theft
Latest
Heartbleed blamed for Chinese theft of 4.5 million health records
Yesterday, Community Health Systems announced that Chinese hackers had managed to steal the healthcare records of 4.5 million of its customers. Now, security firm TrustedSec is claiming that the reason the information was swiped was because of the world-famous Heartbleed vulnerability. TrustedSec founder David Kennedy then told Bloomberg that he learned this fact from three unnamed insiders who told him under the cloak of anonymity. The security expert went on to say that the attack took place roughly a week after Heartbleed was made public, but before the healthcare chain could patch the hole in its system. We don't think we need to tell you what the lesson is, here.
The government shouldn't regulate smartphone kill switches
Few things are worse than realizing your smartphone's been stolen. Your personal information is now in the hands of a dishonest soul, who can decide to either erase and sell the device or -- even worse -- do whatever they want with your contacts, photos and texts. If it's happened to you, you're not alone; millions of people have gone through the same nightmarish experience. The technology to deter thieves, known as "kill switches," exists, but it's up to phone makers and carriers to implement it. Most major phone companies have committed to adding kill switches to their products, and some have already begun selling phones with the tech included. A handful of state governments, like California and Minnesota, don't believe this is good enough, so they're passing bills that mandate anti-theft measures in every phone sold in those states beginning next year. This seems like a great idea, but let's take a closer look at what exactly these laws mean and if they make sense.
California's smartphone kill switch bill is about to become law
After a brief battle, California's smartphone kill switch bill is on the cusp of becoming a bona fide law. The measure has passed its final Senate vote 27 to 8, leaving just the Governor's signature before it takes effect. For the most part, it's the same bill that we saw in May -- the biggest change is an exemption for selling older devices that can't "reasonably be reengineered" to incorporate the remote lockdown feature.
FTC busts up $275 million credit card scam, sues the folks behind it
The folks down at the Federal Trade Commission are busy helping all of us these days, whether they're weighing in on patent disputes or forcing firms to help cover your child's lack of parental supervision. Today, the FTC charged several companies and individuals with participation in an elaborate shell game from 2010 that was really just a $275 million dollar credit card scam. According to a separate, ongoing lawsuit filed by the Commission, a company called I Works did the stealing, but wouldn't have been able to take $26 million of the total without the aid of the defendants in this new lawsuit.
What you need to know about card skimming
"Skimming" is a blanket term used when referencing a crime where you take small amounts of money. It literally means to take cash off the top, as if money were the sweet cream floating atop a cauldron of lesser riches. Fifty years ago, skimming might have meant stealing a handful of dollars from your employer, or even millions in elaborate scams we've seen in countless Hollywood films. Today's skimming, however, employs tricks and hardware that are absurdly complex and yet sneaky enough to elude detection. Unless you know what to look for, of course. Today's world of skimming is high-tech, and it wants your credit card and banking info. Though we can't help you catch every conceivable method that crooks are using to try to rip you off, being armed with a bit of knowledge on the topic could save you major hassle down the road. No matter what you take away form this read, at a minimum you'll never look at an ATM or POS terminal the same way again.
Data thieves want to track what you type at hotel business centers
You may not want to use your hotel's business center to check email on your next big trip. The Secret Service has warned the hospitality business that thieves are installing keyloggers on hotel PCs to steal guests' data. In a recent Dallas area bust, authorities caught multiple people swiping account logins, banking info and other personal details from travelers typing away at compromised business center systems. The culprits didn't even have to exploit security holes to get in -- the key-tracking software required "little technical skill."
Thieves nab 40,000 Samsung devices through a daring Brazilian heist
When you think of gadget thefts, odds are that you picture muggings or smash-and-grabs at stores. Apparently, one group of thieves in Brazil had far more ambitious plans -- it raided Samsung's factory in Campinas (shown here) and stole more than 40,000 laptops, phones and tablets that police estimate are worth $36 million. Reportedly, the heist played out much like a movie. The bandits both hijacked a company shuttle to get inside and took some of the workers hostage, going so far as to confiscate phone batteries so that no one could alert the police.
Account-stealing bank machine skimmers are now virtually invisible
Bank machine skimmers, which swipe your account as you insert your card, have been getting increasingly harder to spot as the years go by; now, it looks like they're just about undetectable. Researchers at the European ATM Security Team have found skimmers that not only fit neatly into a card slot, but do a good job of hiding any other equipment they need to steal your info. One example (shown below) combined a virtually invisible skimmer with a cleverly hidden spy camera that recorded PIN code entries. Another disguised a system that captured card info through audio, and there are now translucent mini-scanners that even a keen eye might miss.
