Authorities

[Cretemonster]

http://www.wilderssecurity.com/showt...=215333&page=2

This thread is a perfect example of someone getting physically robbed and the local authorities doing what they are actually paid to do to recover the victims personal items.

So tell me this...what makes it OK when the thief comes into my house via a cable line or a phone line?

I still get robbed blind,bank account emptied,credit card # stolen and maxed out,identity stolen and used to buy houses,cars and various other items.

Sad that the authorities arent quite as proactive when this type of violation occurs.

So this cable line\phone line is a welcome mat,a door with no locks?

I think not,so what are we to do?

I dunno....something...cause nothing is getting us no where.

I often wonder if there is any real solution for this,seriously doubting it.

[Mrkvonic]

Hello,

Answer: house to house robbery has been going on for 5,000 years, so the authorities are pretty solid on that one. E-robbery is new, 10-15 years max, and most likely only half that on any non-microscopic scale, so it will take a full generation to get a-hold of this (20-30 years), at the very least.

BTW, why should your account get robbed? What kind of bank allows money withdrawal and transfers (galore) to other accounts without some sort of identity verification?

Why would you have your ID, SSN, Credit Card no. or any other such info on the computer?

Mrk

[BlueZannetti]

Quote:

Originally Posted by Cretemonster

This thread is a perfect example of someone getting physically robbed and the local authorities doing what they are actually paid to do to recover the victims personal items.

Well, as someone who has experienced both situations.... the emotional drain from a physical violation is a lot more significant. I lost fewer and less valuable physical assets than DVD+R, got virtually all of them back, but it took a while to feel comfortable again. My recent bout with credit card fraud was much simpler. The card provider notified me of suspicious activity, and the situation was nipped in the bud within 8 hours of starting with some minor inconvenience. It was a lot less invasive physically and emotionally.

Quote:

So tell me this...what makes it OK when the thief comes into my house via a cable line or a phone line?

Obviously, it doesn't.

Quote:

I still get robbed blind,bank account emptied,credit card # stolen and maxed out,identity stolen and used to buy houses,cars and various other items.

Sad that the authorities arent quite as proactive when this type of violation occurs.

I find the authorities equally active in the two instances. Jurisdictional ambiguity is a part of electronic crime. My credit card information was compromised somewhere. Not via my own machine, presumably at a vendor I used, the actual compromise event remains unknown. The attempted theft involved electronic assets (very large iTunes purchases, contracting for domain/website services, etc.), again from locations unknown (to me at least). Punchline, the scene of the crime is nebulous and that does create issues.

Quote:

So this cable line\phone line is a welcome mat,a door with no locks?

I think not,so what are we to do?

What one always does - be vigilant.

Quote:

I dunno....something...cause nothing is getting us no where.

I often wonder if there is any real solution for this,seriously doubting it.

There's still some catching up to do from a law enforcement perspective, and we also see that occurring from, for example, credit providers. The activity monitoring performed by credit providers has become rather sophisticated of late. Electronic login to bank accounts is more complex now. It's important to realize that measures to control crime need to balance conflicting objectives. For example, let's sit in the physical world for a moment. If you want to eliminate physical theft, draconian and comprehensive video monitoring of all locations you wish to protect will be fairly effective. Obviously this could have a negative impact on a number of facets of privacy/individual freedom, so this need must be balanced against the need to police the situation. It's the same with cybercrime. Some of the more draconian measures which could be contemplated would have enormous privacy implications. Balancing these competing needs is not a simple process.

Blue

[SirMalware]

Quote:

Mrkvonic
BTW, why should your account get robbed? What kind of bank allows money withdrawal and transfers (galore) to other accounts without some sort of identity verification?

What if the thief has all the proper identity verification?

Quote:

Mrkvonic
Why would you have your ID, SSN, Credit Card no. or any other such info on the computer?

Ever hear of keyloggers?

Quote:

Cretemonster
I often wonder if there is any real solution for this,seriously doubting it.

With all of your experience on the forums you should know by now that no one has to get malware, period. It's too easy to prevent write access to the registry and to directories and prevent cached files from executing.

[Mrkvonic]

Hi,

Even if the thief has all the data ... which you should not keep on the PC, the credit card company and the bank should not allow any such activity without physical proof.

Example: I cannot transfer money to 3rd party accounts without physical approval at my bank - signing docs, showing in person etc - except a limited number of pre-approved numbers.

Second, your ID, SSN etc should only be kept on paper, never electronically.

And lastly, don't get infected.

Mrk

[SirMalware]

Quote:

Mrkvonic
Second, your ID, SSN etc should only be kept on paper, never electronically.

Good point, but what if its typed in?

[BlueZannetti]

Quote:

Originally Posted by SirMalware

Good point, but what if its typed in?

At some point the "what ifs" have to give way to the "what's realistic".

Obviously, a system infected with an active keylogger is extremely problematic. The question is - how frequently is this a real issue vs. more mundane situations such as stolen databases, vendor employee based compromises, or willing surrender of the information via a phishing exercise? I can't put an informed number on that, but I have a difficult time believing that a remotely deployed and administered keylogger is a more frequent occurrence than any of the other situations listed (and probably many others).

As Mrk noted - don't get infected.

Blue

[SirMalware]

Quote:

BlueZannetti
The question is - how frequently is this a real issue...

Well, I guess its never happened to you.

Quote:

As Mrk noted - don't get infected.

Thank you. That is what I said in my original post.

[BlueZannetti]

Quote:

Originally Posted by SirMalware

Well, I guess its never happened to you.

It hasn't..., and when you sit down and carefully examine the sequence of events that have to occur for a remotely installed/administered keylogger to successfully execute the topic of this discussion..., it simply doesn't appear to stack up as a high probability event relative to other routes.

Blue

[SirMalware]

Quote:

BlueZannetti
it simply doesn't appear to stack up as a high probability event relative to other routes.

With your particular Windows configuration and web surfing habits, probably not.

[ccsito]

Quote:

Originally Posted by Mrkvonic

Second, your ID, SSN etc should only be kept on paper, never electronically.

Many of the recent ID exposure incidents involve corporate database weaknesses. Since companies are trying to avoid paper records, the customer has no say in the matter.
One current example involving SSN transmission and recording is electronic filing. You don't send a tax form via snail mail or fax, but via your PC directly. People who use these programs or websites are storing sensitive information in them. There is a strong push to move people away from the paper forms and the numbers of electronic filings keep increasing every year.

[dw426]

Quote:

Originally Posted by ccsito

Many of the recent ID exposure incidents involve corporate database weaknesses. Since companies are trying to avoid paper records, the customer has no say in the matter.
One current example involving SSN transmission and recording is electronic filing. You don't send a tax form via snail mail or fax, but via your PC directly. People who use these programs or websites are storing sensitive information in them. There is a strong push to move people away from the paper forms and the numbers of electronic filings keep increasing every year.

Welcome to the Digital Age *waves goodbye to his old friend privacy*

[ccsito]

Quote:

Originally Posted by dw426

Welcome to the Digital Age *waves goodbye to his old friend privacy*

I will probably be among the last people who still send returns via snail mail.