Privacy and Identity Theft

When you die, what will happen to your digital assets? Importantly, what will happen to your passwords and online accounts? Some of these need to be handed over to work colleagues. Some of these need to be handed over to spouses and children. Some may be needed to be handed over to your estate attorneys. And some maybe just die with you.

There are many complex issues regarding data privacy, disclosure, data privacy, rights management and the crypto and business systems that need to align underneath.

The day after the Internet Identity Workshop, Phil Windley is hosting “Digital Death Day”, a workshop that is going to examine these questions, and discuss proposed solutions and technical and legal hurdles.

The Federal Deposit Insurance Corporation (FDIC) will hold a day-long symposium to examine the threat of commercial payments fraud posed by cyber criminals targeting small and midsize businesses on May 11, 2010. The FDIC has observed an increase in this type of fraud over the past several months, which has resulted in millions of dollars in losses, frayed business relationships and litigation affecting both banks and businesses.

Javelin Strategy has released a report about consumer financial fraud that shows that 10 percent of fraud victims fell victim to ATM cash withdrawls. Criminals are using skimming devices that they attach to ATM machines. These devices capture the ATM card information when you insert your card into the machine. Hidden cameras are typically used to see you enter your PIN number. Cyber criminals also will send text messages or even phishing emails to try to get ATM PIN numbers.

The Federal Bureau of Investigation in accordance with a seizure warrant obtained by the United States Attorney’s Office for the Southern District of New York, has seized the domain CallService.biz.

They allege that CallService.biz was an online service that aided and abetted online fraudsters to raid money from the bank accounts of consumers who’s login credentials had been stolen by phishing or malware.

The service, which was widely advertised in the criminal underground, supplied identity thieves with people who spoke English and German, and who would call financial institutions posing as authorized account holders. They would confirm fraudulent wire transfers, withdrawals and other transactions.

It is thought that the service assisted 2,000 identity thieves to carry out more than 5,000 instances of fraud.

Last week two perpetrators were arrested in the Czech republic and Belarus, at the request of US authorities.

Democratic Senator Joe Simitian has reintroduced a measure to SB-1186 that would require that data breach notification letters contain specific information about data loss incidents, including the type of personal information exposed, incident description, type of personal information exposed, and advice for consumers to protect themselves from identity theft.

“This new measure makes modest but helpful changes to the law,” Simitian said in a statement. “It will also give law enforcement the ability to see the big picture, and a better understanding of the patterns and practices developing in connection with identity theft.”

Last October, Schwarzenegger vetoed a similar bill because he said there was no proof that the additional information required in the breach notifications would help consumers.

The US Department of Justice has announced that computer fraudster ALEKSEY VOLYNSKIY was senteced this week to 37 months in prison for hacking into the online brokerage accounts of Charles Schwab customers and laundering over $246,000. Using usernames and passwords that were collected by malware spread on user’s computers, Volynskiy would log into these user’s accounts and wire funds out of them. They would send money to “drop” accounts, and then forward much of the funds to co-conspirators in Russia.