'Catch Me If You Can' conman warns over Facebook fraud

Frank Abagnale, the former conman portrayed in the Spielberg film Catch Me If You Can, has warned that data posted on Facebook is an invitation to identity thieves.  

 He said the world’s biggest social network makes fraud easier, but blamed naïve members rather than Facebook itself, The Guardian reports.

"If you tell me your date of birth and where you're born [on Facebook] I'm 98 per cent [of the way] to stealing your identity," he said.

"Never state your date of birth and where you were born [on personal profiles], otherwise you are saying 'come and steal my identity'."

Abagnale, who now works as a security consultant, was the target of a US federal manhunt in the 1960s as he posed as an airline pilot, doctor and attorney to steal millions of dollars.

“What I did 40 years ago as a teenage boy is 4,000 times easier now,” he said, although he lamented that children lack some of the skill he developed because of their dependence on technology. 

Read More

Five of the biggest hacking attacks

The hacking attack on three South Korean broadcasters and at least two banks could be one of the largest operations of its kind. Here are some of the most significant security breaches of recent years.

 South Korean authorities have suggested that North Korea was behind the attacks, which crippled computer networks at three broadcasters and two banks. That wouldn't be the first time a state has been implicated in a hacking operation but it might not be the biggest hacking attack. Here are five major attacks from recent years.

1. Operation Shady RAT
Last year security firm McAfee revealed details of Operation Shady RAT (RAT is an acronym for Remote Access Tool), a hacking campaign that took place over several years. The networks of 72 organisations across the world were targeted in the campaign which began in mid-2006, or perhaps earlier, and continued until at least 2010. Targets included the United States government, the UN, 12 US defence contractors and several technology firms.

McAfee said it believed that a "state actor" was behind the attacks and that it was impossible to say how much data was stolen. Though McAfee declined to say which country was behind the attacks, most experts believe China to be the most likely perpetrator.

2. TJX
The precise details of large-scale financial hacks are often kept private but there are several attacks that are contenders for the title of 'most expensive hack'. One is the 2007 attack on American firm TJX, which was mounted from an insecure WiFi network in one of the company's TJ Maxx shops. More than 45 million people had their credit card details stolen and some experts said the actual figure was likely to be closer to 94 million.

3. Heartland Payment Systems
This New Jersey payment processing firm lost data on tens of millions of credit cards in an attack in 2009. Around 175,000 businesses were affected by the theft, which was led by hacker Alberto Gonzalez, who was also implicated in the TJX attack.

Related Articles

• South Korean banks and broadcasters paralysed by hackers
  20 Mar 2013
• Twitter and Tumblr caught in hack attack
  22 Feb 2013
• Facebook hacked in 'sophisticated' attack
  16 Feb 2013

4. Epsilon
The world's largest email marketing firm, Epsilon, confirmed in 2011 that it had been the target of hackers. Only names and email addresses were stolen from the firm, which handles more than 40 billion emails every year more than 2,000 brands worldwide including Marks and Spencer. The scale of the theft was unprecedented.
5. Sony PlayStation Network

In 2011, hackers gained access to Sony's PlayStation Network, putting at risk credit card data for more than 70 million people. The gaming service was closed for weeks and customers were eventually compensated with free games and subscriptions. Though the culprits were never caught, it is now believed that no data was stolen and the attack was intended to simply embarrass Sony.  

Read More

Hijacked PCs defrauding advertisers

Fake clicks generated by the Chameleon botnet are earning fraudsters $6million per month, a London-based investigator has claimed.  

 The newly discovered ‘Chameleon botnet’ has hijacked 120,000 American PCs and is generating billions of fake clicks on adverts, Spider.io claimed.

In some cases, Chameleon accounts for two-thirds of a website’s traffic, generating huge incomes for owners who get on average 69 cents each time an advert on their site is clicked on.

Spider.io has tracked Chameleon since December and said the hijacked PCs, all running Internet Explorer 9 and Windows 7, generated up to 9bn ‘impressions’ every month across more than 200 sites. Sophisticated software impersonated cursor movements and mouse clicks so that fraud detection software was fooled.

Dr Douglas de Jager, Spider.io’s chief executive, said in his report that “It is difficult to imagine why one would run this type of botnet across a cluster of 202 sites other than to commit display advertising fraud.”

The investigation does not reveal which sites were part of the fraud, and Dr De Jager said it was by no means unique. 

Read More

LinkedIn hacker 'also stole 1.5m passwords from dating site eHarmony'

The computer hacker behind the theft of almost 6.5 million passwords from LinkedIn is also responsible for publishing up to 1.5 million passwords stolen from the popular dating website eHarmony, it has emerged.

The hacker, who posted lists containing a total of 8 million passwords on a web forum run by a company in Moscow that specialises in "password recovery" software, uses the online alias “dwdm”. He appealed to fellow hackers for help converting the passwords into a usable form.

Experts said that the fact that some of the passwords included the phrase “eharmony” indicated they were taken from the online dating website, which has more than 20 million members worldwide.

The firm confirmed on Wednesday that its security had been breached after it was first reported by the technology news website Ars Technica.

“After investigating reports of compromised passwords, we have found that a small fraction of our user base has been affected,” it said in a blog post.

It said it would contact affected members and reset their passwords.

Read More

Average broadband speed trebles in four years

The average broadband speed in the UK has trebled in the last four years, Ofcom research has revealed.

Residential fixed-line broadband reached an average speed of 12Mbps in November 2012, the most recent date for which figures are available.

This was an increase of 34 per cent (3.1Mbps) in the six months from May to November, as take-up of “superfast” services increased.

The speed more than trebled in the three years from November 2008, when the average speed stood at 3.6Mbps.

Average speeds continue to go up as more customers migrate to higher-speed packages. By November 2012, 77 per cent of fixed-line broadband users were on packages which advertised speed of at least “up to” 10 Mbps, up from 58 per cent in November 2011.

In the same period, the proportion with broadband connections classed as “superfast” – ie with an advertised speed of up to 30 Mbps – rose from 5 per cent to 13 per cent.

Read More

Could the UK really block internet porn?

After the news that Iceland is considering blocking online pornography, reports have emerged saying the UK may follow its lead. But is this even possible? Dr Brooke Magnanti examines the practicalities.

My first reaction on hearing that Iceland was considering banning internet pornography was that you probably shouldn't buy your porn where you buy your frozen prawn cocktail rings anyway.

Seriously, though, Iceland (the country, not the supermarket) has been considering whether to ban internet erotica - there has apparently been a ban on printed pornography in place for some time, but who looks at that anymore?

It is perhaps inevitable news, given that Iceland has been lauded by some as the "most feminist" country in the world for its recent bans of prostitution and strip clubs, with some surprising supporters of criminalising commercialised sexuality.

With the suggestion mooted those who oppose pornography in this country will no doubt be looking on with interest. Iceland, a fellow island nation, would perhaps serve as inspiration to those who might want to do the same thing. Would it work there, or by extension, here?

Because of Iceland's small and remarkably non-diverse population, there are a number of controls in place there that people in Britain would find entirely unacceptable; so perhaps a porn ban wouldn't trouble them in the circumstances? For example all residents of Iceland have a unique ID number which is used widely for non-governmental applications (such as hiring DVDs).

Read More