According to a Los Angeles security consulting firm that went skulking outside the Academy Awards ceremony in Hollywood on Sunday, as many as 100 people who walked the red carpet were carrying cellphones vulnerable to the kind of privacy invasion that recently gained Ms. Hilton a new round of unwanted notoriety. The Flexilis researchers said they were able to detect that 50 to 100 of the attendees had smart cellphones whose contents - like those of Ms. Hilton's T-Mobile phone - could be electronically siphoned from their service providers' central computers. The contents of Ms. Hilton's phone, including other celebrities' phone numbers, ended up on the Internet.
An Oscar Surprise: Vulnerable Phones The NY Times, March 2, 2005
More than 10 million homes in the United States now have a Wi-Fi base station providing a wireless Internet connection, according to ABI, a technology research firm in Oyster Bay, N.Y. Those base stations, or routers, allow several computers to share a high-speed Internet connection and let users maintain that connection as they move about with laptops or other mobile devices. The routers are also used to connect computers with printers and other devices.
Experts say most of those households never turn on any of the features, available in almost all Wi-Fi routers, that change the system's default settings, conceal the connection from others and encrypt the data sent over it. Failure to secure the network in those ways can allow anyone with a Wi-Fi-enabled computer within about 200 feet to tap into the base station's Internet connection, typically a digital subscriber line or a cable modem.
Growth of Wireless Internet Opens New Path for Thieves The NY Times, March 19, 2005
Along a crowded stretch of highway just south of Miami's downtown is a shopping area that might be called the data theft capital of the United States. In the wireless hacker equivalent of a drive-by shooting wave, criminals obtained the cardholder information of tens of thousands of customers at four major stores there, including a DSW Shoes retail outlet that appears to have been the initial source of a chainwide data breach. Recent investigations reveal that the thieves singled out stores with strong wireless signals and weakly protected data. While their exact methods are not known, they could have parked a car outside a store or set up in the local Starbucks, using a laptop computer outfitted with an off-the-shelf wireless receiver.
Main Street in the Cross Hairs The NY Times, July 26, 2005
Earlier this month, the Federal Communications Commission voted unanimously to move forward with rules that would compel the businesses to make it possible for law enforcement agencies to eavesdrop on Internet calls. Tapping Internet phones is far more complicated than listening in on traditional calls because the wiretapper has to isolate voice packets moving over the Internet from data and other information packets also traveling on the network. Internet companies are starting to gear up for the federal requirements. Many Internet phone companies, including Vonage, which has the largest number of subscribers, already supply the police with the phone numbers that a person under court-sanctioned surveillance dials and the origin of calls he or she receives, plus information about the connections, like whether a conference call was convened. The vast majority of court orders for wiretapping involve this kind of monitoring, known as "trap and trace," which is typically used at the beginning of an investigation.
The Call Is Cheap. The Wiretap Is Extra The NY Times, August 23, 2004
A "dump," in the blunt vernacular of a relentlessly flourishing online black market, is a credit card number. And what Zo0mer is peddling is stolen account information - name, billing address, phone - for Gold Visa cards and MasterCards at $100 apiece. The online trade in credit card and bank account numbers, as well as other raw consumer information, is highly structured. There are buyers and sellers, intermediaries and even service industries. The players come from all over the world, but most of the Web sites where they meet are run from computer servers in the former Soviet Union, making them difficult to police.
Black Market in Stolen Credit Card Data Thrives on Internet The NY Times, June 1, 2005
MasterCard International reported yesterday that more than 40 million credit card accounts of all brands might have been exposed to fraud through a computer security breach at a payment processing company, perhaps the largest case of stolen consumer data to date.
MasterCard Says 40 Million Files Put at Risk The NY Times, June 18, 2005
The chief of the credit card processing company whose computer system was penetrated by data thieves, exposing 40 million cardholders to a risk of fraud, acknowledged yesterday that the company should not have been retaining those records. The official, John M. Perry, chief executive of CardSystems Solutions, indicated that the records known to have been stolen covered roughly 200,000 of the 40 million compromised credit card accounts, from Visa, MasterCard and other card issuers. He said the data was in a file being stored for "research purposes" to determine why certain transactions had registered as unauthorized or uncompleted.
Lost Credit Data Improperly Kept, Company Admits The NY Times, June 20, 2005
This week's disclosure by Citigroup that a box of tapes containing information on 3.9 million customers was lost in transit has again pointed out the chain of vulnerabilities that banks need to strengthen to guarantee the security of customer data. The tapes were picked up from a Citigroup data center by UPS Inc. on May 2, bound for a data center in Texas operated by Experian, a credit bureau. Citigroup was notified by Experian on May 20 that the box hadn't arrived; three days later it confirmed that the box was missing.
