Loss of Privacy

It seems we are starting to become immune to the numerous news stories of data breaches these days.  They are happening so often that they barely seem to register with us anymore.

The World Bank has recently revealed that they have been under massive attacks for quite some time.  For more than a year, they have been raided repeatedly.

It is still not known how much information was stolen. But sources inside the bank confirm that servers in the institution’s highly-restricted treasury unit were deeply penetrated with spy software last April. Invaders also had full access to the rest of the bank’s network for nearly a month in June and July.

In total, at least six major intrusions — two of them using the same group of IP addresses originating from China — have been detected at the World Bank since the summer of 2007, with the most recent breach occurring just last month.

In reality, the situation is serious enough that federal investigators have been called in. “We’re not talking about hackers playing games or messing up our website,” insists a senior member of the bank’s IT department at its Washington headquarters. “It’s about the FBI coming last summer and saying, ‘You should take a look at your systems because we think something weird is going on.’ It’s about the intruders knowing what information they wanted — and getting to it whenever they wanted to. They took our existing data stores and organized them in a way that they could be easily accessed at will.”

Hot on the heels of this revelation is the fact that the British MoD seems stunned by their loss of a hard drive that contained detailed personal information on 100,000 military personnel and, possibly 600,000 applicants.

The portable drive contains the names, addresses, passport numbers, dates of birth and driving licence details of around 100,000 serving personnel across the Army, Royal Navy and RAF, plus their next-of-kin details.

It also has data on 600,000 potential services applicants and the names of their referees.

Officials are “not ruling out” the risk that bank account details of personnel were held on the drive, which belonged to its IT contractor EDS.

The missing drive is the latest information security breach to hit the MoD. In July it admitted 658 of its laptops had been stolen over the past four years and 26 portable memory sticks containing classified information had been either stolen or misplaced since January.

At this rate, it will only be a matter of months before the Data Protection Act won’t even be needed anymore.

In just the United Kingdom, you need to worry about your information being compromised if you pay taxes, claim any kind of benefits (including child support), are retired and getting a check from the government, are a member or ex-member of the armed forces, are a relative of service personnel, and/or been in prison.  If you are an illegal immigrant, you’re probably safe from any data breaches.

I’ve said before that the grocery store machines that require chip and pin data aren’t secure, yet businesses and the government insisted it was safe an reliable.  Now, European law enforcement officials have disclosed the knowledge of a large scale, advanced, credit fraud scheme that sends the details from these grocery store machines to Pakistan.

Specialists say the theft technology is the most advanced they have seen, and a person close to British law enforcement said it has affected big retailers including a British unit of Wal-Mart Stores Inc. and Tesco Ltd.

The account data have been used to make repeated bank withdrawals and Internet purchases, such as airline tickets, in several countries including the U.S. Investigators haven’t pinpointed the culprits. Early estimates of the losses range of $50 million to $100 million, but the figure could grow, said the person close to British law enforcement.

The scheme uses untraceable devices inserted into credit-card readers that were made in China.

The devices selectively send account data by a wireless connection to computer servers in Lahore, Pakisan, and constantly change the pattern of theft so it is hard to detect, officials say.

This is, effectively, erasing two of the three security measures that are supposed to prevent data theft.  It circumvents the “something you you know” (a PIN) and “something you have” (your card).

The scheme comes on the heels of the August indictment of a fraud ring that stole more than 40 million credit-card numbers from U.S. companies, including TJX Cos., the parent company of TJ Maxx.

In March, security officials at MasterCard Inc. saw a pattern of potential fraud in northern England. Meanwhile, a security guard at a U.K. grocery store noticed suspicious static on his cellphone and alerted authorities. Scotland Yard learned of the report and eventually connected it with the warning from MasterCard,

Examining the store’s credit-card readers, investigators discovered a high-tech bug tucked behind the motherboard. It was small card containing wireless communication technology.

This bug could have been placed at any time from production to a few months ago.  It could have been placed at the factory in China.  It could have been placed there some time during transit.  It could have been placed there by an employee of the store.  It could have been placed there by a repair technician.

It is also not clear whether the data is staying in Pakistan or, more simply, being used as a stop on a compromised server on its way to its final destination.

The bug would read an individual’s card number and the corresponding personal identification number, then package and store the data. The device would once a day call a number in Lahore to upload the data to servers there and obtain instructions on what to steal next.

