PrivacyToday.com
Privacy
& Information Security News at The Click Of Your
Mouse
Home Contact Us News PT in the News Services Speeches
Privacy & Information
Security News
Change seeks to
protect privacy of phone logs - One
Granbury
firm accused of selling cell phone records - A
Denver firm part of
federal inquiry -
Nixon
seeks injunction against Web business - Attorney General Jay Nixon
requested a court order Tuesday to stop a Web business and its owners from
selling confidential information of cell phone customers. Nixon said in a
statement that the defendants, Completeskiptrace.com,
are violating consumer protection laws by misrepresenting that it is legal for
them to obtain, possess and sell the information…An undercover investigator
from Nixon's office initiated an online transaction with Completeskiptrace
to purchase the account number of his own private cell phone and received the
information Feb. 14, according to a release. Named as a
defendants in the lawsuit filed Tuesday in Cole County Circuit Court are Get A Grip
Consulting Inc. and its principal owner, Rob Schroader,
of
Alltel
Investigates Files Emptied Into Dumpster - Christopher Smith wants answer
on how his cell phone records were found in a Dumpster behind an Alltel store
in
Data thief gets eight
years - Scott Levine, 46, was sentenced by a federal judge in Little
Rock, Ark., after being found guilty of breaking into Acxiom's servers and
downloading gigabytes of data in what the U.S. Justice Department calls one of
the largest data heists to date. Acxiom, based in Little Rock, says it operates the world's
largest repository of consumer data, and counts major banks, credit card
companies and the U.S. government among its customers…This is not the first
prosecution to arise out of poor security practices on Acxiom's file transfer
protocol server (FTP). An
FBI widens
probe of debit-card theft - The FBI has expanded its investigation into a debit
card fraud that has mostly affected 200,000 consumers in the Western United
States, saying that the case might be linked to other debit card thefts around
the country…One company that has acknowledged a security breach is the
CDT Says Privacy
Laws Lag Far Behind Data Harvest Tech - The widening gap between technology
harvesting sensitive personal data and the laws designed to prevent misuse of
that data needs to be filled, according to the Center for Democracy &
Technology. The center called for more stringent regulations Wednesday, citing
government attempts to retrieve millions of cell phone records, its use of cell
phones to track suspects, as well as privacy issues raised by Web-based e-mail
and spyware that logs keystrokes. "The capacity of Internet Technology to
collect and store data increases every day, as does the volume of personal
information we willingly surrender as we take advantage of new services,"
CDT Policy Director Jim Dempsey said in a prepared statement. "Meanwhile,
the laws that are supposed to prevent the government from unfairly accessing
personal information haven't changed in two decades."
War
in the Information Age - In a 24/7 world, the
EPIC Letter to Ethics
Board Concerning Attorneys' Use of Pretexting - In the course of
investigating pretexting, it has become increasingly clear that attorneys are
major consumers of pretexting services. In this letter, we request that
appropriate action be taken to ensure that attorneys in your state are not
employing investigators or other companies to engage in pretexting or other
fraud. We believe that pretexting is incompatible with
U.S. House of
Representatives Commerce Committee Identifies Private Phone Record Brokers;
Demands Data, Trade Practices - House Energy and Commerce Committee
investigators have identified people behind 22 Web pages that may offer
criminals, stalkers and any other paying customer the detailed records of a
person's private telephone calls. Energy and Commerce Committee Chairman Joe
Barton, R-Texas; the committee's ranking member, U.S. Rep. John Dingell, D-Mich.; Oversight and Investigations Subcommittee Chairman
Ed Whitfield, R-Ky.; and the subcommittee's ranking
member, U.S. Rep. Bart Stupak, D-Mich., today sent
letters demanding that the companies provide information about the cottage
industry…In today's letters, Barton and the three other lawmakers wrote,
"It is very disconcerting that certain online data broker companies are
exploiting consumers' personal records and selling the information to whomever
pays for the records. With the exception of the legitimate activities of law
enforcement authorities, who in any event have legal means for acquiring such
information, we struggle to find any ethical justification for marketing this
data."
Do
You Know Where Your Identity Is? - Not all identity theft involves
financial losses: According to the FTC, the most common non-financial form of
fraud takes place when the thief uses the victim's name and identifying
information when caught committing a crime or otherwise stopped by law
enforcement officials.
Skype
could force end to wiretapping calls - Even as the
Lawyer
Indicted in PI Inquiry - Reaching for the first time into the upper ranks
of
FTC to hold hearings on high-tech
security - The Federal Trade Commission will host hearings this fall
on emerging technologies being exploited by Internet spies and identity
thieves.
FCC Eyes Tighter
Consumer Data Privacy - Capitol Hill shock over commercial online
infringement of customer calling records and confidentiality reached another
stage late last week as the Federal Communications Commission opened a Notice
of Proposed Rulemaking (NPRM) examining the need for tougher privacy measures.
