Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

Category Archives: ID Theft

Is Your Android Device Telling the World Where You’ve Been? – EFF

Do you own an Android device? Is it less than three years old? If so, then when your phone’s screen is off and it’s not connected to a Wi-Fi network, there’s a high risk that it is broadcasting your location history to anyone within Wi-Fi range that wants to listen. This location history comes in the form of the names of wireless networks your phone has previously connected to. These frequently identify places you’ve been, including homes (“Tom’s Wi-Fi”), workplaces (“Company XYZ office net”), churches and political offices (“County Party HQ”), small businesses (“Toulouse Lautrec’s house of ill-repute”), and travel destinations (“Tehran Airport wifi”). This data is arguably more dangerous than that leaked in previous location data scandals because it clearly denotes in human language places that you’ve spent enough time to use the Wi-Fi. Normally eavesdroppers would need to spend some effort extracting this sort of information from the latititude/longitude history typically discussed in location privacy analysis. But even when networks seem less identifiable, there are ways to look them up. We briefly mentioned this problem during our recent post about Apple deciding to randomize MAC addresses in iOS 8. As we pointed out there, Wi-Fi devices that are not actively connected to a network can send out messages that contain the names of networks they’ve joined in the past in an effort to speed up the connection process.1 But after writing that post we became curious just how many phones actually exhibited that behavior, and if so, how much information they leaked. To our dismay we discovered that many of the modern Android phones we tested leaked the names of the networks stored in their settings (up to a limit of fifteen).  And when we looked at these network lists, we realized that they were in fact dangerously precise location histories.”

Internet of Things: Connected Home – Survey

“Fortinet® – a global leader in high-performance network security released the results of a global survey that probes home owners about key issues pertaining to the Internet of Things (IoT). Independently administered throughout 11 countries, the survey titled, “Internet of Things: Connected Home,” gives a global perspective about the Internet of Things, what security andContinue Reading

2014 Trustwave Global Security Report

“The 2014 Trustwave Global Security Report is back for another year,…and we again lean on hard evidence gathered from hundreds of data breach investigations conducted last year – 691 to be exact, spread across industries and the world – as well as threat intelligence gathered from our products and security operations centers. Using that evidence,Continue Reading

At the Nexus of Cybersecurity and Public Policy

“We depend on information and information technology (IT) to make many of our day-to-day tasks easier and more convenient. Computers play key roles in transportation, health care, banking, and energy. Businesses use IT for payroll and accounting, inventory and sales, and research and development. Modern military forces use weapons that are increasingly coordinated through computer-basedContinue Reading

The Target Data Breach: Frequently Asked Questions

CRS – The Target Data Breach: Frequently Asked Questions. N. Eric Weiss. Specialist in Financial Economics; Rena S. Miller, Specialist in Financial Economics. April 22, 2014. “According to Target, in November and December of 2013, information on 40 million payment cards (credit, debit, and ATM cards) and personally identifiable information (PII) on 70 million customers was compromised. The Secret Service hasContinue Reading

Verizon 2014 Data Breach Investigations Report

Excerpt from the Verizon 2014 Data Breach Investigations Report: ‘“We have more incidents, more sources, and more variation than ever before—and trying to approach tens of thousands of incidents using the same techniques simply won’t cut it. Not only would the dominant incident characteristics drown out the subtleties of the less frequent varieties, but we cannotContinue Reading

FTC Announces Top National Consumer Complaints for 2013

News release: “Identity theft continues to top the Federal Trade Commission’s national ranking of consumer complaints, and American consumers reported losing over $1.6 billion to fraud overall in 2013, according to the FTC’s annual report on consumer complaints released today. “Americans of all ages are vulnerable to identity theft, and it remains the most common consumerContinue Reading

Commentary – FBI Issues Cyber Attack Warning To Retailers: Is Chip And PIN The Answer?

Eric A. Packel: “Point-of-sale (POS) systems are under attack.  In the wake of breaches at Neiman Marcus, Target and other stores over the 2013 holiday season, the FBI is now warning retailers to expect similar cyber attacks in the coming months.  The warning came in the form of a 3 page report distributed to numerous retailersContinue Reading

CRS – Identity Theft: Trends and Issues

Identity Theft: Trends and Issues, Kristin Finklea, Specialist in Domestic Security. January 16, 2014. “Policymakers continue to be concerned with securing the economic health of the United States—including combating those crimes that threaten to undermine the nation’s financial stability. Identity theft, for one, poses both security and economic risks. By some estimates, identity fraud cost Americans nearly $21 billion inContinue Reading

Report to Government on Massive Theft of Credit Card Data From Retail Customers

KAPTOXA POS Report Overview – “iSIGHT Partners, working with the U.S. Secret Service, has determined that a new piece of malicious software, KAPTOXA (Kar-Toe-Sha), has potentially infected a large number of retail information systems. This software can find, store, and then transmit sensitive information such as credit card and PIN numbers. These findings are part of aContinue Reading

New GAO Reports – Government Support for Bank Holding Companies, InfoSec, James Webb Space Telescope

GOVERNMENT SUPPORT FOR BANK HOLDING COMPANIES - Statutory Changes to Limit Future Support Are Not Yet Fully Implemented, GAO-14-174T, Jan 8, 2014: “GAO found that from 2007 through 2009, the federal government’s actions to stabilize the financial system provided significant funding support and other benefits to bank holding companies and their subsidiaries. The Board of Governors ofContinue Reading

EPIC – Snapchat Data Breach Exposes 4.6 Million Usernames

“A data breach has exposed the usernames and partial phone numbers of 4.6 million users of Snapchat, a popular photo- and video-sharing app. The breach was accomplished by exploiting a flaw that was previously brought to company’s attention by security researchers. Last year, EPIC filed a complaint with the Federal Trade Commission regarding Snapchat’s deceptive claim that photos would “disappear forever”Continue Reading