Online & Offline Criminal Activities Target Vulnerable Consumer Data

Internet Retailer

Criminals target the data merchants hold

Retailers and restaurants accounted for 24% of compromised data last year, a new study says.

Article Courtesy of:  Paul Demery – Chief Technology Editor

Identity Theft by Frank Galasso FrankGalasso.com

Identity Theft Cartoon via Frank Galasso – Website:  FrankGalasso.com

Retailers face numerous threats to confidential consumer data that criminals can use for online and offline criminal activities, Verizon Enterprise Solutions says in a new report compiled from dozens of international sources.

The study notes that 24% of the 621 breaches—which include criminals using various hacking techniques, malicious software downloaded via e-mail and accessing networks with log-in credentials stolen from authorized network users—last year affected multi-channel retailers and restaurants, second as a group only to financial organizations, at 37%.

Financial organizations’ high percentage is largely because of ATMs. ATMs account for the most common asset used to steal data because criminals can grab it without breaking into a computer network, the report says. Such ATM data theft uses what’s known as ATM skimming techniques, which use software that criminals install in ATM card swipe mechanisms to capture account numbers; ATM skimming also uses hidden cameras to record the personal identification number that a consumers enters on the ATM keypad, Verizon says.

However, for data compromised through network intrusions, retailers account for the largest percentage of breaches, at 21.7%, followed by manufacturers at 12.2%, the report says.

The “Verizon 2013 Data Breach Investigative Report” is based on data compiled from 18 government and independent organizations from several countries, including the U.S. National Cybersecurity and Communications Integration Center, the U.S. Secret Service and the U.S. arm of business consultancy Deloitte Development LLC.

Criminals often attack store point-of-sale systems as a way to either infiltrate a retailer’s computer network or to steal account data right at the store checkout counter, says Suzanne Widup, senior analyst on the risk management team at Verizon Enterprise Solutions, which provides security services and consulting.

LocatePLUS Investigative Database Solutions

With some retailers deploying web-based point-of-sale systems, criminals search for ways to infiltrate them—either to directly access customer account databases or to install malware, such as key-logging software designed to capture account data as it is displayed on a computer screen. “Anything that has an IP address is a target,” she says.

Verizon notes that this is adding to other forms of infiltrating POS system data, such as by hacking into wireless networks that retailers use to transfer POS data from checkout terminals to back-office servers. Verizon advises that retailers need to ensure that POS networks, as well as all company computer networks and wireless networks, are routinely patched with updated security software to thwart potential breaches.

Once criminals find a way to breach a particular type of POS system, they’ll often look for other retailers with the same system to attack, she says. After they steal data, criminals typically sell it to other criminals or use it to make fraudulent online transactions, she says.

Verizon’s study found that the number of account records breached for the past nine years ranged from tens of millions to hundreds of millions in any one year.  

In 2012, for example, it recorded 44.8 million account records compromised, down from 174.5 million in 2011 but up from 3.9 million in 2010.

Read the complete Article… 

Internet Retailer

Article Courtesy of:  Internet Retailer

Big Data & the Boston Marathon Probe

Extracting Key Investigative Data from the “Noise”

Over Ten Terabytes of Data did not overwhelm federal, local and state investigators.  

What follows is a fascinating story involving advanced data access, tracking and retrieval technologies. 

FCW - The Business of Federal Technology

Boston probe’s big data use hints at the future

By Frank Konkel – Article Courtesy of:  FCW

The One Fund Boston

Donate to “The One Fund Boston 2013

Less than 24 hours after two explosions killed three people and injured dozens more at the April 15 Boston Marathon, the Federal Bureau of Investigation had compiled 10 terabytes of data in hopes of finding needles in haystacks of information that might lead to the suspects.

The tensest part of the ongoing investigation – the death of one suspect and the capture of the second – concluded four days later in part because the FBI-led investigation analyzed mountains of cell phone tower call logs, text messages, social media data, photographs and video surveillance footage to quickly pinpoint the suspects.

A big assist in this investigation goes the public, which presented perhaps the best illustration of a crowd-sourced investigation in recent memory.

Not only did the public respond to the FBI’s request for information – the agency ultimately received several thousand tips and loads of additional photographs and video footage – but a citizen’s tip ultimately led to the capture of the surviving suspect.

Still, the investigation showed a glimpse of what big data and data analytics can do — and highlighted how far we yet have to go.

Knowledge is power

Big data is a relatively new term in technology and its definition varies amongst early practitioners, but the main goal of any big data project is to pull insights from large amounts of data.

Prominent statistician Nate Silver describes it as “pulling signal from the noise” – noise that can be a veritable smorgasbord of different kinds of information. The noise can be big, too – some datasets within the federal government are measured in petabytes, each of which is one million gigabytes or 1,000 terabytes.

So the 10 terabytes gathered by investigators is not a large data collection even in today’s relatively early stages of big data technology.

But the investigation’s processes still presented officials with a data crunch due to the volume, variety and complexity, according to Bradley Schreiber, vice president of Washington operations for the Applied Science Foundation for Homeland Security.

To get a sense for the initial complexities of combining various data sets in the early moments of the investigation, consider this: In the aftermath of the bombing, cellular networks in the area were taxed beyond their capacity. AT&T put out a tweet urging those in the area to “please use text & we ask that you keep non-emergency calls to a minimum.”

There was speculation that the bombs could have been triggered remotely by mobile phones, prompting interest in traffic logs from area cell towers to try to get a fix on the culprits.

