn’t find out until she turned 21 and was denied her first credit card. The reason?  She had a $300 unpaid credit-card debt, which had been sent to a collection agency.

Now 22, Suell has spent the last six months disputing the fraud with Plains Commerce Bank, based in South Dakota, where the account was opened. Before accepting the charges were fraudulent, the bank insisted that Suell provide a full police report. But the Oakland Police Department has refused to provide such a report because $300 does not meet the department’s threshold.

Identity Theft 911, which is working pro-bono to help Suell, plans to write letters to the FDIC, FTC and the Better Business Bureau to pressure the bank to “do the right thing,” according to Kelly Colgan, a spokeswoman for Identity Theft 911.

If her case is not resolved, Suell fears she will graduate college in May and be unable to rent an apartment or acquire student loans for graduate school due to her damaged credit.

“I’m at an impasse,” she said. “It’s extremely frustrating.”

Story after story follows the same pattern. Even when victims are able to clear their names, they have still been forced to devote big chunks of time and energy to that end. And that’s time and energy that could be put to better use like improving their grades, finding jobs, etc.

Amending agency regulations and federal and state laws could help stop ID theft.  Another thing that could help the cause is for online businesses to use ThreatMetrix™ solutions.

ThreatMetrix doesn’t rely on passwords, user names and cookies to protect its clients.  Instead the ThreatMetrix™ Cybercrime Defender Platform uses anonymous data from the computer, its connection to the Internet and contextual data from a transaction to sniff out cybercriminals. The ThreatMetrix Cybercrime Defender Platform is the first industry solution that integrates sophisticated malware detection and advanced device identification technologies in a single, unified platform. This unified approach to cybersecurity is a game changer. By integrating malware detection and device identification with shared, centralized intelligence, ThreatMetrix delivers the unique ability to protect the integrity of entire online transactions.

Zappos, the online shoe outlet owned by Amazon, was hacked putting some 24-million customers’ personal information at risk. PCWorld.com reported that Zappos CEO, Tony Hsieh, told customers that, “names, email addresses, billing and shipping addresses, phone numbers, the last four digits of credit card numbers, and encrypted passwords may have been exposed.”  He added that the good news was that the database storing actual credit card and payment data had not been breached.

Nevertheless, the New York Daily News reported that the company had put out a statement informing customers of the incident and asking them to change their passwords. Customers, who attempted to phone Zappos for information, were met with the sounds of silence. Zappos’ CEO said in a memo, “We have made the hard decision to turn off our phones and direct customers to contact us by email because our phone systems simply aren’t capable of handling so much volume. (If 5% of our customers call, that would be over 1 million phone calls, most of which would not even make it into our phone system in the first place.).”

In an email to employees, which was posted to the Zappos blog, the company said the cyberattack came from a criminal who had gained access to parts of the company’s internal network and systems through a server in Kentucky.

Andrew Storms, director of security operations at nCircle, told PCWorld.com that Zappos’ response to the incident seemed to be appropriate in so far as it had notified customers, and reset all passwords to force customers to create new ones to replace those that may be exposed or cracked as a result of the breach.

Security expert, Neil Roiter, research director for Corero Network Security, observed, “Companies such as Zappos should have technology in place that monitors activity on their networks and reports in real time on suspicious activity or activity that does not conform to security policy. The sooner an organization detects a breach, the more quickly it can contain it.”

ThreatMetrix, the fastest-growing provider of integrated cybercrime prevention solutions, offers superior solutions that can’t be compromised by break-ins. The ThreatMetrix™ Cybercrime Defender Platform helps companies protect customer data and secure transactions against fraud, malware, data breaches, as well as man-in-the browser (MitB) and Trojan attacks. The Platform consists of advanced cybersecurity technologies, including TrustDefender™ ID, which is cloud-based, real-time device identification, as well as malware protection with TrustDefender™ Cloud and TrustDefender™ Client. The company serves a rapidly growing global customer base across a variety of industries, including financial services, e-commerce, payments,social networks, government, and healthcare.

PrECISE (Promoting and Enhancing Cybersecurity and Information Sharing Effectiveness) is the cybersecurity bill introduced by members of the House Homeland Security Committee.  PrECISE establishes a quasi-governmental entity to oversee information-sharing with the private sector.

Wouldn’t you like to have sat in on the meeting where they decided on the acronym, PrECISE?  (Probably more like multiple meetings with emails flying back and forth for months):

Staffers: “How about Cybersecurity Information Sharing (CIS)?”

Committee: “CIS?  Too close to CIA, which is supposed to gather information, not spread it. Leaves the wrong impression.”

Staffers: “How about Promoting and Enhancing Cybersecurity and Information Sharing Effectiveness (PECISE)?”

Committee:  “That’d be pronounced Pea-size. Does Pea-size sound like the taxpayers are getting any bang for their buck?”

Staffers:  “How about we put in an “R” for Research? “Promoting Research and Enhancing Cybersecurity and Information Sharing Effectiveness.” Then we’ve got PRECISE. “

Committee: “PRECISE.  Like it.  But we’re not doing Research. That makes PRECISE imprecise.”

