ID THIEF HACKS INTO FAMILY’S NETFLIX, AT&T ACCOUNTS TO PAY OFF THEIR BILLS
STOLEN CREDENTIALS; USER ACCOUNTS COMPROMISED
An Orange County, Fla. family says a hacker breached their phone and Netflix accounts to pay off the family’s bills.
The Hennigs discovered the sorta well-meaning hack when AT&T alerted Kathy Hennig that she owed $1,300 because the card listed for her account was a stolen credit card.
Kathy learned that the same card was being used on her Netflix account when she received an alert indicating the card had expired. When she asked to know the last four digits of the card, Netflix gave her the exact sequence of the stolen card used for the phone account.
“There’s no other person in my situation where somebody compromised my account changed the credit cards and started paying my bills, there’s no such thing,” Hennig said.
Hennig says the only other information she has about what went down is that the two hacked accounts are linked to the same email and the accounts were switched at about the same time.
When Hennig called AT&T to try to clear up the switcheroo, she was banned from using a credit card to pay off her cellphone account ever again.
“It blows my mind,” she says. “It makes me look like such a liar because why would someone hack into an account just to get a stranger to pay the bill?”
Hennig has a long history with the phone company and a pristine credit history.
News 6 investigator Mike Holfeld contacted AT&T spokeswoman Rosie Montalvo and in less than 24 hours, the company agreed to remove the credit card ban.
Montalvo says AT&T has never seen a case like this before.
I highly Recommend everybody read the book Future Crimes by Marc Goodman to get an in-depth look at how deep this cyber rabbit hole really goes. And really read those “Service Agreements” and “Privacy Statements” before you download that next free app!-SF
The term was coined in 2005 when businesses began attempting to gather data about their customers from social media sites. Today it represents a vastly larger concept: Interactive real-time exchange of data with vast populations.
As a member of the online community, whether it be via desktop computer, tablet, or smartphone you have likely taken advantage of a “free” application from the app store. It’s unlikely you’ve ever read the privacy statement or service agreements that come with those applications, but the old adage is true: There’s no such thing as a free lunch. When you agree to install your free application you are giving its owners access to all sorts of data from your device. Here’s seven cases where that is a good thing:
One: Traffic
While you are slogging along in heavy traffic on the freeway you see cars zipping along the side streets. Would it be faster to get off the freeway? Waze knows the answer. The 100 employee Israeli company was purchased by Google for $1.5B because it queries your smartphone about its location, speed, and traffic conditions and then plots the shortest drive time to your destination. More importantly it will update you if things change.
Two: Disaster Alerts
In Japan most smartphone users will receive a warning message before the shockwaves of an earthquake reach them, giving them time to duck and cover.QuakeAlert is coming to the United States in the very near future for that same purpose.
Three: Cardiac Arrest Survivability
PulsePoint is an application that receives notifications of cardiac arrest from your 911 center and then finds trained citizens nearby to help before EMS can arrive.
Four: Active Shooter
Several applications are in development to crowdsource the location of an active shooter. Users in proximity of a shooting event rarely know which way to run or if they should hide. Constant updates from phones registering the sound of gunshots or user inputs will improve survivability as well as lead law enforcement to the shooter.
Five: Weather
Want to know the weather on the ground right now? We all know the weather apps are great but always off a little bit. What if your phone was actively reporting temperature, humidity, and atmospheric pressure? Now imagine the forecasting that could be done by meteorologists who could access the 200 million dispersed weather sensors in real time.
Six: Fundraising
Twenty years ago if you wanted to raise money for a cause, or a project you were forced to front the money yourself, find a financial backer, or slog through venture capital firms. Today great ideas can be funded through sites like GoFundMe or Indigogo where small contributions from people who share your vision make ideas come to life.
Seven: Healthcare
Did you know that Uber ran a one day experiment delivering nurses and flu shots with their cars? Crowdsourcing healthcare resources is proving effective at delivering better information, better options, and better care to users.Medable is just one application directed at improving a cancer patient’s experience. Any cancer patient knows that researching the right providers and various treatment options takes time and energy that often isn’t there. Imagine connecting to the collective resources and experiences of ALL the patients who have been on that same road you are starting down.
This is the new era of crime folks, Hackers (and Tech Companies) holding data hostage. Ultimately, like always, it is the average person, in this case, the sick people in these hospitals, who suffers. Crime is Crime, I don’t care how it is facilitated.
The Hollywood Presbyterian Medical Center in Los Angeles has announced that it paid hackers 40 bitcoins ($17,000 USD). The criminals had used malicious software to encrypt the hospital’s records, and held the key to decrypt the files for ransom.
The hospital was infected with the software, commonly called “ransomware,” on Feb. 5. Presumably, someone on the hospital network opened an email attachment or clicked a link they shouldn’t have. From there, a message typically appears on the infected computers, demanding payment to restore access. There’s usually a deadline.
Once infected, the hospital reportedly had to send some patients to other hospitals, and go back to paper to process visits.
A ransomware attack at this scale, which could potentially put lives at risk, has so far been uncommon. The targets have largely been individuals and small organizations, and the payments demanded are usually under $1,000. And the Federal Bureau of Investigation, at least according to one agent, often advises victims to just pay the ransom if they want their files back.
Indeed, this was the case for Hollywood Presbyterian. The hospital’s CEO said in a statement Wednesday night (Feb. 18) that paying the criminals was “the quickest and most efficient way to restore our systems and administrative functions.”
And now, everything is back to normal. “HPMC has restored its electronic medical record system (“EMR”) on Monday, February 15th,” the CEO said in the statement. “All systems currently in use were cleared of the malware and thoroughly tested.”
Just this morning alone I have received two specially crafted scam emails from cyber criminals targeting unsuspecting Nigerians (mostly those that have bank accounts). I must say I am impressed!
I almost fell for this scam email even with my years of Information Security Research and Ethical Hacking. The reasons I almost fell for this scam are simply because.
I am a UBA customer and I use their prepaid card for online transactions.
The from name is no-reply@udirect.com ( not the actual email address but the name of the sender).
Deterring state actors from attacks that do not reach the level of force is difficult.
If we look at the cyber realm, the effectiveness of deterrence depends on who (state or non-state) one tries to deter and which of their behaviors. Ironically, deterring major states like China from acts of force may be easier than deterring non-state actors from actions that do not rise to the level of force. The threat of a bolt from the blue attack by a major state may have been exaggerated. Major state actors are more likely to be entangled in interdependence than are many non-state actors, and American declaratory policy has made clear that deterrence is not limited to cyber against cyber but can be cross domain with any weapons of our choice.
Along with punishment and denial, entanglement is an important means of making an actor perceive that the costs of an action will exceed the benefits. Entanglement refers to the existence of interdependences which makes a successful attack simultaneously impose serious costs on the attacker as well as the victim. This is not unique to cyber. For example, in 2009, when the People’s Liberation Army urged the Chinese government to dump some of China’s massive holdings of dollar reserves to punish the United States for selling arms to Taiwan, the Central Bank pointed out that this would impose large costs on China as well and the government decided against it.
Similarly, in scenarios which envisage a Chinese cyber attack on the American electric grid imposing great costs on the American economy, the economic interdependence would mean costly damage to China as well. Precision targeting of less sweeping targets might not produce much blowback, but the increasing importance of the Internet to economic growth may increase general incentives for self restraint. At the same time, entanglement might not create significant costs for a state like North Korea which has a low degree of interdependence with the international economic system.
