Voice Phishing Scams Are Getting More Clever
Stay Alert, Stay Armed and Stay Dangerous!
Category Archives: Identity Theft
26 Secrets an Identity Thief Definitely Doesn’t Want You to Know
26 Secrets an Identity Thief Definitely Doesn’t Want You to Know
Good information on a problem that effects thousands of people every month in this country.
Security begins with forming GOOD habits. If you are not doing the things suggested, start now!
Stay Alert, Stay Armed and Stay Dangerous!
Surveillance State: The FBI’s Secret Biometric Database
FBI wants to keep secret who’s stored in its massive biometric database
The FBI said it would retain the data to “aid in establishing patterns of activity” to help discover new criminals when they arise.
The FBI is proposing keeping information that it stores as part of a massive biometric database private — even to those whose information is stored in the records.
Known as the Next Generation Identification System (NGIS), the database draws in biometric data from passport registration, security checks, and judicial processing — such as if someone is arrested. The database also includes biometric records on foreigners, such as those who apply for visas, and foreign law enforcement staff.
But it’s not just fingerprints — it’s iris scans, facial scans, palm prints, and any other bodily information that can be collected as part of a routine interaction with the government agency.
The FBI argues that the data is so sensitive that it should be exempt from the Privacy Act, which would prevent anyone from asking if their data is included.
In a public filing, the agency justified the proposal, arguing that it “could compromise ongoing, authorized law enforcement and national security efforts and may permit the record subject with the opportunity to evade or impede the investigation.”
Read the Remainder at ZDNet
Cyber-Warfare: Policing The Dark Web and How it Can Effect National Sovereignty
Cops hack into foreign computers to find cyber criminals
As crime continues to proliferate on the so-called dark web, law enforcement agencies are sometimes having to work outside of their jurisdiction. When a suspected criminal acts on the dark web, authorities are unlikely to know where in the world he or she is physically located. So if they then attempt to take action, they might be inadvertently carrying out an operation that crosses borders.
One researcher argues in a working paper that this raises serious concerns around national sovereignty, and could even lead to retaliation from affected countries or prosecution of investigators.
“Basically, it’s like playing Russian Roulette with cross-border cyber operations,” Ahmed Ghappour, visiting assistant professor at UC Hastings College of Law and author of the paper “Searching Places Unknown: Law Enforcement Jurisdiction on the Dark Web,” told Motherboard in a phone call.
In response to dark web-related crime, law enforcement agencies have moved to more non-traditional means of identifying suspects, in some cases directly hacking criminals’ computers to circumvent the protections given by the Tor anonymity network.
But, because it’s largely impossible to know where a target computer is located before it’s been hacked, the FBI and other bodies are sometimes breaking into computers overseas, without explicit consent of the host country. “At bottom, no country has consented to us hacking them, or hacking their citizens, in the same way that we haven’t consented to another country to hack us,” Ghappour said.
Read the Remainder at Motherboard
Fingerprint Spoofing: Yeah there’s An App for That
So That Thumbprint Thing on Your Phone Is Useless Now
Last year, when the Office of Personnel Management notified 22 million people that their personal information was compromised in a massive data breach, one in four received especially nasty news. For most hack victims, the sensitive personal data that was exposed included Social Security numbers, health and financial records, names of relatives, and past addresses. But 5.6 million people learned that their fingerprints were also stolen.
At the time of the announcement, OPM downplayed the importance of the stolen fingerprints. “Federal experts believe that, as of now, the ability to misuse fingerprint data is limited,” an OPMstatement read. “However, this probability could change over time as technology evolves.”
That was in September. Now, researchers have developed a cheap and easy way to print out an image of a fingerprint with enough accuracy to fool commercially available fingerprint readers—using just a standard inkjet printer.
The method, outlined in a paper published last month, is certainly not the first one to produce fake fingerprints that are able to fool readers. But where earlier methods required more time and specialized materials, this new method is replicable in just about any home office.
To create a working copy of a fingerprint, the study authors—Kai Cao and Anil Jain, both researchers at Michigan State University—started by installing special ink cartridges and paper in a Brother inkjet printer. Both materials came from a Japanese company called AgIC: The ink can conduct electricity when printed on the specialized paper, effectively creating a printed circuit. The researchers scanned a fingerprint in high resolution, mirrored it, and printed it with the retrofitted inkjet.
The researchers placed the fake, printed fingerprint on the fingerprint readers of two popular Android phones, a Samsung Galaxy S6 and a Huawei Hornor 7. Both phones were set up to unlock with the owner’s real fingerprint—but the fake version of the same finger fooled them. (Cao told Quartz that he had mixed results when using an iPhone.)
The easy fingerprint-spoofing method is particularly worrisome in the context of the OPM breach. After all, prints aren’t just useful for unlocking smartphones—they can also be used to authorize financial transactions, from small Apple Pay purchases to large bank transfers. And, of course, once a fingerprint has been compromised, there’s no resetting it the way you can change a password—short of a thumb transplant.
The simplicity and speed of the new fingerprint-spoofing method makes it easy to copy a lot of fingerprints fast, Cao told me in an email. His method is remarkable because the fake fingerprints are two-dimensional—earlier techniques required raising the ridges of a fake fingerprint with latex or wood glue.
Fingerprint-copying enthusiasts following along at home can get started for cheap. Everything you need to create a paper version of your (or someone else’s) fingerprint can be shipped to your door for less than $450.
For the millions of OPM hack victims who had their fingerprint data compromised, that’s unhappy news. Until everyday fingerprint readers advance to the point that they can discern between a human hand and a printout, they may want to start unlocking their smartphones the old-fashioned way.
Read the Original Article at Defense One