"Activation Lock" in iOS 7 responsible for pronounced decrease in iPhone thefts, lawmakers say
The "Activation Lock" feature Apple introduced in iOS 7 is already having a discernible impact on crime, according to law enforcement officials in a few major cities. If you recall, Activation Lock prevents would-be thieves from turning off "Find my iPhone" without first entering the appropriate iCloud credentials. What's more, even if a thief wipes a device clean, reactivating the device requires the original device owner's credentials. The end result? The iPhone remains a popular device for consumers, but not so much for thieves. The New York Times reports: Police officers in San Francisco and London say that after Apple introduced its measure, called Activation Lock, last fall, iPhone theft fell significantly. Comparing data in the six months before and after Apple released the feature, the police said iPhone robberies in San Francisco dropped 38 percent, and those in London fell 24 percent. The police in New York said that robberies involving Apple products dropped 19 percent and those involving grand larcenies dropped 29 percent in the first five months of 2014, compared with the same time period from 2013. In recent years, Apple has slowly but steadily added multiple security layers to iOS in case a device is lost or stolen. One of the more recent enhancements was the introduction of Touch ID on the iPhone 5s last Fall. Looking ahead, iOS 8 will give iPhone and iPad users even more piece of mind with a new feature called "Send Last Location." As the name implies, the feature will automatically send the last known location of an iPhone to Apple when the battery level reaches a critical level.
Nano barcodes can trace bombs even after they've exploded
You may not pay much notice to product trackers like barcodes and RFID tags, but they're absolutely vital in some fields; they cut back on bootlegging and help police determine the origins of bombs. Worcester Polytechnic Institute may have just delivered a major breakthrough, then, by developing nanoparticle barcodes. The minuscule tracers identify an object by producing a unique thermal signature (those colored lines you see in the photo) when they reach their melting point. As they don't participate in any chemical reaction, you can integrate them into any item and get a positive ID whenever you like, even if you're dealing with exploded TNT.
Two-thirds of Americans are doing nothing to protect their privacy
Americans are still not getting the message about protecting their personal info, despite recent epic data breaches. Consumer Reports said that one in seven US residents, or about 45 million people, received some kind of notice that their personal data was compromised. Those stats reflect a lot of corporate negligence, but individuals aren't innocent, either. About 11 million people fell for email phishing scams and 29 percent had their PCs infected by malware. And despite frequent media reports about such attacks, 62 percent of us have done virtually nothing to toughen our security. Most problems can be avoided by taking a few small actions: using difficult-to-guess passwords and not re-using them, avoiding websites of dubious origin, not posting private info on social networks and not clicking on unknown email attachments, for starters. Finally, if you hear that a site like eBay has been breached and you have an account, change your password.
This case would probably prevent a lot of iPhone thefts, too bad it's apparently crap
Everyone knows that smartphones are a hot target of thieves these days. They even have a special name for techniques used to snag iPhones from unsuspecting victims. But you know what nobody is stealing these days? Flip phones. Well, aside from the out-of-touch criminal who is still all about the Motorola RAZR, I suppose. This case by Thumbs Up UK turns your iPhone into a flip phone, adding a big 'ole top lid and thick plastic casing. I can't imagine anyone would be looking to pilfer this from your bag or dashboard, so it might do a good job of curbing the trend of iPhone thefts for anyone who lives in an area where such things are common. Unfortunately, it's apparently a total piece of junk. To be totally clear: I have never touched one of these cases myself. I was going to order one of these goofy cases just for fun, but I can't find a single satisfied customer anyone on the web. Customer reviews are all totally scathing, noting horrible build quality and, predictably, complaining about the size. The size arguments are of course a bit silly, since the point is to make it look like a gigantic communications device from yesteryear, but stories of the device literally falling apart are definitely worrisome. So unless there's an Internet conspiracy to keep this case from selling, it's not worth the US$20 it would take to get it to my doorstep. If a seasoned iPhone accessory maker would put some thought into a case like this, we might come away with a functional, theft-reducing piece of hardware. Until then, I guess making my iPhone look like an old eight-track tape will have to do.
Thieves beware: future ATMs will spray foam that helps track stolen cash
ATM thieves are increasingly focused on digital heists, but many of these robbers still prefer old-fashioned currency. They may want to think twice about stealing cash in the future, though, as ETH Zurich has developed a chemical defense system that both deters theft and helps track ill-gotten goods. Based loosely on bombardier beetles, which produce acid to spray attackers, the technique creates a defensive surface on an object (say, a cash box) using film layers filled with hydrogen peroxide and manganese dioxide. Break the surface and you trigger a reaction that covers everything nearby in hot foam -- by itself, enough to ruin the day of any would-be purloiner.
Man steals thousands of dollars, spends them on Evony
A Hawaiian man is expected to plead guilty to charges that he stole thousands of dollars to spend on the browser-based game Evony. David Buchanan, 47, is charged with wire fraud after he convinced one woman to give him $40,000 for an investment that would see a promised 650% turnaround. "As a middle-aged, admittedly square, FBI Special Agent who doesn't play video games," Agent Tom Simon said during the investigation, "I was understandably perplexed when, during the 'follow the money' analysis, I kept seeing payments being made to something I'd never heard of called Evony. A bit of Googling properly identified Evony as an online video game of sorts, but I was still puzzled how anyone could possibly spend thousands of dollars on a video game. I wasn't being judgmental about the societal value of gaming. I was just dumbfounded that any video game could possibly cost that much." You may remember Evony as that game best known for its boobtastic advertising campaigns a few years back, and, surprisingly enough, it's still around. Buchanan's trial is expected to take place on May 8th with sentencing expected later in the year.
