Taxpayer Identity Theft

Leave a comment

No one likes tax time;  there are too many forms to complete and often there is money to send.  Well, as with any situation, wait, it will get worse — and it has.  Thieves are filing taxes using your social security number and directing the refunds to themselves.  You may be unaware you are a victim until you try to file your taxes and learn one already has been filed using your social security number.  Or, you may learn from the IRS that you owe additional tax, refund offset or have had collection actions taken against you for a year you did not file a tax return.  Another way you can find you have a problem is if IRS records indicate you received wages from an employer unknown to you.  Of course the problem worsens because if they have your social security number, they may also be stealing other aspects of your identity.

This is a major problem and you need to act immediately!

If your SSN is compromised and you know or suspect you are a victim of tax-related identity theft, the IRS recommends you take these steps:

  • Respond immediately to any IRS notice; call the number provided
  • Complete IRS Form 14039, Identity Theft Affidavit. Use a fillable form at IRS.gov, print, then mail or fax according to instructions.
  • Continue to pay your taxes and file your tax return, even if you must do so by paper.

If you previously contacted the IRS and did not have a resolution, contact the Identity Protection Specialized Unit at 1-800-908-4490.

Then, you need to address the other (non-IRS) dimensions of your identity theft.

  • File a report with your local police department
  • File a complaint with the Federal Trade Commission at www.identitytheft.gov or the FTC Identity Theft Hotline at 1-877-438-4338 or TTY 1-866-653-4261.
  • Contact one of the three major credit bureaus to place a ‘fraud alert’ on your credit records:
  • Contact your financial institutions, and close any accounts opened without your permission or tampered with.
Advertisements

Do you need help using the Internet?

Leave a comment

coverI have a new book and it may just be the thing you have been looking for!  The name of the book is You’re Never Too Old to Surf:  A Senior’s Guide to Safe Internet Use. 

This book is for you if you have ever wanted to harness the power of the Internet, but haven’t been quite sure what that means or how to do it.  It is intended for the parents, grandparents and great-grandparents who want to use the wide range of tools that are available today on the Internet, from simply surfing the web to buying online, using email, blogs and even social networking sites.  You may have sought guidance from your child or children  only to be annoyed at their exasperated response to your questions.  Or, you may have tried it on your own, and gotten frustrated with the tools, or had some problem result from that use (or know someone who did).  You may be using the Internet, but just not feel very confident in what you are doing.  If you fall into any of those categories, I wrote this book for YOU!  Of course, if you are the child or grandchild and are having trouble explaining things to your elders, this book could help you too.

The book is available from Amazon.com and BarnesandNoble.com.  Your local bookstore can order it too.  It is published through CreateSpace, ISBN 978-1506163857.

Please give it a try and let me know how you like it.

 

Cybersecurity, Sony, and You

Leave a comment

By now, I assume you have heard about the hacking of Sony’s computers last month.   Just to remind you, Sony produced a comedy film about two fellows who were supposed to assassinate Kim Jong-un, called The Interview.   There was significant publicity before the movie was released;  personally I did not find the commercials compelling and had not planned to view the movie.  Then, just before it was to be released suddenly Sony’s computers fell victim to a significant hacking attack.  Financial data, including social security numbers and identities, were released.  Equally embarrassing were the masses of personal emails which highlighted the dysfunctional nature of the film business.  In addition, the hackers “wiped” most of the computers “clean,” meaning the data are lost to Sony.  Estimates of the damage are in the millions, far more than the value of the film.

Early reports blamed North Korean hackers for this attack.  Then reports suggested that the hackers were really not from North Korea, simply “sympathizers” with North Korea.  Then the focus turned to North Korea again.  The Federal Government seems fairly sure that fault lies with the North Koreans.  However, whoever was behind the hack announced they would do no further damage if Sony never released the film.  So, Sony halted release of the movie.  It did later get released amid cries of the inappropriateness of the North Koreans censoring our media.

So, what do we know? Clearly Sony was hacked.  Evidence suggests that the intrusion had been occurring for more than a year, prior to the release of data.  Could it have been the North Koreans given their lack of technology?  We have known since 1998 of the formidable capabilities of the DPRK army’s Unit 121;  at that date, its force was 17,000 hackers (there are probably more now).   Further, North Korean officials had previously expressed concerns about the film to the United Nations, stating that “to allow the production and distribution of such a film on the assassination of an incumbent head of a sovereign state should be regarded as the most undisguised sponsoring of terrorism as well as an act of war. [emphasis added]”   Could it have been someone else who sympathizes with them?  Yes.  The Guardians of Peace have made threats against the United States, and they have the capability.