The four-member commission last Friday unanimously approved an NPRM directly
responding to a Summer 2005 petition sought by the Electronic Privacy
Information Center (EPIC) regarding Internet brokering of personal information.
EPIC’s filing began a now-growing exposé on the
brokering of call details obtained from telecom carriers and the need for
enhanced security safeguards. The FCC is now seeking comment on “whether”
additional security measures can prevent unauthorized disclosure of sensitive
customer information held by telecom companies.
Nigerian
national sentenced in ChoicePoint ID theft case - A Nigerian national who
pleaded guilty to identity theft charges related to information stolen from
consumer data collector ChoicePoint Inc. was sentenced Friday to 10 years in
prison and ordered to pay $6.5 million in restitution…The charges spanned a
period of more than two years beginning in January 2002. Prosecutors alleged
that a fake business called "Pacific Collections" used a
Do you
know where your child's SSN is? – If your child’s social security number
had a secret life, would you know? Probably not. The only way to really know is
to dig through the data, and you can’t. But the
Man threatens to attack
Olympic computers - A would-be hacker was being investigated by police
Monday after threatening to attack the internal computer network of the
Bank of America pulls some
Visa cards - Bank of America Corp. has withdrawn an undetermined number of
Visa cards because of concerns about a security breach with a merchant, a
company spokeswoman said Friday…The Charlotte-based bank declined to reveal the
number of cards that were withdrawn or the location of the customers.
FBI
makes connections in data breach case - A data security breach that has
spurred at least two large banks to cancel thousands of customer debit cards
appears to be connected to an older ongoing investigation in Sacramento, the
FBI said Friday. Scores of Bank of
Bill
would force Web sites to delete personal info - A bill just announced in
Congress would require every Web site operator to delete information about
visitors, including e-mail addresses, if the data is no longer required for a
"legitimate" business purpose. The proposal, introduced Wednesday by
Rep. Ed Markey, seeks to import European-style privacy regulations by imposing
a broad data-deletion requirement. It would apply to every
Cell phones used to track
where you go - Advances in mobile phone tracking technology are turning
British firms into cyber sleuths as they keep a virtual eye on their staff,
vehicles and stock.
E-mail scam artist posing
as Fidelity manager - The e-mail claims to be from a financially savvy
Fidelity Investments fund manager who has "secretly extracted" money
from the world's largest fund management firm and will pass it along to you for
a small fee. Hear any alarm bells ringing? Boston-based Fidelity Investments is
working with authorities to find the author of a mass e-mail sent to computers
around the world that claims to be written by a Fidelity fund manager.
Foreign Internet
services selling U.S. phone records - Foreign-registered Internet
services are selling
Web Sites Hawking
Phone Records Shut Down - Following a wave of negative publicity and
pressure from the government, several Web sites that peddled people's private
phone records are calling it quits. [Calling it
quits? Most likely not—more like going underground to continue to service their
corporate and attorney clients. But fewer online avenues to phone records is a
good thing!]
Imprisoned
Hollywood P.I. has Chicago ties - A former
Pellicano and 6 Others Are Indicted - In a
sweeping indictment that reads like an unfinished Hollywood screenplay, onetime
private investigator Anthony Pellicano and six others
were accused Monday of conspiring to wiretap, blackmail and intimidate dozens
of celebrities and business executives, including actor Sylvester Stallone,
comic Garry Shandling and real estate developer
Robert McGuire. The 110-count federal indictment outlines a complicated web of
payoffs to police, high-tech eavesdropping and other skulduggery.
Prosecutors allege that Pellicano scoured
confidential communications and law enforcement databases for scandalous
details that would scare off lawsuits or provide his clients with the upper
hand in courtroom battles…Nearly a dozen people — among them actors Stallone
and Keith Carradine, film producer Vincent Bo Zenga and former Los Angeles Times reporter Anita Busch —
were allegedly the victims of wiretaps conducted by Pellicano
and the others between August 2000 and November 2002, the indictment
alleges…Additionally, authorities cited nearly 100 other instances in which Pellicano and Arneson allegedly
accessed confidential law enforcement records, including the FBI's National
Crime Information Center database, to gain information about targets including Shandling, former "Saturday Night Live" star
Kevin Nealon, McGuire and dozens of others. According
to the indictment, Pellicano paid Arneson
at least $189,000 between 1997 and 2002. Turner, authorities allege, was paid
at least $36,000 from 1997 to 2002 to provide Pellicano
with confidential telephone information about dozens of people. Another SBC
employee, Teresa Wright, provided confidential and proprietary information on
telephone company subscribers, according to the
Madigan to cell
companies: Let's talk - Attorney General Lisa Madigan and her counterparts
in other states have sent joint letters to heads of the nation's five largest
cell phone companies seeking conference calls to discuss how the companies are
protecting against theft of customers' phone records…"In addition to
focusing on the activities of the numerous data brokers who obtain telephone
cell records and other private information, we also would like to discuss what
the keepers of our residents' private information are doing to keep the
information secure," the letter said.