Staffers:  “Okay, we can take the “R” from “Promoting” to make it “PRECISE.” And to differentiate it from the rest of the acronym, we can make the “R” an “r”.

Committee:  “But what do we do about the “a”s in the “ands” in “Promoting Research and Enhancing Cybersecurity and Information Sharing Effectiveness?”

Staffers:  “Lower case ands are always silent.” 

Committee:  “Precisely.”

However the PrECISE Act got its name, The Hill’s “Hillicon Valley Technology Blog” reports that it’s designed to encourage “private firms to share information on cyber threats [stopping] short of mandating new security standards for sectors deemed critical to national security” following other cybersecurity bills offered by House Republicans.

The bill lays out the Department of Homeland Security’s cybersecurity functions which would require DHS to evaluate cybersecurity risks for critical infrastructure firms and determine the best way to mitigate the risks.

“Cybersecurity is truly a team sport, and this bill gives DHS needed authorities to play its part in the federal government’s cybersecurity mission and enables the private sector to play its part by giving them the information and access to technical support they need to protect critical infrastructure,” said House Cybersecurity subcommittee Chairman Dan Lungren (R-Calif.).

Hillicon Valley Technology Blog observes, “By authorizing DHS to oversee civilian cybersecurity, the legislation aligns with proposals from both the Senate and the White House, but it is unclear how much authority DHS would have to enforce its security standards. Democrats have argued DHS needs some enforcement authority to ensure firms beef up their network protections.”

While there hasn’t been a whole lot of bi-partisan support for any measure recently, this bill appears to come close. Bennie Thompson (D-Miss.) said, “Introduction of this legislation represents a solid and significant step forward in the effort to secure our nation’s cyber infrastructure. While I am not prepared to give my full support to the bill at this time, there’s a lot to like in this bill. I am pleased that it gives DHS the authority and resources it needs to fulfill its cybersecurity mission instead of creating a whole new bureaucracy or complicated regulatory framework.”

Offers Cybersecurity sub-panel ranking member Yvette Clarke (D-N.Y.), “While we continue to review this legislation, I look forward to working with my colleagues in a more collaborative way to strengthen this bill.”

You may have to wait for Congress to work out the precise language of PrECISE before it’s enacted.  But, you don’t have to wait to achieve the most effective protection for your online assets.  That protection is available today from ThreatMetrix™.

The first perimeter and the most effective element in a multi-layered defense against cybercriminals is device identification.  Offering transaction security from hidden proxies, scripted attacks and cookie and browser manipulation, the ThreatMetrix™ Cloud-Based Fraud Prevention Platform  lets companies authenticate payments, new accounts and returning customers in real time. And it doesn’t matter what device is being used from smartphones to PCs to tablets. Combined with aggregated fraud intelligence in the cloud, ThreatMetrix device identification offers companies maximum protection without the need to collect Social Security numbers, email addresses or bank account information.

1917:  The Foreign Secretary of the German Empire, Arthur Zimmermann sent a diplomatic proposal from the German Empire to Mexico to make war against the United States. Intercepted by British intelligence and forwarded on to the United States, the Zimmermann Note angered Americans, adding another reason for the U.S. declaration of war against Germany in World War I.

2011: U.S. officials investigate reports that Iranian and Venezuelan diplomats in Mexico are involved in planned cyberattacks against U.S. targets, including nuclear power plants.

According to the Washington Times, a documentary that aired on the Spanish-language TV network, Univision, included secretly recorded footage of Iranian and Venezuelan diplomats being briefed on planned attacks and promising to pass information to their respective governments.

A former computer instructor at the National Autonomous University of Mexico told Univision that he was recruited by a professor there in 2006 to organize a group of student hackers to carry out cyberattacks against the United States, initially at the behest of the Cuban Embassy.

In an undercover sting, an instructor and several students infiltrated the hackers, secretly videotaping Iranian and Venezuelan diplomats.

State Department spokesperson William Ostick called the reports “disturbing,” but added that U.S. officials “don’t have any information at this point to corroborate them.”  However, earlier this year, U.S. prosecutors charged an Iranian official based in Tehran with trying to recruit a Mexican drug cartel to kill the Saudi ambassador to the United States by bombing a Washington restaurant. Ostick noted, “We constantly monitor for possible connections between terrorists and transnational criminals.”

An aide to New Jersey Senator Robert Menendez, chairman of the Senate Foreign Relations subcommittee on the Western Hemisphere told the Washington Times that the Univision report, which also said that Iranian extremists were recruiting young Latin American Muslims, is “one of a variety of concerns we have about Iran’s efforts to engage with countries and other actors in the region.”

Stating the obvious: technology has changed dramatically since 1917. People haven’t.  To ensure your company is protected against attack from people, who are out to cause harm or perpetrate fraud, the best solutions come from ThreatMetrix. Without requiring personal identifiable information, such as Social Security Numbers, that can be compromised, ThreatMetrix solutions nab criminals in real-time before they can do real damage. The ThreatMetrix™ Cloud-Based Fraud Prevention Platform uses anonymous data from the computer, its connection to the Internet and contextual data from a transaction to stop criminals whether in Toledo or Tehran.