So far, investigators have found hundreds of machines in at least five countries: Britain, Ireland, Belgium, the Netherlands and Denmark. They have turned up at European grocery chains including Asda, which is owned by Wal-Mart; Tesco; and J Sainsbury PLC, according to the person close to British law enforcement.

Law enforcement officials need to stop believing that data breaches are caused by stupidity.  This case obviously wasn’t.  It was conducted by individuals that know and understand security and rival those in the foreign intelligent services.  We aren’t dealing with idiots in vans swiping a few numbers.  This is highly sophisticated and law enforcement, banks, and credit card companies need to be treating as such.  To do anything else would be admitting that they really don’t care about your information or what anyone does with it.

Jerilea Zempel was detained at the U.S. border this summer because she had a drawing of a sport-utility vehicle in her sketchbook.

U.S. Customs and Border Protection officers told Zempel they suspected her of copyright infringement.

She was released after more than an hour in custody at the Houlton, Maine, port of entry from New Brunswick, Canada.

Her release came only after she persuaded border guards she was an artist doing a project that involved a crocheted SUV as a statement against America’s dependence on oil and love for big vehicles.

Zempel’s passport showed she’d been to Africa, Australia, Central and South America, Mexico, Turkey and Europe in the last nine years.

“U.S. citizens who’ve traveled to the places I’ve been need to be looked at.

Why?  Please explain to me why someone who enjoys traveling the world and seeing different cultures and historical landmarks need to be looked at.  I have traveled to many of the same places as Ms. Zempel, yet I would be pissed beyond belief if I was stopped solely because of the stamps in my passport.  Screw you America.  I’m free to travel wherever I want.  You can kiss it if you think I would ever cooperate with a border security guard who stopped me solely because of the places I like to visit.

One top of all this, this woman just had a few sketches and a bunch of yarn.  What’s she going to do with that?  Get real.  This is harassment, yet Ms. Zempel thinks that it is perfectly fine to be stopped for such flimsy reasons.

A half hour at the computer gave the agent cause to put me into another suspicious category, meriting a full car search. She (the agent) took my keys and went through my car.

“After going through my (laptop) computer, digital camera, cell phone, business cards, suitcase, reading materials, boxes of yarn and crochet tools, she returned with my sketchbook.

“I was taken to a room and told to sit on a bench with handcuffs at both ends. But they did not handcuff me.”

“My sketchbook puzzled her,” Zempel said. “It was a cartoon sketch. They couldn’t understand what I was doing. She said, “Just what were you doing in Canada? We think you’re engaged in some kind of copyright infringement.”

Why are border guards stopping people for suspected copyright infringement?  After spending an hour searching her stuff, that’s the best they could come up with?  You can’t sketch an SUV and cover it with a crocheted cozy?  Then, you let the woman leave just because she showed her ID that she’s an art professor?  What kind of shoddy work is this anyway?

UK Ministers are bracing for a backlash after they revealed that they plan on snooping on every phone call and email that comes their way.

Ministers are considering spending up to £12 billion on a database to monitor and store the internet browsing habits, e-mail and telephone records of everyone in Britain.

GCHQ, the government’s eavesdropping centre, has already been given up to £1 billion to finance the first stage of the project.

Hundreds of clandestine probes will be installed to monitor customers live on two of the country’s biggest internet and mobile phone providers – thought to be BT and Vodafone. BT has nearly 5m internet customers.

While no formal decision has been made, the large influx of cash states that it is already financed and will be given the go ahead next month at the Queen’s speech.

Officials claim live monitoring is necessary to fight terrorism and crime. However, critics question whether such a vast system can be kept secure. A total of 57 billion text messages were sent in the UK last year – 1,800 every second.

Just think of all the new job opportunities for people to sift through that much crap.  Oh, wait, it will probably be monitored through a computer program and just as useless as CCTV in actually catching people before they commit crimes and acts of terrorism.

This is for national security.  We are protecting you.  Security theater folks, nothing to see here.  Move along now.

Once the new Freedom Tower is complete, it will have a state of the art security system installed, presumably watching everything and everyone.

Steven P. Plate, the director of priority capital programs at the authority, told the commissioners that the money would buy: “A state-of-the-art integrated security system that includes closed-circuit television, coupled with video analytics to detect abnormal situations; digital recorders; access control systems; provisions for chemical, biological and radiation detection; a fiber-optic backbone and network; and related electrical infrastructure.”

No word on whether this system can detect planes coming at the tower or how to prevent it from crashing into the tower.