Her ATM Card, But
Her Impostor's Picture - For years, Margaret Harrison believed she
had an impostor. There were signs her Social Security number was living a
double life. Four years ago, an unemployment office in
Who surfs
for cell records? Lawyers - The sale of cellphone
records over the Internet-a hot topic that recently spurred litigation,
legislation and a federal investigation-has more than a few lawyers nervous.
Attorneys are among the top customers of the controversial Web sites, according
to private investigators, privacy advocates and Web site operators who sell the
phone records. "Let's put it this way, the legal profession is keeping it
alive," said Rob Douglas, a former private eye turned security consultant
who has helped the Federal Trade Commission (FTC) investigate and prosecute
online operators that sell phone records. "I've investigated them with the
federal government and in private lawsuits . . . and in every single case, the
overwhelming majority of users of these companies are attorneys," Douglas
said…Given all the controversy surrounding the sale of cellphone
records, attorneys were reluctant to comment on the subject. Of the more than a
dozen divorce, business and criminal defense attorneys contacted for this
story, none said they used the tactic. Most wouldn't even talk about the
subject. One lawyer said, "Good luck finding anyone to admit to it."…
"Are cellphone records private? We probably all
assumed that they were, but the answer is probably to the contrary. We probably
have some privacy interest but it's not protected by common law or
statute," said Harold J. Krent, dean of the
Chicago-Kent College of Law. Krent noted that given
the vagueness of the law, attorneys who obtain cellphone
records via the Internet are not doing anything illegal or unethical.
Congress
quizzes phone records brokers - Leaders from the U.S. House of
Representatives' Energy and Commerce Committee, which convened a hearing
Wednesday on the topic, sent letters with the queries to the director of
Florida-based First Source Information Specialists, which manages
Locatecell.com and Celltolls.com, among others, and to the director of
Texas-based PDJ Services, which manages the site Phonebust.com. Legislators
estimated this week that a total of at least 40 such operations exist. The
letters are the latest step in the government's attempts to investigate reports
that such companies have been engaging in "pretexting"--that is,
impersonating others--or bribing cell phone and landline providers to glean
sensitive customer information and then selling those records online. Members
of the House and the U.S. Senate have already introduced proposals aimed at making such practices a crime, with prison time a possible
sentence…The committee's requests included detailed company records, such as
revenue and a list of services provided, information about the methods the
companies use to acquire their information, records related to law enforcement
requests for data, and "an explanation of whether any effort is made to
obtain consent from consumers before selling their account data or to notify
them after their records have been procured or sold." The companies have
until Feb. 17 to respond. The committee noted in its press release that it
"has the power to subpoena records and testimony when it encounters
uncooperative witnesses."
FCC subpoenas 30
phone record dealers -
The Federal Communications Commission has subpoenaed more than 30 information
brokers to learn how they obtain customers' calling records from
telephone companies, according to testimony Wednesday before Congress. In a
hearing before the House Energy and Commerce Committee, the heads of the FCC
and the Federal Trade Commission endorsed making the sale of phone records
illegal. Earlier this week, the FCC issued citations against LocateCell.com and
DataFind.org for failing to respond fully to subpoenas issued Nov. 9. The FCC
warned those companies they could face stiff fines if they don't comply. The
FCC contacted the Justice Department to enforce the subpoenas, FCC Chairman
Kevin J. Martin testified. "In addition, we subsequently served another
approximately 30 data broker companies with subpoenas and are currently waiting
for their response," he said…The FTC came under fire at Wednesday's
hearing for going after information brokers who buy and sell customers' financial
information but failing to address phone record theft as vigorously. "The
FTC's known about it [the sale of phone records] since 1998, and they have not
brought a single case when it comes to phone records," testified Rob
Douglas, an information security consultant.
