Privacy Roundup #0006 • January 2007
January 2007 opened the year with the record TJX card breach, the first Storm worm spam floods and fresh fights over data retention, surveillance and software that watches its users.
1. Hacked to the TK Maxx
TJX, the parent of TK Maxx and Marshalls, admitted that intruders had spent months inside the systems that handle its card payments. The breach reached back to 2003 and would prove the largest theft of card data disclosed up to that point.
2. Fraud linked to TJX data heist spreads
Within days of the TJX disclosure, banks began reporting fraudulent transactions traced to the stolen card numbers. Lenders across North America and beyond started cancelling and reissuing cards as the damage widened.
3. Phishers haul in money from Nordic bank
Criminals drained around 900,000 euros from Swedish bank Nordea after planting a Trojan that captured customers' login credentials. At least 250 account holders were affected, in what was billed as one of the biggest online banking thefts seen up to that point.
4. ID theft fears over Hampshire hospital PC theft
Thirty computers were stolen from a disused Hampshire hospital site, prompting worries that patient and staff names and addresses had walked out of the door. Administrators insisted that no complete medical records were held on the machines, but the loss underlined how loosely health data was guarded.
5. Bush performs wiretapping U-turn
The Bush administration agreed that the NSA's domestic eavesdropping programme would in future be subject to oversight by the secret Foreign Intelligence Surveillance Court. The concession followed mounting legal pressure, including a lawsuit by the Electronic Frontier Foundation over warrantless surveillance of Americans.
6. Government launches data free-for-all
Ministers unveiled plans to let personal data flow between public bodies and private firms in the name of fraud prevention. Citizens' tax, benefits, pension and financial details would become shareable across agencies, alarming campaigners who feared fishing expeditions without evidence of wrongdoing.
7. Government drops iris scan plan
The government quietly removed iris scanning from its planned national identity card scheme, falling back on fingerprints and facial images. The retreat was driven by cost and by a wish to match the biometric standards adopted by other countries.
8. Disclosure of government data mining could become US law
A newly Democratic Congress prepared to vote on a bill forcing federal agencies to report on their data mining programmes. The measure took aim at databases built to predict criminal or terrorist behaviour by sifting information on ordinary Americans.
9. Civil rights groups slam San Francisco surveillance expansion
The Electronic Frontier Foundation and the ACLU urged residents to oppose a plan to bolt twenty-five more police cameras onto the city's streets. Critics argued that the cameras were costly and did little to cut crime, while supporters pointed to suspects they had helped catch.
10. US warns on spooky Canadian coins
The US Defense Department cautioned contractors that Canadian coins fitted with tiny radio transmitters had turned up on staff travelling through Canada. The claim, made in a report on technology collection trends, suggested an attempt to track defence personnel by their pocket change.
11. EU data retention laws 'too costly' for telcos
Telecoms firms warned that new European rules forcing them to keep customer email, web and call records for up to two years would impose heavy costs that governments had not agreed to cover. Member states had until September to write the directive into national law.
12. NSA field-tests Windows Vista for security
The same intelligence agency conducting warrantless wiretaps of Americans confirmed that it had helped test the security of Windows Vista. Splitting staff into attack and defence teams, the NSA said its only aim was to help everyone with security.
13. 'Spyware' teacher found guilty of exposing kids to smut
A Connecticut substitute teacher was convicted after pornographic pop-ups appeared on a classroom computer in front of her pupils. Her lawyers blamed spyware on the machine, but the jury rejected the defence and found her guilty on four counts.
14. Inboxes battered by Trojan spam deluge
Criminals seized on the deadly winter storms in Europe to push a flood of malware, using subject lines such as "230 dead as storm batters Europe". Two in every three malware reports tracked by Sophos that Friday involved the new Trojan.
15. Storm Trojan gang declare start of World War III
The gang behind the storm-themed Trojan switched lures to bogus war headlines such as "Third World War just have started!" to keep victims clicking. Each wave shipped a fresh variant, racing to infect machines before antivirus signatures could catch up.
16. Trojans fuel ID theft boom
McAfee reported that keylogging Trojans had become a mainstay of identity theft, with such malware up 250 per cent over a little more than two years. Phishing attacks, the company said, had multiplied a hundredfold over the same period.
17. AOL phishing fraudster found guilty
Jeffrey Brett Goodin was convicted of sending bogus emails posing as AOL's billing department to harvest customers' card details. It was the first jury conviction under the United States CAN-SPAM Act of 2003.
18. MySpace sues Spam King
MySpace sued the notorious spammer Scott Richter, accusing him of using hijacked user accounts to blast out millions of unwanted adverts. The action was striking given Richter's earlier seven-million-dollar settlement with Microsoft over similar junk mail.
19. Silence and 'scareware' epidemic at MySpace
Malicious adverts on MySpace were pushing fake security software designed to frighten users into paying for a cure they did not need. Commentators compared the platform's mounting malware problem with Microsoft's security woes of the 1990s.
20. Contract killer spam scam hits the net
A new spam run impersonated a hired assassin, claiming to have stalked the recipient and demanding tens of thousands of dollars to call off the supposed hit. Beyond the threats, the messages sought to extract money and personal details for identity theft.
Enjoyed this post?
Well, you could share the post with others, follow me with RSS Feeds and/or send me a comment via email.
Tags
Category:
Year: