Sound Off

Dr. Schmidt, Hi! My name is xxxxxxxxxxxxxxx and I'm a student in your Pol Sci 487 class. I've enjoyed the links you've sent out to news articles about identity theft across the country. It's opened my eyes, to say the least.

Anyway, I wanted to add a link to your collection - http://www.freep.com/apps/pbcs.dll/article?AID=/20080404/NEWS01/804040302

This story explores one of the 33 schools closed by administrators of the Detroit School System last year. The school was left unlocked with what appeared to be all of its contents inside - including student records free for the taking. In fact, the Detroit Free Press reporter returned some special education records to the families of students, not the school district.

Contractors were paid to pack the items inside all schools and secure its contents, which appears to have never happened. The school district feels it may be cheaper to demolish these buildings instead of repair the abuse.

I was really disgusted to read this - I hate that even our youngest citizens can fall prey to identity theft due to the incompetence of adults.

Thank you for giving me a forum to sound off. I've enjoyed the course.

Operation Byzantine Foothold

The latest issue (April 10, 2008) of Business Week is a must read! Go out and buy it right now!

The cover story is "The New E-spionage Threat" A BusinessWeek probe of rising attacks on America's most sensitive computer networks uncovers startling security gaps."

"The U.S. government, and its sprawl of defense contractors, have been the victims of an unprecedented rash of similar cyber attacks over the last two years, say current and former U.S. government officials.

"It's espionage on a massive scale," says Paul B. Kurtz, a former high-ranking national security official. Government agencies reported 12,986 cyber security incidents to the U.S. Homeland Security Dept. last fiscal year, triple the number from two years earlier. Incursions on the military's networks were up 55% last year, says Lieutenant General Charles E. Croom, head of the Pentagon's Joint Task Force for Global Network Operations.

Private targets like Booz Allen are just as vulnerable and pose just as much potential security risk. "They have our information on their networks. They're building our weapon systems. You wouldn't want that in enemy hands," Croom says. Cyber attackers "are not denying, disrupting, or destroying operations—yet. But that doesn't mean they don't have the capability."

The confluence of personal identity theft and massive pervasive attacks against corporations, government targets, and especially military facilities is an urgent call to arms for the United States. Most of the public is too busy with American Idol and the problems of the housing markets and the US airlines to even know about this threat. The Government is gradually becomeing aware of the risks to the very survival of the United States.

According to Business Week and we had heard most of this from our Information Security grapevine for several months, "... the U.S. government has launched a classified operation called Byzantine Foothold to detect, track, and disarm intrusions on the government's most critical networks. And President George W. Bush on Jan. 8 quietly signed an order known as the Cyber Initiative to overhaul U.S. cyber defenses, at an eventual cost in the tens of billions of dollars, and establishing 12 distinct goals, according to people briefed on its contents."

Silently and with little warning the Internet has become a greater threat to US national security that enemy air force or missile systems.

Business Week alleges that " ... any security experts worry the Internet has become too unwieldy to be tamed. New exploits appear every day, each seemingly more sophisticated than the previous one. The Defense Dept., whose Advanced Research Projects Agency (DARPA) developed the Internet in the 1960s, is beginning to think it created a monster."

If DARPA thinks so and finds us at very big risk imagine what chances you or I as lonely individuals have to fight off the threat of attacks against our individual "critical infrastructure" (i.e. our valued and treasured personal identity information!)

It is not yet clear if insurance and credit monitoring services are sufficient defense but for now they are the best bet we have against malicious attacks against our assets.

Stay tuned please. This will be getting much uglier!

Are You Sick - Again!?

It is now hard to keep up with the medical ID information breaches. Here is the latest reported by the Associated Press and written up in a few (but not enough) newspapers and hardly reported by the electronic media at all.

• "New York (dbTechno) - A man, 38-year old Dwight McPherson of Brooklyn, has been charged with the identity theft of 40,000 patients at the New York Presbyterian Hospital/Weill Cornell Medical Center. He managed to steal the information while working at the hospital.
• McPherson was arrested on Friday night in relation to the identity thefts. This came just after the investigation revealed that the criminal activity did take place.
• He used his power as an employee at the hospital to steal the information of 40,000 patients. He used the hospital’s computer registration system and gathered up their names phone numbers, as well as social security numbers over the course of the past five or six years.
• A spokesperson for the hospital has stated that they do not believe any patients have been victims of fraud due to this criminal activity."

Source: http://www.dbtechno.com/health/2008/04/13/man-charged-with-identity-theft-of-patients-at-ny-hospital/

So what is the hospital doing for the people who had their most precious information put at risk? They are "setting up a hotline and offering credit monitoring services!"

Yes, the usual BS that has been scripted by our friends in the legal profession for every case of data loss is once again trotted out by the PR department.

We remind our readers that it is IMPOSSIBLE TO TELL if ID theft has taken place until months or years after a data loss. the crooks are not clueless morons' and they will lay low until the heat is off, they will sell and trade the ID information on the criminal web services that have been set up for the commerce in illegal personal data, and financial monitoring alone is not sufficient because if they have enough personal information the criminals can sell it to create doubles of the legitimate victim, obtain drivers licenses, passports, start companies, etc.

So once again the sorry lesson is that all the advice to be careful with your wallet and purse, keep your computer clean of maleware and spyware, and so forth is good advice but it does nothing to protect you from other morons or criminals such as appears to be the case with this breach from selling YOU down the drain!

Is ID theft insurance and legal protection to counterattack these types of losses necessary?

I don't know but all I can say is that I, Dr Steffen Schmidt, has such protection.

Are You Sick?

You will be when you read this!

"The state has notified federal civil rights authorities after a mistake made by a Florida company exposed private records of up to 71,000 poor and low-income Georgians over the Internet for at least eight days, officials said Wednesday."

Another report actually said some of this stuff may have been on the web for a month. I believe that. The worse the more likely it is that some moron, incompetent, untrained, and under paid subcontractor employee misbehaved with people's precious personal information!

So what was in this set of records, some general stuff that bureaucrats need to work with the poor? Not at all!

"The files, accidentally placed on the Internet by an employee of WellCare Health Plans Inc. of Tampa, may have included people's Social Security numbers, Medicaid or PeachCare for Kids numbers, and their names, birthdates and dates of eligibility for the insurance programs."

One of things that burns me up is that the journalists who write about Id theft always quote the culprits who will say stuff like "We don't have any evidence that the security of our clients has been compromised," and "there is no indication that any Identity theft has taken place" and "We are providing information on how people can check their credit record."

Specifically, "Those affected will receive free credit monitoring services for a year. WellCare also will tell people how to get two free credit reports a year from the Equifax, Experian and TransUnion credit bureaus."

Yeah well, I doubt of poor sick people will go to their wireless MacBook, log on and take care of this. We doubt that these folks can cope with this.

Every business writer in the USA should be forced to read out new book and take our Identity theft Prevention, protection, and Recovery certification workshop (two hours of very intense and interesting material on line at the student's convenience open 24-7 followed by quizzes and a certificate of completion!).

Moreover, these journalists don't seem to know what the serious consequences besides credit ratings can be when medical identity loss happens. In fact, we have a whole chapter in our new book "The Silent Crime" just on medical Id theft and the other forms of serious ID threat loss. To put it bluntly, credit and credit card losses are the least of people's problems!

Source: "71,000 warned about identity theft after records breach. Those affected to receive credit monitoring for a year," By BILL HENDRICK, The Atlanta Journal-Constitution, 04/09/08.

New Book: "The Silent Crime"

To order the New Book please use the link to the right titled,

New Book: "The Silent Crime"