Lisa Madigan to
testify before Congress on cell phone records - Illinois Attorney
General Lisa Madigan plans to testify before Congress today that any federal
legislation to crack down on phone record burglars should not block the efforts
of Illinois and other states to target them, too…Rob Douglas, a privacy
consultant, will testify that telephone record burglary is part of a larger
problem that includes the theft of utility bills, cable and satellite TV bills
and other customer information that can be used to track down individuals. Cell
tower location information, pager records and GPS tracking devices also are for
sale on the Internet, he cautioned. "These records in the wrong hands have
caused severe harm" including murder,
US
FCC Proposes Fines On AT&T, Alltel Over Privacy -
Sprint
Nextel sues over sale of call records - On Monday, the mobile
operator filed a suit in Dade County, Fla., against All Star Investigations
(ASI), a company believed to own and operate Web sites including OnlinePI.com, AllStarInvestigations.com, DetectivesUSA.com, MiamiProtection.com and PrivateDetectivesUSA.com. Sprint
claims that these sites have fraudulently obtained and sold private billing
records of its customers. This is the second lawsuit Sprint has filed against a
company it said is selling customer cell phone records online. On Friday, it
filed a lawsuit against First Source Information Specialists, parent company of
Locatecell.com, Datafind.org and others. In both suits, Sprint is asking the
court to impose both temporary and permanent injunctions against these
companies. "The schemes perpetrated by these online data brokers are intolerable,
and our intent is to put an end to these practices," Kent Nakamura, vice
president for telecom management and chief privacy officer for Sprint Nextel,
said in a statement. "These online data brokers attempt to manipulate our
customer service resources and detract from service provided to legitimate
customers."… Sprint's lawsuits are the latest in a series of legal actions
by cell phone carriers. Cingular Wireless, Verizon Wireless and T-Mobile have
also filed lawsuits against companies that own Web sites selling customer
information. T-Mobile and Cingular have each won temporary
restraining orders against First Source Information Specialists.
Senate and House Schedule
Hearings On Cell Phone Privacy Scandal - The House and the Senate
will each hold separate hearings next month on the ever-burgeoning
consumer-privacy scandal regarding the disclosure and sale of
telecommunications records. The Senate Commerce consumer-affairs subcommittee
hearing is scheduled for Feb. 8. The House Commerce Committee will hold its
hearing Wednesday…"The commercial sale of consumers' personal phone
records is unthinkable. Americans should not have to fear that using their own
phone will jeopardize their personal privacy and make them even more vulnerable
to identity theft. It is going to take a cooperative effort from the Federal
Trade Commission, the Federal Communications Commission and industry to ensure
that these unsavory practices cease and this hearing will help us determine how
to make that happen quickly and effectively," said Sen. Daniel Inouye
(D-Hawaii), ranking member of the Senate Commerce Committee.
Texas
Probes Cell Phone Calling Record Sales - Two more states are cracking down
on the sale of cell phone calling records.
Sprint
Sues Vendor, Claims Privacy Violations - Sprint Nextel Friday said that it
has sued a company that it claims uses "illegal and deceptive
practices" to obtain information about its cellular subscribers…"1st
Source Information Specialists continues to display egregious disregard for
privacy, and previous industry-driven actions do not appear to have deterred
their illegal activities," Kent Nakamura, Sprint Nextel's chief privacy
officer, said in a statement. "We can assure our customers that we will
make every effort to put these services out of business."
How
phone records are stolen - There was no mistaking that this story
had hit the fan after my interview with security consultant Rob Douglas was
interrupted by another call on his second line from the office of U.S. Sen.
Bill Nelson (D-Fla.). (I don't mind noting that
Phone record
revelation – [citing my interview in the previous post above] The methods being used by companies selling phone records
were revealed this week in an interview with a security consultant outlining
the process. As anticipated, social engineering plays a large role -- the
records are simply requested from the provider under the pretext that the
caller is the owner of the records, hence the term "pretexting". In
order to obtain the information necessary to pull off a convincing imitation,
details about the person are often needed. This is where the phone record
companies turn to public data providers such as ChoicePoint and LexisNexis for
enough information to build a profile on the individual, according to a Network World article. This affiliation with legitimate data
providers was not expected by many, and explains some of the ease and
proficiency with which records are obtained. Another method mentioned was
directly buying the information from insiders at phone companies -- with
contacts being actively recruited via websites.
Privacy
at risk with logs for sale - ``Companies value customer service over
security,'' said Rob Douglas, chief executive of PrivacyToday.com and a
security expert who has testified before Congress about the issue. ``The
emphasis in training is always on satisfaction of the customer, push more
products and move the calls as quickly as possible.'' The pressure on customer
service representatives can be so intense, Douglas said, that even a
password-protected account can be vulnerable…``This is impersonation,'' said
Joe Farren, director of governmental affairs for
CTIA, formerly known as the Cellular Telecommunications and Internet
Association, a trade lobby. ``These companies are engaged in an illegal
activity. They're profiting from it, and they need to be prosecuted.'' Farren said it's nearly impossible to stop scammers, who
often come armed with personal information to support their ruse. ``If a
customer service representative is contacted with a name, a social security
number and a phone number, how are they to know it's not you?''…Part of the
problem is that consumers have no idea whether their records have or have not
been requested. The Mercury News editor whose records were purchased has still
not been contacted by his carrier, Verizon Wireless. Why don't companies notify
people when their records have been accessed? ``I don't have an answer for
you,'' said Barbara Carl, a spokeswoman for Verizon Wireless. ``I really don't
know,'' said Farren, the trade group representative.
T-Mobile spokesperson Julie Smith said the company would not grant any
interviews on the subject. ``The nefarious thing is that the consumer doesn't
know what's happening,'' said
ID theft again tops list
of FTC complaints - For
the sixth year in a row, identity theft tops the annual list of consumer
complaints collected by Federal Trade Commission.