The question though is what is the impact on you?  Well, assuming you are not one of the employees or dependents whose private information or communications were released, this is primarily a wake up call is the impact that hacking can have on us as individuals and us as a society.  First, to us as individuals.  Those people whose financial data were exposed may run into a variety of problems from credit card fraud to identity theft.  Someone, whether it is Sony, the individuals themselves, or others, will need to spend much time and money to ensure that the people are made whole again.  You run the same risk every time you use a credit card (whether on or off the net), or connect to the Internet.

The more interesting question, though, is what happens to us as a society.  Sony will spend a small fortune recreating its data bases, correcting information and repairing relationships with its customers.  Of course, they will need to create a better security system to protect the recreated repositories.  That means that the costs of Sony movies will increase and we will all be forced to pay for it.  Perhaps this experience will frighten all of the studios to invest more money and so that the costs of all movies increase.  Well, today it is just a cost of doing business.

Bigger than that, however, is the threat that if another government (or perhaps another company or group of people) doesn’t like what you produce, they can affect it by hacking into your computers or even threatening to hack into your computers.  What will that do to the freedom of speech and expression in this country?  What will it do to entrepreneurship in this country?  For that matter, what will it do to the governing of this country?

In this case, the cost was primarily financial.  What happens when the hack is against our power grid,  water systems, or hospitals?  The implications of that are far worse.

We all need to be careful about computer security, and we need to think about the tradeoffs with ease of use.  And, all of us need to put pressure on corporations to improve their security systems from the bottom up.

 

 

Cyber Monday is coming

Leave a comment

Tomorrow is Cyber Monday, the online equivalent of Black Friday.  Online vendors offer great deals  — without the crowds, lines and hassles. While I never partake in Black Friday shopping (although I do practice Small Business Saturday shopping), I always try to get some time for Cyber Monday shopping!

Ah, but it is not without its problems.  There are great deals, but those that seem too good to be true often are just that, untrue.  People will pretend to give you bargains, and even pretend to be something they are not just so they can steal your money.  So, you need to be ready for them if you are planning to shop on Cyber Monday.  These are some hints that will help you keep safe.

  1. Only shop with companies you know.  Those little boutiques and great offshore stores may look like they offer great deals, but you may never get anything from them.  They should be avoided unless you are sure they exist because someone else has shopped there or you have some physical evidence that they exist.
  2. Don’t click on a link from an email to get to a website.  The link may look safe, but you do not know that link will direct your browser to where it says it is going.  If you must, copy the email address that it is visible and paste it into your browser manually.  Once you arrive at the page, look at it carefully to be sure it is the intended site and not a fake site made to look like a real site.  It is easy to reproduce logos, colors and the like to make a page resemble a legitimate business page even if it is not.
  3. Only provide your financial information  to websites that are secure.   Anything sent over a regular Internet connection can be captured by people with the correct knowledge and tools.  To avoid hackers having access to information such as your credit card number, you want to send the information over a secure internet connection.  Reputable stores will transfer you to a secure connection before asking for financial information.  You can tell two ways.  First, you should be able to see a locked padlock icon somewhere on your screen (it is different with different browsers, different versions and different kinds of machines).  For example, in Firefox on a PC, the padlock is at the top of the page near the “go back” button.  Also, even if you cannot find the padlock, look at the URL, or address in the locator window at the top of the page.  If it is a secure connection, the address will start with https:// (instead of the normal http://).  The “s” stands for secure.
  4. Try to use just one credit card online.  In today’s world there are lots of examples of hacking both online and at the brick and mortar stores.  It is a good practice to use a credit card online that is not your main credit card.  In that way if you are a victim of fraud, you can cancel the one card and still have another for your regular purchases.
  5. Keep passwords secure.  Most of us think passwords are a hassle.  While they are a hassle and it is hard to remember secure passwords or multiple passwords, they often are the only thing keeping your credit card and other personal information safe.  Keep them secure and keep them “strong” (hard to guess).  For more information on this, I recommend you look at the blog entry on passwords.
  6. ALWAYS use anti-virus software, a firewall and anti-spyware software.    It is amazingly easy to pick up malware on the Internet.  (For more information, check out my blog on malware.)  Having those tools available does not guarantee that you will not have problems anymore than putting locks on your doors will prevent you from being burglarized.  But, we all lock our doors at night.