That geo-location information could then be cross-checked against surveillance video and eyewitness photography – just another layer of data available to law enforcement when trying to stitch together a detailed and textured version of events.

For the complete story and a GREAT READ… CLICK HERE

Private Investigators & Law Enforcement

LocatePLUS - Investigative Database Solutions

FOR IMMEDIATE RELEASE:

LocatePLUS continues to provide full SSNs, MVR, DOBs, Criminal Records and unlimited person search data to Private Investigators and Law Enforcement officials.

LocatePLUS, the leading provider of cost-effective, personally identifiable information in the US, understands how important SSN’s and DOB’s are to investigative needs.

Its investigative database contains billions of records to ensure the fastest and most accurate information every time.

Credentialed businesses or individuals in any applicable industry can gain access to and benefit from this data.

CEO Ronald Lifton says, “We are eager and proud to inform our existing and new customers that we will continue to provide full SSNs, P.I. friendly searches and the industry’s most up-to-date investigative data.”

The search results include full SSNs, MVR, DOBs, businesses, people, assets, licenses, court records (criminal/civil), phones, prior residences, real estate holdings, recorded bankruptcies, liens, judgments, and more in a secure, interactive, searchable database.

Private investigators, process servers, lawyers, collection agencies, financial institutions, law enforcement professionals, and government agencies are encouraged to experience the superior data, accuracy and world-class free “VIP” support from LocatePLUS.

About LocatePLUS:

LocatePLUS, located in Peabody, Massachusetts provides online investigative data solutions to law enforcement agencies, professional investigators, law enforcement professionals and other credentialed businesses.

Our LocatePLUS product contains searchable and cross-referenced public information on individuals and businesses across the United Sates.

With no annual contracts, sign up fees, or cancellation fees, LocatePLUS offers Unlimited Person Search.

For more information, visit the Company’s Website at:  http://www.locateplus.com

Contact:

Alyssa Tsoukalas
888-746-3463 – EXT: 112
atsoukalas@LocatePlus.com
2 Corporation Way,
Peabody, Massachusetts

###

CLICK HERE & Start Today!

LocatePLUS “Investigative Database Solutions”

Facebook & Big Data Collide

Big Data Could Cripple Facebook

Article Courtesy of:  TechCrunchJON EVANS

Big Data - Investigative Database

So there’s this startup called SmogFarm, which does big-data sentiment analysis, “pulse of the planet” stuff. I spotted them last year, and now they’ve got an actual product with an actual business model up and running in private beta: KredStreet, “The Social Stock Trader Rankings,” which performs sentiment analysis on StockTwits data and a sampling of the Twitter firehose to determine traders’ overall bullish/bearish feeling. They also compare reality against past sentiment to score and rank traders based on their accuracy, which is more interesting.

It’s a first iteration, but it looks pretty nifty, and I like the idea of a ranking system wherein unknowns can leave high-profile loudmouths in their dust by virtue of simply being right more often. Even if I feel slightly uneasy when I imagine such a system being applied to, say, tech bloggers.

Actually being held accountable for what I’ve written in the past?  

Doesn’t that just seem terribly wrong?

And of course it’s early days yet for companies like SmogFarm/KredStreet, and sentiment analysis, and natural language processing (such as that which powered Summly), and Palantir-style data mining. Just imagine what they’ll be able to do in five years.

And when they turn all that big-iron, big-data searchlight power on, say, Facebook timelines… what won’t they be able to determine???

A few years ago the EFF discovered that something as simple as your browser settings make you a lot less anonymous online than you might believe. Last week a study found that “human mobility traces are highly unique,” and when polling allegedly anonymous cell-phone location data, “four spatio-temporal points are enough to uniquely identify 95% of the individuals.” Good software can mine a lot of meaning out of apparently sparse and empty data.

So just imagine what happens when next-generation language and image-processing software, and then the generation after that, and the generation after that, is unleashed on your Facebook timeline. It seems very plausible that all those innocuous things you say, and how you say them, and the pictures you post, and the games you play, will subtly and invisibly add up to a terrifyingly accurate portrait of you, including any and/or all of the things about yourself that you never actually wanted to make public.

What’s worse is that it will be ridiculously easy. Would-be employers won’t have to scroll through your Facebook timeline themselves, they’ll just need to point their profiling software in your direction and 30 seconds later read its high-confidence predictions of your work habits, neuroses, personal failures, emotional instabilities, attitude towards authorities, and sexual proclivities, all expertly extrapolated from the tapestry of subtle-to-invisible nuances accumulated from all of your photos, comments, Likes, upvotes, etc.; all individually meaningless, but collectively highly illuminating. Individual profiling is a huge business just waiting to be tapped by ethically challenged startups.

(This could be mitigated somewhat if you were to keep all your activity friends-only, of course; but even then, every app or distant acquaintance you’re connected to will be able to learn more about you than you ever intended. And it’s easy to envision employers requesting that you connect to them on Facebook as part of the job-application process, and filtering out those who refuse…)

I can imagine what that kind of profiling software would have said about me, early in my career: Hopeless bibliophile. Afflicted with incurable wanderlust. Doesn’t like being told what to do. Extremely chancy hire: likely to quit any job after six months to travel or try to write the Great Canadian Novel.

Which, er, would have been one thousand per cent true; but obviously I didn’t want my potential employers back then to know about it.

Read the complete article…