Telcos on Privacy Hot Seat - A U.S. congressman
has opened a new front in the investigation of domestic surveillance by President
Bush’s administration by sending letters to most of the country’s major
telecommunications, cable, and Internet communications firms seeking
eavesdropping information. The request for surveillance information puts the
communications firms squarely on the hot seat as issues of customer privacy,
national security, and the privacy guidelines under which the firms operate are
being addressed by legal scholars and critics of the administration. Michigan
Representative John Conyers, the ranking Democrat on the House Judiciary
Committee, sent the letter to 20 companies, including AT&T, Verizon, Comcast, Time Warner, Cingular, T-Mobile, Microsoft, Yahoo, Google, and EarthLink. The letter dated Saturday asked the
companies’ leadership whether they have “allowed the federal government to
eavesdrop on customer communications” through their facilities or whether or
not they have turned over customer records “when not compelled to do so by
law.”
Frist Calls For Criminalizing Fraudulent Disclosure of Cell
Phone Records - US Senate Majority Leader Bill Frist,
R-Tenn., is working with Senate Commerce Committee
Chairman Ted Stevens, R-AK, on legislation which will criminalize the practice
of fraudulently obtaining and selling cell phone records over the Internet.
Sen. Frist and Chairman Stevens began discussing the
need for legislation after investigating reports that consumers' cellular phone
records are being fraudulently obtained from wireless carriers and in some
cases sold over the Internet: “The practice of fraudulently obtaining a
customer's cell phone records and selling them over the Internet is wrong and
must be stopped," Sen. Frist said.
"Consumers have a right to expect that this information will be kept
private, with very limited exceptions." "If employees within the
wireless companies are improperly disclosing or selling this information, they
must be punished," he continued. "If someone impersonates a customer
or a law enforcement official for the purpose of obtaining phone records and
then profiting from them, we must ensure that they are prosecuted. And anyone
selling phone records that they know were obtained under false pretenses must
face consequences." "I intend to work with Senator Stevens, the
Chairman of the Senate Commerce Committee, on legislation to address these
disturbing reports in the coming days," Sen. Frist
said.
Nelson
Bill To Protect Cell Records - Appearing in
House Lawmakers
Press FCC for Phone-Co. Certifications - House lawmakers are asking the
Federal Communications Commission to turn over annual-certification records
from the largest wireless and landline phone companies amid concerns about the
sale of personal phone records. The lawmakers, including House Energy and
Commerce Committee Chairman Joe Barton, R-Texas, are seeking information on the
internal procedures used by each company to protect the confidentiality of consumer
information. The request comes amid widening concerns about the privacy of
personal phone records, which allegedly have been available on the Internet
through private data brokers…The House lawmakers also pressed the FCC for
details about when it would determine whether to act on a petition filed last
August by the Electronic Privacy Information Center, an advocacy group, about
rules to better safeguard consumer phone records.
Online
Phone Data Brokers Stonewall FCC - Agency orders brokers to provide
information about source of phone data they are selling over Internet. The
Federal Communications Commission (FCC) cited Friday two online data brokers
dealing in private telephone records for failing to comply with FCC subpoenas
seeking documents and information. The FCC wants to know where the brokers
obtained the data since the Telecommunications Act of 1996 prohibits phone
companies from using or disclosing proprietary customer information without the
customer's approval…The FCC citations name 1st Source Information Specialists
and Data Find Solutions, two companies already being sued by Cingular Wireless
for allegedly selling phone records. Cingular Wireless claims 1st Source currently
owns and operates several Websites that advertise the sale of phone records,
including LocateCell.com…The FCC issued subpoenas to the two companies in
November, demanding, "call detail and other customer proprietary network
information that [LocateCell and Datafind]
may be obtaining from telecommunications providers."…According to the FCC,
Data Find solutions has not responded to any of the questions while 1st
Solutions only provided partial information. If the two companies have not
produced the information sought by the FCC by the end of this week, each will
be subject to fines not to exceed $11,000 per day.
Cell
Phone 'Pretexting' Makes Privacy a Thing of the Past; It's Way Too Easy - and
Often Not Even Criminal - to Gain Access to Calling Records - Using a
deceptive method called "pretexting," people who run Web sites
dedicated to the practice can use a person's name, address and just the last
four digits of their Social Security numbers - information that's widely
available - to get their victim's cell phone calling records. In some cases,
cell phone company employees were selling the information on their own…There's
more than just invasion of privacy involved here. Criminals can buy police
officers' records, identifying members of their families and tipsters. Business
competitors can spy out people's contacts and gain valuable intelligence on
future operations. Bank records can be accessed and accounts drained. Finally,
people who want to just make trouble can do it to their hearts' content.