The UK's stolen phone market is as healthy as ever
It may be easy to report and track stolen smartphones in the UK, but that's not preventing some of the country's shops from selling these ill-gotten handsets. A BBC undercover operation has revealed that at least eight stores in London are willing to buy stolen phones, even when the hardware is obviously locked down. One of the locations was only willing to make an exchange outdoors, but none of them were seriously concerned about a run-in with the law.
Study claims kill switch for stolen cellphones could save $2.5 billion per year
It's easy to understand the personal benefits of a potential kill switch requirement for cellphones; thieves would have less incentive to swipe your handset if they knew that it would become a brick. However, Creighton University professor William Duckworth has conducted a study suggesting that a remote shutdown feature could also save phone users a lot of money. Based on a 1,200-person survey, he estimates that consumers could avoid spending a total of $2.5 billion per year -- $500 million in buying replacement phones, and $2 billion in insurance that covers theft. The savings would be good news for customers, though not the carriers and insurers that earn revenue from the status quo.
MMO Mechanics: Three fair ways to distribute loot
I mentioned last week that players throw their precious characters into the MMO meat grinder in the pursuit of higher levels, new achievements, or shinier gear. We gladly jump on the seemingly endless PvE treadmill, cranking up the speed with each new patch in an attempt to catch the dangling carrot of character perfection. Of course, we don't just punish ourselves like this to say we overcame some previously impossible challenge; there's shiny new loot to be had! The best booty usually comes from completing group activities like dungeons and raids, but not everyone can agree on how to share the spoils of joint pursuits. Several different loot distribution methods have been devised over the years to solve the problem of fairly distributing the swag, with most methods starting life as player-made agreements that weren't officially supported by hard-coded game mechanics. Players have long since rolled for gear or took turns to claim items round-robin style, leading developers to implement the most popular methods as actual game mechanics to avoid ninja-looting and then the inevitable public pity parties associated with player-led arbitration. In this edition of MMO Mechanics, I'll break down three of the most equitable loot distribution systems used in MMOs today and look at why this age-old problem doesn't have a one-size-fits-all solution.
UK carriers agree to cap bills on lost and stolen cellphones
It's bad to rack up steep cellphone bills through your own actions, but it's even worse if a thief does that on your behalf. Thankfully, the UK government has struck a deal with EE, Three, Virgin Media and Vodafone to cap bills on any cellphone reported lost or stolen after this spring. Brits on those networks won't be liable for more than £50, even if a mugger goes on a Netflix marathon. The agreement should also prevent other kinds of bill shock; carriers will be clearer about the chances of mid-contract rate hikes (with the option of ending that contract), and they'll help wipe out roaming charges by 2016. The UK's moves won't completely eliminate surprise costs -- not when O2 and other providers are missing from the deal, at least -- but it might help ease the blow.
US carriers can now block activation of stolen smartphones if they head abroad
US wireless industry group CTIA has announced that a stolen phone database launched last year by T-Mobile, AT&T, Sprint and Verizon is now final, including integration with international carriers. That'll let foreign operators block stolen US device activations, a bone of contention for law enforcement officials stateside. They complained that the list was having no impact on thefts, since organized crime groups were simply dumping devices overseas where their serial numbers couldn't be detected. Police would prefer to also see kill switches installed in handsets to truly put a dent in phone-knapping, but carriers have strenuously objected to that idea -- strictly out of self-interest, according to some. For its part, the CTIA said that the completed database at least means there are fewer countries where gangs can hawk their stolen wares. Still, as the carrier group pointed out, if a stranger asks to "borrow" your phone for directions, just, don't.
EVE Evolved: The Siphon Unit in Rubicon
EVE Online will soon let players steal valuable resources from each other, and not everyone is happy with it. The upcoming Rubicon expansion will add a new Siphon Unit structure that can literally siphon off materials from a starbase's moon harvesters and simple reactors. Preliminary details on the structure were released in a new devblog this week, sparking debate over whether the new item will be a useful tool for disrupting entrenched nullsec alliances. Many expected the siphon to be a minor annoyance to starbase owners, with the presence of a siphon being easily discovered and a limit of one siphon per starbase established. In reality, one siphon unit can rob a starbase of 60% of the output from a moon harvester or 12.5% from a simple reactor, and there's no limit to how many can be stacked on an individual starbase. It'll take only two of these to completely shut down a single moon-mining operation, and the owner will get no warning whatsoever that it's happening. In this week's EVE Evolved, I look at how the Siphon Unit will work, its stats, various ways to protect your starbase from it, and what the long-term implications may be for EVE.
