Faked tax returns using stolen Social Security numbers swamp IRS

sh_IRS tax_550pxBy Byron Acohido, Last Watchdog

KINGSTON, Wash. – Fraudsters once again are having a field day using stolen personal data to file bogus tax returns, ripping off billions from the U.S. treasury and setting in motion a huge hassle for victimized citizens.

This crime is so easy to execute that petty thieves and organized crime gangs are doing it at scale. The government has stepped up arrests, but is no where near making a substantive dent, nor creating a meaningful deterrent.

Falsified returns are so easy to cash in because the IRS does not authenticate tax returns or W-2 forms prior to issuing a refund. And all a scammer needs is a name and Social Security Number. He or she can then fabricate a return and route the  refund to an address or bank account he or she controls. Last Watchdog asked iovation’s CTO Scott Waddell for some context: …more

Windows XP hackers prep for April 8 end of security patching

A shopper browses Windows goods. (courtesy Microsoft)

A shopper browses Windows goods. (courtesy Microsoft)

By Byron Acohido, Last Watchdog

KINGSTON, Wash. — A huge opportunity for hackers to infiltrate thousands of SMBs and enterprises is about to open up.

More specifically, the juicy targets include any company or organization still using Windows XP servers, desktops and laptops — anywhere inside a corporate network — after April 8.

That’s the date when Microsoft will no longer issue security patches, nor provide any technical support, for XP. Microsoft has been clanging the warning bell for more than a year, including posting this countdown clock.

“Unsupported systems provide a target-rich environment that will allow for cyber criminals to create an exploit and leverage it without the threat of it being shut down by security patching,” says Vinny Sakore, Cloud Security Program Manager at ICSA Labs.
…more

After brief respite, spam, malware infections on the rise

By Byron Acohido, Last Watchdog
 SEATTLE – The major forms of Internet crime are nothing if not  resilient.
Consider  what a major advance it was for the good guys last October when the Russian Interior Ministry announced the arrest  of  “Paunch,” accusing the hefty Russian male of being the ring leader of the gang responsible for the creation and proliferation of the Blackhole exploit kit.
 The arrest of Paunch, whose real identity has yet to be publicly disclosed, and 12 others by Russian authorities demonstrated that the elite cyber gangs may not be untouchable. And it also showed a resolve among Russian political leaders to mitigate cybercrime some in the global security community doubted. …more

Why Amazon, Google and Microsoft have little to fear from European privacy rules

110803_Googlespy(Editor’s note: In this guest Last Watchdog essay, Nicos Vekiarides, founder and CEO of TwinStrata, argues that threats to constrain U.S. cloud service providers may contain more bark than bite.)

By Nicos Vekiarides, Special for Last Watchdog

Surely by now, you may be tired of hearing about the Snowden effect. While the revelations over the past year swirling around the NSA are certainly concerning, the truth is the threat of unauthorized access to data has always been a specter – whether it be a government agency, big tech, hacktivists or cyber spies.

Realistically, while privacy regulations will periodically get scrutinized, and often strengthened, few if any true “anti-American” laws will go into effect—especially with the three most prevalent cloud providers operating in Europe today: Amazon, Google and Microsoft. …more

Security startup Metapacket offers manual protection to smaller businesses

Nir Krakowski, CEO, Metapacket

Nir Krakowski, CEO, Metapacket

By Byron Acohido, Last Watchdog
SEATTLE –  Scores of tech security entrepreneurs, backed by deep-pocketed angel investors, are hustling to match the success of malware detection company FireEye, which recently made founder Ashar Aziz the newest member of Forbes list of billionaires.
Then there is Nir Krakowski, a bright young Israeli coder whose startup, Metapacket, is a throwback …more

Q&A – Why hackable industrial controls won’t soon improve

ICS imageBy Byron Acohido, Last Watchdog
 SEATTLE — At the root of concern about cyber attacks against our nation’s critical infrastructure is the profoundly hackable state of industrial controls.
Yet, discussion about the abject lack of security in ICS (Industrial Control Systems,)  SCADA (Supervisory Control and Data Acquisition) and PLC (Programmable Logic Controller) systems has taken somewhat of a back seat to sexier security issues, such as insider hacking and denial of service attacks.
 Based on discussions I heard at the Kaspersky Security Analysts Summit in Punta Cana and at the RSA Conference in San Francisco last month, there is no driving force that will cause this gaping exposure to be substantively narrowed anytime soon.
 The voluntary NIST standards stemming from President Obama’s cybersecurity executive order at least gets the ball rolling, says Chris Blask, chair of ICS-ISAC, the Industrial Control System Information Sharing and Analysis Center. …more

What IT buyers should know about encryption

By Byron Acohido, Last Watchdog
SEATTLE — Some 44 percent of consumers don’t bother to set a password to restrict access to their home laptop or desktop computers, and only 14 percent use any sort of encyrption service.
Those findings from a recent Harris poll of 2,000 U.S. adults, commissioned by encryption vendor WinMagic, aren’t terribly surprising. Tighter security means less convenience. And U.S. consumers crave convenience, above all.
However, with personally-owned computing devices showing up in workplace settings, the brunt of any security ramifications is sure to be felt by companies and organizations, particularly those embracing BYOD.
“With consumers bringing their own devices into the workplace, bad security habits will play into the enterprise,” says Mark Hickman, WinMagic’s COO. “There’s going to be sensitive data on their laptops, tablets and smartphones, and they won’t have the right protocols to ensure security.” …more