Citigroup's Lost Tapes Cast Spotlight On Data Security Information Week, June 7, 2005
Mr. Green, a graduate student at Johns Hopkins University, is part of a team that plans to announce on Jan. 29 that it has cracked the security behind "immobilizer" systems from Texas Instruments Inc. The systems reduce car theft, because vehicles will not start unless the system recognizes a tiny chip in the authorized key. They are used in millions of Fords, Toyotas and Nissans. The implications of the Hopkins finding go beyond stealing cars.
Variations on the technology used in the chips, known as RFID for radio frequency identification, are widely used. Similar systems deduct highway tolls from drivers' accounts and restrict access to workplaces.
Graduate Cryptographers Unlock Code of 'Thiefproof' Car Key The NY Times, January 29, 2005
The recently disclosed privacy breach at the data collection giant ChoicePoint, in which con artists gained access to the Social Security numbers, addresses and other personal data of nearly 145,000 people, has exposed the shortcomings of the laws governing the data-mining industry and consumer privacy. If a person has held a job, held a lease, obtained a driver's license, carried a credit card, been fingerprinted, taken a drug test, gone to court, or simply received mail - odds are that those and many other of his or her recordable details are now stored in one or more consumer databases and available for sale.
Breach Points Up Flaws in Privacy Laws The NY Times, February 24, 2005
It was revealed two weeks ago that some eager business school applicants - most of them aiming at Harvard - exploited a technical glitch to get an early peek at their pending decisions online.
Officials at Harvard, the Massachusetts Institute of Technology and Carnegie Mellon called it an inexcusable ethical breach and rejected the application of any student who exploited the hole. Stanford and Dartmouth continue to deliberate over what action to take.
At 12:15 a.m. on Wednesday, March 2, a visitor to an online forum posted instructions for exploiting some sloppy Web page coding at ApplyYourself.com, a company based in Fairfax, Va., that, among other things, handles applications for some of the country's most elite business schools, including Harvard Business School.
Not Yet in Business School, and Already Flunking Ethics March 14, 2005
As the fallout continued to spread from the news of a security breach at ChoicePoint, a company that inadvertently sold sensitive consumer data to thieves last year, Senator Charles E. Schumer, Democrat of New York, took aim at another data search service, Westlaw. He promised to introduce broad new legislation aimed at curbing identity theft. At a news conference in Washington yesterday, Mr. Schumer complained that any employee - from high-level managers to interns - of a company subscribing to Westlaw's databases could access sensitive records on millions of people, including Social Security numbers, previous addresses, dates of birth and other data that is valuable to identity thieves.
Senator Says Data Service Has Lax Rules for Security February 25, 2005
Yahoo! News March 9, 2005
Deep in a remote, fog-layered hollow near Sugar Grove, W.Va., hidden by fortress-like mountains, sits the country's largest eavesdropping bug. Located in a "radio quiet" zone, the station's large parabolic dishes secretly and silently sweep in millions of private telephone calls and e-mail messages an hour.
Run by the ultrasecret National Security Agency, the listening post intercepts all international communications entering the eastern United States. Another N.S.A. listening post, in Yakima,Wash., eavesdrops on the western half of the country.
The Agency That Could Be Big Brother The NY Times, December 25, 2005
Months after the Sept. 11 attacks, President Bush secretly authorized the National Security Agency to eavesdrop on Americans and others inside the United States to search for evidence of terrorist activity without the court-approved warrants ordinarily required for domestic spying, according to government officials. The previously undisclosed decision to permit some eavesdropping inside the country without court approval was a major shift in American intelligence-gathering practices, particularly for the National Security Agency, whose mission is to spy on communications abroad.
Bush Lets U.S. Spy on Callers Without Courts The NY Times, December 16, 2005
Unbeknown to the Bush administration, an outside contractor has been using Internet tracking technologies that may be banned to analyze usage and traffic patterns at the White House's Web site, an official said Thursday.
The White House's Web site uses what's known as a Web bug to anonymously keep track of who's visiting and when. A Web bug is essentially a tiny graphic image -- a dot, really -- that's virtually invisible. When these bugs are linked to a cookie...a site can tell if the same person has visited again.
White House gets a surprise on its Web site Associated Press, December 30, 2005