State
Sues South Florida Co. For Selling Cell Phone Records - Attorney General
Charlie Crist sued a
Broker
sued for getting, selling phone records - Illinois has become the first
state to sue an information broker for obtaining cell phone records and selling
them on the Internet, according to a spokeswoman for Attorney General Lisa
Madigan. The lawsuit accuses Florida-based 1st Source Information Specialists
Inc. and its directors, Kenneth W. Gorman and Steven Schwartz, of using fraud
to persuade telephone companies to release phone calling lists, said Melissa Merz, a spokeswoman for Madigan.
Nixon
files suit over Web sales of cell phone records - Missouri Attorney General
Jay Nixon accuses two companies of obtaining cell-phone records illegally and
selling them on the Internet. Nixon filed suit today against First Data
Solutions of Knoxville, and its owner; and First Source Information Specialists
of Tamarac, Florida, along with two of its officers. Nixon says the companies
operate Web sites where for 110 dollars, anyone can type in a cell-phone number
and get records of calls made from that phone -- including the time, duration
and recipient's number.
Verizon
Wireless Continues Campaign Against Data Theft - Verizon Wireless, owner
and operator of the nation's most reliable network, today stepped up its campaign
to protect wireless customers' privacy by filing a lawsuit seeking an
injunction against the owners of locatecell.com -- Data Find Solutions, First
Source Information Specialists and related companies -- and other affiliated
Web sites to prohibit them from obtaining cell phone customer calling or
billing information under false pretenses. Verizon Wireless claims these
companies have fraudulently attempted to obtain customer records by calling
Verizon Wireless customer service centers posing as Verizon Wireless employees
needing access to confidential customer information.
It's Time
for Congress to Prohibit and Criminally Punish the Sale of our Cell Phone
Records "Pretexting" for Phone Numbers is a Serious Privacy Violation
– [FindLaw – Commentary] For around $100, an online
"people locator" or "information broker" company can get
you unauthorized access to almost anyone's cell phone records. All you need to
provide to the company is a credit card, and the person's cell phone number.
Recently, a blogger claimed to have obtained the cell
phone records of General Wesley Clark. The
Cell call lists
reveal your location - Imagine you're living in a shelter for
battered women. And the address is secret. Or, you're a government informant
hiding in witness protection. Does it worry you that someone could pay Internet
brokers to find your location -- within 500 to 1,000 feet -- based on your cell
phone calls? The
Devious
Tactic Snags Phone Data - Online information brokers pried thousands of
private cell-phone records from Verizon Wireless by posing as speech-impaired
customers and company employees, court documents show…According to the suit,
online cell-phone record vendors placed hundreds of thousands of calls to
Verizon customer service requesting customer account information while posing
as Verizon employees from the company's "special needs group," a
nonexistent department. The caller would claim to be making the request on
behalf of a voice-impaired customer who was unable to request the records
himself. If the service representative asked to speak with the customer
directly, the caller would impersonate a voice-impaired customer, using a
mechanical device to distort his voice and make it impossible for the service
representative to understand him -- a variant of a widely used
social-engineering technique known as the "mumble attack." Rob Douglas,
a private investigator turned privacy activist, says federal authorities have
known about the sale of private phone records since at least 1998 but have done
little to address the problem. In the absence of federal action, phone
companies have been resorting to civil lawsuits to prevent sellers from
obtaining and selling records. "I would put (the sale of) cell-phone
records No. 3 as the most invasive after banking and medical records, and the
most fraught for harm," says Douglas, who operates PrivacyToday.com.
"This stuff has life-or-death consequences and severe investigative
consequences for law enforcement."
Sites
That Round Up Call Logs Offer Phone Records For A Price – [PDF – see page
33] …customers can put up a minor road block for pretexters
themselves by asking their phone company to set a PIN code for their account
instead of using their Social Security number. Robert Douglas in Steamboat Springs,
Colo., a former private investigator who has testified on Capitol Hill about
pretexting, notes that this is not a very good defense - customer service
representatives can often be browbeaten into giving up personal information
even if its protected by a PIN and password. Neither will it help, of course,
if an employee is on the take.
T-Mobile seeks halt to
cell phone record sales - T-Mobile, the No. 4 U.S. wireless carrier, said
Monday it asked a Washington state court to prevent companies from allegedly
using fraudulent means to obtain and sell T-Mobile customer call records.
FCC says it's looking into
sale of phone records - Federal regulators are investigating whether
telephone companies are doing enough to keep customers' records from falling
into the hands of unscrupulous online data brokers.
Indictment of
Massive Identity Theft Ring Revealed - The prosecutor says Todd Eversen and and J.C. Flores led
an identity theft ring with four accomplices, dating back to 2004. They made
counterfeit checks and fake ID's and victimized
hundreds of people with more than 25-thousand checks. Thirty-seven acts are
cited in the federal indictment…It's not only individuals swiping your
identity, organized crime is in on the act. Tim Fuhrman, F.B.I.: "Domestic
terrorist groups, white supremacist prison gangs. We've seen that all of them
engage in this kind of activity to finance what they're doing."
