It’s the fabulous new game that’s sweeping the globe. Every day you hear about some organization losing someone’s personal information. These activities go from the simple act of finding someone’s paper credit card statement to sophisticated hackers stealing customer data from a website or database. It can get a little overwhelming sometimes and make you feel like you are in a gambling casino. Let’s look at some of the ways that people steal information.
Dumpster Diving – recently some hospitals in Massachusetts had paper documents with patient information show up at the dump.
Listening to your Phone Conversation – consumers give their credit card information to someone over the phone in a public place.
Read the rest of this entry »
Just when you thought you had the corporate crown jewels under lock and key it now appears that veteran CIA spies can moonlight and help your competitors determine what is going on inside your company! I just finished reading a book titled “Broker, Trader, Lawyer, Spy” by Eamon Javers. In his book Javers details how companies are employing CIA Agents to spy on their competitors. Using cutting-edge technology, age-old techniques of deceit and manipulation, and sheer talent, spies act as the hidden puppeteers of globalized businesses.
Because the US Federal Government cannot pay these seasoned employees enough compensation, they are now permitted to use their skills during off hours. This permits them to leverage their experience and techniques, such as reading the body language of CEOs during interviews to see if they are telling the truth. Javers discusses a theory called “cognitive dissidence” which says that when someone attempts to hold two conflicting ideas in their brain at the same time, normal people will display noticeable patterns of discomfort. The human brain will do almost anything to avoid this discomfort and will attempt to do or say things to circumvent the truth. The classic example is Bill Clinton’s “There is no affair” and “It depends on what the meaning of the word ‘is’ is.” Agents trained to detect body language and innocuous activities can detect valuable information that would otherwise go unnoticed.
Read the rest of this entry »
In a recent article in Foreign Affairs, US Deputy Secretary of Defense William Lynn wrote about the threats to classified US military computer networks. The article was spurred by the recent revelation that in 2008, the Department of Defense suffered a major breach in its networks from a USB drive that was infected with malware. The malicious code was put there by a foreign intelligence agency and uploaded onto a network run by the US Central Command from a laptop. This caused a major review of policies within the military that eventually banned removable USB flash drives from the Pentagon and other military environments.
In the spring I wrote about USB drives being left in dry cleaners across the UK and talked about how carelessness can lead to data breaches. I wouldn’t say the US military breach was carelessness, but I don’t think they appreciated the seriousness of something so innocuous as a USB drive.
Read the rest of this entry »
Most of the data breaches I read about in the news are from computer systems. Either someone lost a laptop with patient records or social security numbers, or someone hacked into a server with credit card numbers. With all the high tech ways of doing things, we may lose sight of the low tech methods of stealing information.
According to Wikipedia, dumpster diving is the practice of sifting through commercial or residential trash to find items that have been discarded by their owners, but which may be useful to the dumpster diver. Do you remember the famous scene in the movie Animal House, where Bluto and D-Day go sifting through the trash to find the answers to a test everyone is taking? Think about people doing that looking for patient records, social security numbers and the like.
Read the rest of this entry »
Everyone is so focused on identity theft through electronic means that many people forget about simply stealing something by listening. The other day I was in my public library, when a woman came in and wanted to use the Internet. She said her computer had died at home and she needed to do a few things online. She went over to the machine and started doing her business. About 10 minutes after she started she took out her cell phone and made a phone call (big no no in a library).
Apparently she was trying to order something online and was having troubling with the shopping cart at the site. She spoke to a customer service person and started dictating her order. She did this in a very loud voice, which was a bit annoying, to say the least. Then comes the coup de grace. She reads her credit card number out loud to the customer service person. She slowly reads the numbers, the expiration date and the Card Verification Value (CVV). There were at least 10 people within earshot who could easily hear her.
I was tempted to write down the numbers and show them to her, just to see her reaction. Talk about a data breach. I can imagine the conversation.
Read the rest of this entry »
It’s the fabulous new game that’s sweeping the globe. Every day you hear about some organization losing someone’s personal information. These activities go from the simple act of finding someone’s paper credit card statement to sophisticated hackers stealing customer data from a website or database. It can get a little overwhelming sometimes and make you feel like you are in a gambling casino. Let’s look at some of the ways that people steal information.
