Dangerous Business
Cybercrime is becoming more dangerous.
A convicted data thief has pleaded guilty to trying to hire a hit man to execute an informant, Wired.com's Threat Level blog
Pavel Valkovich admitted last week that in January he offered someone $10,000 to kill the unnamed informant in a drive-by shooting. The admission came as part of a guilty plea during his murder-for-hire trial.
Valkovich is already serving time after pleading guilty earlier this year to bank fraud. He is to be sentenced for that crime in February and faces up to 30 years for the financial crime, and up to another 20 years for the solicitation charge.
According to law enforcement officials, when authorities learned of the plot they transferred Valkovich to another jail. Undeterred, he tried to arrange a new murder contract, offering $40,000 to kill the original informant and the person he had initially asked to handle the killing, the officials said. He also insisted that one of the victims be beheaded, the officials said.
Valkovich and a partner, Brian Dill, were charged this year with conspiring to steal money from consumers' bank accounts and transfer it to bank accounts they controlled through the PayPal Inc. unit of eBay Inc.
Dill and the informant, whose job was to open PayPal accounts to receive the transfers and then forward the money, began working together on a scam last year, the officials said
Dill managed to move $632,000 from a business account into a PayPal account, and he and Valkovich later met with the informant to plan further thefts, the officials said.
However, the informant had already begun cooperating with the Department of Homeland Security, which recorded some of these meetings to build a case against Dill and Valkovich.
Bad on Paper
Data breaches don't always happen through hacked computers. In some cases improperly disposed paper can create a ton — literally — of exposed data.
"There was a case earlier this month in Missouri where 2,000 pounds of credit reports, blank checks and copies of Social Security statements were found in a dumpster," Linda Foley, a co-founder of the nonprofit watchdog group Identity Theft Resource Center, told The Washington Post's Brian Krebs for his
So far this year, 27% of the disclosed data breaches have involved data printed on paper, up from 17% for all of 2008, the center said.
Indeed, there is so much printed data available that it's hard to quantify it when some goes missing, Foley said. "You pay by the pound for shredding these documents, and that's the best measure we have sometimes."
The recession may be part of the reason that figure has risen, Foley said. "Companies are going out of business and then they take these papers and just toss them or leave them for the building's cleaning crew to deal with," she told Krebs.
Many of the state laws on data-breach notification — as well as three proposed federal notification laws — do not explicitly require disclosure of breaches involving paper documents, Krebs wrote, because the focus is on electronic breaches.
However, many companies disclose paper breaches out of an abundance of caution, he wrote.
Mrs. Doubtfire 2009
Some children look very much like their parents — but perhaps not enough to get away with identity fraud.
Tita Nyambi of Franklin, N.J., is accused of trying to impersonate his mother and make a withdrawal from her account at a JPMorgan Chase & Co. branch's drive-up window, according to
Nyambi presented his mother's driver's license and forged her signature on a bank form in his attempt to withdraw $700 from her account, the affidavit said.
Bank employees were not fooled by the disguise, and immediately summoned police, who arrived while Nyambi was still at the branch.
Uncensored
Black bars are good for redacting sensitive data on physical documents, but not so good for electronic documents.
In both incidents black bars were "drawn" over words in a PDF document in an effort to obscure some of the imformation, but the words themselves remained in the file and were easily accessible to people who know how to see behind the bars, Computerworld said.
Barry Murphy, an analyst with Murphy Insights in Boston, told Computerworld that "If I put a lot of black magic marker on paper I am actually covering the data so that it is redacted … in the digital world that is not true."
In the HSBC incident, the sensitive information pertained to financial information on bankruptcy documents that were filed electronically. In the TSA incident, the information was from a procedure manual the agency posted online.
The tech blog BoingBoing.net described in
Computerworld said members of the House Committee on Homeland Security are looking into the issue even though the TSA said the document, which was put online as part of a contract solicitation bid, is out of date.
The committee has asked for the Department of Homeland Security's guidelines and has asked the department to check that other documents that are availalbe online have been properly redacted.
Security Watch is a weekly roundup of news and developments in data security and their impact on financial services companies.
Please e-mail us any