Colombia dismantles false passport
ring -
Pleas
heat up Hollywood detective probe - After months of behind-the-scenes
maneuvering, a federal probe into the alleged illegal wiretapping activities of
private investigator to the stars Anthony Pellicano
appears to be ready for its close-up. Prosecutors revealed recently that Pellicano's former girlfriend and a veteran police officer
pleaded guilty to charges in connection with the investigation…Former Beverly
Hills police Officer Craig Stevens, 45, of Oak Park admitted that Pellicano paid him for confidential information he obtained
from law enforcement databases, prosecutors said…Stevens, the former Beverly
Hills police officer, reportedly is cooperating with prosecutors. The charges
against him state that he checked police databases for information about Adam
Sender, a New York financier and art collector, and members of the family of
Hollywood producer Aaron Russo.
Gonzales
Echoes Defense of Wiretaps - Attorney General Alberto R. Gonzales argued
yesterday that the requirements of a secret intelligence court are too
cumbersome for rapid pursuit of suspected terrorists, repeating the
administration's position that warrantless
wiretapping authorized by President Bush does not violate the Constitution or
federal law.
Patriot
Act Talks Hit Roadblock On Privacy Issue - Efforts to resolve House and
Senate differences over a revised USA Patriot Act have reached a stalemate, a
key committee chairman said yesterday. That means the current version of the
law is likely to remain in place through next month or longer unless Senate
Democrats and a handful of Republicans drop their demands for greater privacy
safeguards in a proposed renewal, the chairman said…The main disagreements center
on provisions that allow FBI agents to obtain records on terrorism suspects,
who have very limited options for challenging such searches. Specter has said
the law allows adequate "judicial review" of proposed searches. But
Sununu and his allies say the law makes it virtually impossible for targeted
people to prevail, even if they have no ties to terrorism.
Iris
Scanning For New Jersey Grade School - When a
parent arrives to pick up their child at one of three grade schools in the
Freehold Borough School District, they'll need to look into a camera that will
take a digital image of their iris. That photo will establish positive
identification to gain entrance into the school.
Yahoo,
MS: No personal data surrendered - Yahoo and Microsoft say they did not
turn over any private information to the government when they complied with a
subpoena.
State Issues
Identity Theft Alert - The Ohio Department of Commerce's Division of
Unclaimed Funds issued an identity theft alert to
Financial gain driving Web
breaches, IBM says - Internet attacks are increasingly being motivated by
financial gain, with organized crime supplanting thrill-seekers as the main computer
security threat, IBM said Sunday.
Online attacks common for
U.S. firms, FBI says - Nearly nine out of 10
Calling
Records Sales Face New Scrutiny - Phone companies and federal lawmakers are
demanding it be halted. The Federal Communications Commission is launching an
investigation. The business of buying and selling private phone calling records
is suddenly under considerable scrutiny. The Internet, it turns out, has taken
something old - a tool for monitoring cheating spouses or conniving business
associates - and made it new again…Case in point: In 1998, Los Angeles' police
department had a serious security problem. Suspected mobsters obtained home
phone numbers and addresses of detectives. In an apparent attempt at
intimidation, one mobster showed up at a police officer's home while he was at
work, gave his name to the officer's wife and walked away. The LAPD eventually
determined that the officers' personal data came from a
Can We Stop The
Sale Of Phone Records? - Security Consultant Rob Douglas, who runs
PrivacyToday.com, helped the Federal Trade Commission run a sting against data
thieves in 2000. At the time, he found 1,000 Web sites claiming to sell such
information; a similar number still advertise stolen data, he said. Part
of the reason, Douglas says, is a lack of clarity about the illegality of the
practice of calling up a company and pretending to be someone else for the
purpose of obtaining information -- called pretexting, or calling under a false
pretext. Federal law does explicitly make pretext calling to obtain financial
records illegal. But the legal question is a bit more murky for data such as
cell phone records. It might be identity theft; it might be an unfair and
deceptive trade practice, and thereby run afoul of the Federal Trade Commission
Act. But to end the discussion, and to cut off the legal running room the data
thieves claim,
University researchers
launch anti-spyware site - A corporate-backed Web site being launched by
researchers from Harvard and
20-year-old hacker rented out
attack network - A 20-year-old hacker admitted Monday to
surreptitiously seizing control of hundreds of thousands of Internet-connected
computers, using the zombie network to serve pop-up ads and renting it to
people who mounted attacks on Web sites and sent out spam.