Enjoy your hassle-free shopping, but be careful.  It is easy to forget there are undesirable people in cyberspace just like there are in most communities.  Avoid them if you can!

Senate Bill 2105: Cybersecurity Act of 2012

Leave a comment

On Valentine’s Day, four Senators introduced Senate Bill 2105, which is also known as the Cybersecurity Act of 2012.  If you would like to read the bill as it was introduced, it is available in full as presented.   If passed, this law would authorize the Federal government to regulate the security of privately owned critical infrastructure, much of which is controlled by Internet-connected systems and susceptible to being hacked.  This includes electrical power grids, telecommunications networks, air traffic control systems, dams, and nuclear power plants.  Said differently, this would allow the Federal government to have security standards, to assess a company’s compliance, and to levy fines if the security is not sufficiently high.

Last week, the Wall Street Journal reported that a group of Senators have weakened the bipartisan legislation.   They responded to business lobbyists who claimed that such regulations would “regulations would create a costly and cumbersome process.”  Rather than requiring the companies to meet these regulations, they should be encouraged to do so.  According to Senator John McCain, “Instead, we must leverage the ingenuity and innovation of the private sector in partnership with the most effective elements of the federal government to address this emerging threat.”

I am perplexed as to why Senator McCain, who has a strong record on National Security, would take this stand …. unless he does not really understand the real and present threat of such an attack.  Consider the number of companies in the last few months that have reported a security breach.  Sometimes the breach provides thieves with passwords, which can be problematic enough, but sometimes instead it is social security numbers, bank accounts and more personal information.  The people whose identities are stolen have a never ending hassle to fix the problem.  Many companies do not take security as seriously as they should.  Even when security is a priority, the companies have a significant task keeping a step ahead of the hackers.

Now, take that up to a regional or national level.  Suppose the U.S. had no access to electricity or telecommunications equipment.  Suppose this is not for a couple of hours as you might get in a thunderstorm, but rather for an extended period of time.   What would that do to the company’s productivity?  What if it happened during peak holiday shopping and no one could buy gifts or food?  What if it happened on election day and half the people were not able to vote?  What if …. there are many horrible examples.

We have already proven this can happen.  Well, it is unclear whether “we” proved it or someone else proved it by the introduction of the Stuxnet virus into Iran’s nuclear reactor.  Not only did it stop operations, but it did it in a way to damage the plant and roll back their development.  Other similar viruses, aimed at the “Internet of Things” (such as a power plant) have also been identified.

People release viruses all the time — sometimes without even knowing the impact of what they have done.   Why do we believe it won’t happen here?  Personally I think it is because people just do not understand technology and what security breaches can do.   They understand bombs or people shooting guns and know how to respond.  But electrons?  It is easy to listen to those claiming to be experts and follow their advice.

I hope we get the legislation.  I hope that it is flexible enough to be able to adapt to the rapid changes in technology.  I hope we can find a way to protect ourselves before it is too late.  If you agree, please share your concern with your Senators and Representatives.

 

A postnote:  Even weakened, the bill failed.  Too many people thought telling infrastructure companies that they need to be secure was a problem.  Sigh.

What are Flame and Stux-net and why should I care?

1 Comment

There has been much discussion in the popular press of late about something called Flame and something called Stux-net, especially with regard to national security. However, many people do not understand what they are and why they are so troubling. Basically both of these are “computer worms” which, like viruses, attempt to perform malicious acts to your computer. The difference between a “worm” and a “virus” really has to do with how they are propagated. Computer viruses are a type of malware that generally deletes or changes files. They must be permitted to execute code and write to memory, and so generally attach themselves to some program; when the user runs the program, he or she also runs the virus (unintentionally). A worm, on the other hand, can self-replicate and move through a network (like the Internet). Generally worms are designed not only to spread, but also to make specific changes to the computer, including taking control of all or part of the computer. The key to understand is that the worm can cause damage to the system.

First, let’s talk about Stux-net. You may have heard about this one in 2010 when it was reported that there had been a cyberattack on Iranian uranium-enrichment centrifuges. This worm had been introduced into the Iranian nuclear processing facility (people in the know think it was introduced on a thumb drive), and it took control of the control system. A control system manages and regulates the machinery under its control, so that humans (often quite far away) can read sensors and information about they system and make adjustments. In this case, facility being monitored was Iran’s nuclear processing facility. The control system sent messages to uranium-enriching centrifuges to spin at speeds well beyond their tolerances. Obviously then the centrifuges were damaged.

