The Unapologetic Christian Conservative Patriot » ID Theft

The Latest Homeland Security Report No. 199 is Available for Free Download

Anthony Davis — Sat, 04 Jul 2009 22:56:32 +0000

Click on the “Homeland Security Reports” Link on the left to get the latest info.

This month’s Content:

Offïcer Safety – Spy Bolt
DOJ Catches Spies in US
Editor’s Note Regarding Spies
Special Earnings for Veterans
National Security Poll
NIST Computer Security Center
Free Resources
Dealing with Conflict, Violence and Crises
Lighten Up
Terrorism Calendar

Online Investigation Tools – Are They Any Good? Is There a Threat of Identity Theft?

Anthony Davis — Tue, 14 Oct 2008 09:47:29 +0000

By Anthony M. Davis

The Homeland Security Group conducted a review of “Online Investigation” Tools. Throughout the review, ten different online systems were used to obtain the information related to a variety of consenting parties.

Most of the systems accurately returned the correct information. Sometimes duplicates were found with conflicting information; often times as a result of retrieving prior addresses, phone numbers, owned vehicles or other properties, etc.

Many times, information was returned that was publicly available (i.e. tax and property information). Even so, when mixed with the overall data, unless a user had a good listing of trusted public records websites, the “one site fits all” approach like some of the sites reviewed, may be a better time saver. Although, users should remember that “Public Information” is most often free…a person just has to go and find it.

All of the sites reported what is known as “Teaser” data. Each of the sites have a search form allowing users to do a quick search for information. This teaser data is often times accurate information that is publicly available, yet lacks the substance of the information that an investigator would want. In order to get more information the user is always taken to a site where they can purchase access. Certainly that makes sense – They are in the business to make money. Surprisingly, when looking for addresses and approximate ages of the consenting parties, I was able to get that information 6 out of the 10 initial searches for free. For the review however, I needed more information and opted for the basic service.

Some of the information services had websites that were not very user-friendly or at times, seemed to hang up and never return the data consistently. Of the ten online information providers, one seemed to be consistent: Web Investigator.

An ID Theft Threat?

During the review of each of the online investigation sites, I never found the ability to extract baseline data to steal a persons’ ID. What I mean is, a user of the system cannot conduct a search for John Doe at 123 “A” Street, Minneapolis, MN and have a return that provides his SSN or credit card numbers. With that said, a good investigator seeking information about an individual will begin with what he or she may have and start from there.

Although, Law Enforcement personnel have a variety of other tools that provide greater details. Law Enforcement are allowed these resources because they have been screened, briefed on the use and fully vetted. The commercial online investigative tools do not provide this level of detail. Frankly, anyone wanting to check the background of a possible employee or find old friends or relatives can do so without the risk of creating ID Theft victims.

This is not an over-arching endorsement for this or any other commercial program. Yet, there are times when we find ourselves needing to verify an individual or do a “Pre-check” before doing business with them. It is often a good idea to know that a person is who they say they are. Web Investigator offers an inexpensive access fee and generally, pretty good information.

…just in case you need it some day.

New Identity Theft Protection Tool Available

Anthony Davis — Mon, 08 Sep 2008 10:49:41 +0000

In an effort to keep readers informed of new tools and technologies to assist in the fight against I dentity Theft, a new tool recently came to the forefront.

In today’s world, computers and the Internet are our friends…yet, can also be the downfall of us. With new Phishing scams, spyware and such, an individual can lose their financial status, security clearance and their job because of this ongoing threat. There have been instances where some people have been convicted and sent to jail because of illegal photos and software implanted on their computers without their knowledge.

Some facts…Did you know:

Every move you make on your computer, including all of your email and Internet activity, is being recorded whether you realize it or not.

If someone else has access to the computer you use, such as a friend, a boss, a co-worker or a spouse, they can see every single thing you’ve done on that computer and they don’t even have to know much about technology to accomplish such a feat. By simply using one of many common software applications available online, almost anyone can retrace every computer move you’ve ever made.

Without privacy software, a person can look at every single website you’ve ever visited, every email you’ve ever sent or received, and every movie or music file you’ve ever watched or downloaded.

Do you really want someone knowing every single thing you’ve ever done on your computer? If you don’t take measures to protect yourself, that’s exactly what can happen. However, our Privacy Control Software can provide you with the protection and privacy you deserve.

When you run the software, it will scan your entire computer and will show you all of the emails, chat logs, Internet histories, audio and video files, deleted files, search histories, clipboard data, cookies, password files, image files and other information you probably never even realized was on your hard drive.