Terrorists
On Tap – [Wall Street Journal Op-ed] In a speech
last week, Al Gore took another swing at the National Security Agency's
electronic surveillance program, which monitors international communications
when one party is affiliated with terrorists. Specifically, Mr. Gore argued
that George Bush "has been breaking the law repeatedly and
persistently," and that such actions might constitute an impeachable
offense. The question he raises is whether the president illegally bypassed the
Foreign Intelligence Surveillance Act (FISA). But the real issue is national
security: FISA is as adept at detecting--and, thus, preventing--a terrorist
attack as a horse-and-buggy is at getting us from
EPIC West: IL
Lawmakers to Introduce Pretexting Ban -
Feds to banks: Put
security policies in writing - Even if federal law doesn't
explicitly say so, all companies that handle personal information for their
customers should have written security policies, a computer security attorney
said Tuesday. This is a must read for all businesses!
Four
indicted in bank fraud scheme - Baltimore residents Barry Elijah
Davis, Benjamin Steven Davis and Binica Nicole Brooks
used and maintained a laptop computer at Towson resident's Kendena
Aisha Lee's home at which police found more than $15 million in counterfeit
business checks, according to Maryland's U.S. Attorney Rod J. Rosenstein.
Actual losses of more than $500,000 resulted from the deposit and cashing of
the phoney checks, Rosenstein said. The indictment
alleges that beginning in January 2004 to the present, Barry Davis, 37,
Benjamin Davis, 38, and Brooks, 27, produced counterfeit business checks using
templates with real business account numbers obtained by paying people for
copies of their paychecks. They allegedly recruited "account
holders," including students from
Identities
of Resort Customers Stolen - As reported by Reuters: "The
identities of more than 50,000 customers of major Bahamas resort Atlantis have
been exposed to possible identity fraud following the theft of personal
information from the hotel, the owners said…Information stolen included names,
addresses, credit card details, social security numbers, drivers license
numbers and bank account data, the filing said. The information appears to have
gone missing from the hotel's computer database and was the work of either an
insider or outside hacker.
Woman
Sentenced For Identity Theft - Lisa Lucas, 31, of
Is That a Bull's-Eye
On Your Wallet? - Identity thieves are expected to steal more than $1
trillion. Cybercriminals are making so much
money—more than the illegal drug trade last year, according to the
Annoy someone
online--two years in jail? – Declan McCullagh
Commentary--Annoying someone via the Internet is now a federal crime.
Security
Fix - Brian Krebs on Computer and Internet Security - Two supposed
anti-spyware companies that used misleading ads to frighten consumers into
purchasing software to eliminate non-existent threats have settled deceptive trade practice
charges brought by the Federal Trade Commission (FTC). The civil
lawsuits targeted the makers of the "SpywareAssassin"
and "Spykiller" software titles. According
to the FTC's
complaint, Spyware Assassin and its many "affiliate"
marketers used Web sites and e-mail, banner and pop-up ads to drive users to
its site, which offered free spyware scans. The scans invariably told consumers
their computers were infested with spyware, whether they actually were or not.
Consumers who freaked out and paid the $30 for the software were no better off
after having done so, the FTC said, because the "protection" software
was a worthless pile of garbage.
The
freedom to blog - Los Angeles Times Editorial – After Microsoft shut down a
popular Chinese-language blog recently, a barrage of anti-Microsoft messages
began zinging around the blogosphere in
EPIC
West: Federal Law Now Prohibits SSN on
Driver's Licenses - Here's an interesting nugget that the privacy advocates
missed--in passing the Intelligence Reform and Terrorism Prevention Act of
2004, Congress prohibited the publication of Social Security Numbers on
driver's licenses. It's about time!
Have you been
wiretapped? - Bob Sullivan's The Red Tape Chronicles – How worried are
Americans that the federal government might listen in on their phone calls, or
read their e-mails? I posted the following comment to
Sullivan’s piece: “I was twice appointed by
EPIC West:
Pretexting Isn't Lying, According to Bestpeoplesearch.com - On CNBC's On
the Money [last Thursday], Robert Douglas of PrivacyToday and Larry Slade, an
attorney for Bestpeoplesearch.com squared off on how private investigators and
online data brokers obtain and sell telephone records. EPIC has filed a
complaint against the operators of Bestpeoplesearch,
alleging that their practices are unfair and deceptive under the Federal Trade
Commission Act, because the company is facilitating the sale of individuals'
private telephone records.
Time to
do number on firms that sell cell phone records - Chicago Sun-Times Editorial
- Nowhere is information more powerful than when it is personal and in the
hands of the wrong people. So it is with a collective sigh of relief that we
note the rapid response of state government officials to a problem that could
negatively affect private citizens as well as law enforcement.
Sale
of phone files targeted - Illinois officials say they want to stop
companies from selling private telephone records without the consent of
consumers, and they want to know how brokers got those records in the first
place.
Phone record
brokers targeted - The
Your phone
records are for sale - The Chicago Police Department is warning officers
their cell phone records are available to anyone -- for a price. Dozens of
online services are selling lists of cell phone calls, raising security
concerns among law enforcement and privacy experts.