You might ask how the worm could have caused that problem. Well, the programmers of the worm found vulnerabilities in the computer programs that run the control system. It is the same process of programmers exploiting bad programming the operating system so our computers can get viruses.

The worm caused so much damage to the facility that it has set back the nuclear program in Iran. At the time, there was discussion at the time that it might have originated in the United States and Israel, but there was no evidence to back up that claim.

It is beyond the scope of this blog to discuss who was behind it and their motives. However, it is important to note that malware can get into a physical facility, such as power plants, water treatment facilities and other public utilities. These are things we have taken for granted as protected and safe. However, The Washington Post, reported that:

A recent examination of major control systems by six hacker-researchers working with the security firm Digital Bond found that six of seven devices in the study were riddled with hardware and software flaws. Some included back doors that enabled the hackers to download passwords or sidestep security completely.

In fact, according to The Washington Post,

Uncounted numbers of industrial control computers, the systems that automate such things as water plants and power grids, were linked in, and in some cases they were wide open to exploitation by even moderately talented hackers.

Further, they note,

A researcher at Cambridge University, Eireann Leverett, used Shodan to identify more than 10,000 control computers linked to the Internet, many of them with known vulnerabilities. Leverett concluded that many operators had no idea how exposed they were — or even realized that their machines were online.

Last week the press identified a new worm deployed in Iran called Flame. This seems to be primarily surveillance malware that allows someone to turn on microphones, look at data, track what people are doing on a computer, and perhaps even listen to nearby cell phone conversations. This worm was deployed to the Iranian oil industry and was attaching itself to control systems for the rigs and other equipment. It was detected and the Iranian government has unplugged those facilities from accessing the Internet. It has also created its own task force to combat these attacks and claims it intends to build its own Internet. This same worm has been found in the Palestinian territories, Sudan, Syria, Lebanon, Saudi Arabia and Egypt.

While the worms seem different, experts are not sure. They both move in the same fashion. In addition, computer experts say that the style of programming is similar between the two. Yes, it is true that there are styles of programming just as there are styles of writing. An expert can tell the reasons Emily Dickenson works are not confused with those of James Joyce. A computer expert can tell similarities in programming by how things are named, how they flow, and how different parts of the programs are hooked together. Worse yet, these experts claim to have found code that was apparently taken directly from Stux-net and put in Flame. All of those suggest similar authors.

What is the take-away for us? All of this mischief has put a spotlight on the fact that we, as a society, depend on computers for much beyond the business and pleasure applications we generally discuss. Everything from the car you drive to the utilities use computers to control them. And, where there are computers, there are people contemplating ways of breaking them. Most of these controllers were not visible to the average user, so they did not get attention from hackers. However, that also meant that their manufacturers often got lazy in building in the security to protect them. Now that they have the attention of the hackers, companies are scrambling to protect their controllers. Otherwise, we may be in for some rough times ahead at malicious or inadvertent attacks on our infrastrucutre.

To WiFi or Not to WiFi ….

Leave a comment

We have all entered our favorite Starbucks,  Panera, hotel or other public place and connected via the free WiFi network.  It is convenient, easy and free.  Why wouldn’t you connect?  There is always a risk with a public WiFi node that people can read your messages and track your searches.  Yes they can … there is technology that allows them to do it on a non-protected (read that free) network.  But, there is an additional concern this summer.  According to Private:  Your Online Privacy Source,

This month, the FBI’s Internet Crime Complaint Center issued a stark warning to travelers:  If you use hotel Wifi hotspots abroad, you could get burned.  The alert says cybercriminals are targeting travelers abroad using pop-up windows that appear while they are trying to connect to the Internet through hotel Wifi.  The pop-ups tell hotel guests that they need to update a widely used software product.  But when they click to install it, what they get instead is malware on their laptops.

So, what can you do? If we follow our normal security procedures, download all software updates before you travel, only download updates directly form a vendor (and never click on a link in an email to do it), you are better prepared. You should also block popups because that is how the criminals advertise the software they want you to download.

In addition, if you use free WiFi spots, it would be good to use a Virtual Private Network (Private VPN).  The VPN encrypts all of your data thereby making  it useless to the criminal who might intercept it.  Without the VPN, your data is sent without any protection and someone with the right tools and abilities could intercept it and then use it for whatever purpose.  The Private article recommends using PRIVATE WiFi™.

Don’t ruin your vacation because you neglected security!

Older Entries