Better yet, once you’ve seen all the privacy-invading footprints stored on your system, our software will enable you to erase them from your hard drive forever and then not only will your privacy be protected, but your computer will run better as well.

The new Privacy Control tool is offered as a Free Download.

National Cyber Alert System

Anthony Davis — Wed, 11 Jun 2008 10:17:55 +0000

National Cyber Alert System

Cyber Security Tip ST05-012

Supplementing Passwords

Passwords are a common form of protecting information, but passwords alone may not provide adequate security. For the best protection, look for sites that have additional ways to verify your identity.

Why aren’t passwords sufficient?

Passwords are beneficial as a first layer of protection, but they are susceptible to being guessed or intercepted by attackers. You can increase the effectiveness of your passwords by using tactics such as avoiding passwords that are based on personal information or words found in the dictionary; using a combination of numbers, special characters, and lowercase and capital letters; and not sharing your passwords with anyone else (see Choosing and Protecting Passwords for more information). However, despite your best attempts, an attacker may be able to obtain your password. If there are no additional security measures in place, the attacker may be able to access your personal, financial, or medical information.

What additional levels of security are being used?

Many organizations are beginning to use other forms of verification in addition to passwords. The following practices are becoming more and more common:

two-factor authentication – With two-factor authentication, you use your password in conjunction with an additional piece of information. An attacker who has managed to obtain your password can’t do anything without the second component. The theory is similar to requiring two forms of identification or two keys to open a safe deposit box. However, in this case, the second component is commonly a “one use” password that is voided as soon as you use it. Even if an attacker is able to intercept the exchange, he or she will still not be able to gain access because that specific combination will not be valid again.

personal web certificates – Unlike the certificates used to identify web sites (see Understanding Web Site Certificates for more information), personal web certificates are used to identify individual users. A web site that uses personal web certificates relies on these certificates and the authentication process of the corresponding public/private keys to verify that you are who you claim to be (see Understanding Digital Signatures and Understanding Encryption for more information). Because information identifying you is embedded within the certificate, an additional password is unnecessary. However, you should have a password to protect your private key so that attackers can’t gain access to your key and represent themselves as you. This process is similar to two-factor authentication, but it differs because the password protecting your private key is used to decrypt the information on your computer and is never sent over the network.

What if you lose your password or certificate?

You may find yourself in a situation where you’ve forgotten your password or you’ve reformatted your computer and lost your personal web certificate. Most organizations have specific procedures for giving you access to your information in these situations. In the case of certificates, you may need to request that the organization issue you a new one. In the case of passwords, you may just need a reminder. No matter what happened, the organization needs a way to verify your identity. To do this, many organizations rely on “secret questions.”

When you open a new account (email, credit card, etc.), some organizations will prompt you to provide them with the answer to a question. They may ask you this question if you contact them about forgetting your password or you request information about your account over the phone. If your answer matches the answer they have on file, they will assume that they are actually communicating with you. While the theory behind the secret question has merit, the questions commonly used ask for personal information such as mother’s maiden name, social security number, date of birth, or pet’s name. Because so much personal information is now available online or through other public sources, attackers may be able to discover the answers to these questions without much effort.

Realize that the secret question is really just an additional passwordâ€”when setting it up, you don’t have to supply the actual information as your answer. In fact, when you are asked in advance to provide an answer to this type of question that will be used to confirm your identity, dishonesty may be the best policy. Choose your answer as you would choose any other good password, store it in a secure location, and don’t share it with other people (see Choosing and Protecting Passwords for more information).

While the additional security practices do offer you more protection than a password alone, there is no guarantee that they are completely effective. Attackers may still be able to access your information, but increasing the level of security does make it more difficult. Be aware of these practices when choosing a bank, credit card company, or other organization that will have access to your personal information. Don’t be afraid to ask what kind of security practices the organization uses.

Authors: Mindi McDowell, Chad Dougherty, Jason Rafail

New Cyber-Safety Report Available

Anthony Davis — Thu, 14 Feb 2008 11:03:48 +0000

A new report published by Norwich University is available online. The report discusses issues pertaining to the following areas on the Internet:

Pedophiles

Online dating and cyberex

Hate groups

Pornography

Incorrect information

Hoaxes

Threats

Viruses and other malicious self-replicating code

Junk e-mail

Chain letters and Ponzi schemes

Get-rich-quick schemes

Nigerian 4-1-9 scam

Stolen software

Stolen music and video

Plagiarism

Criminal hackers & hacktivists

Online auctions

Online gambling

Buying on the Web

Games

Spyware and scumware

Addiction

Theft of identity

The full report is available Here.