Monday, October 30, 2006


Brokerage accounts, where consumers manage their retirement savings and investment accounts are a major target of professional identity thieves. With a little work and technology, they are easy to break into and the amounts of money to be stolen can be very large.

This week E-Trade and TD AmeriTrade revealed that they had paid $22 million to clients whose accounts had been taken over by identity thieves.

The vector of the crime – overseas clients using wireless networks or public computers infected with spy ware.

At KnightsBridge Castle we have always advised clients not to use public wireless systems or public computers to access personal financial accounts. That these access efforts were made outside the US makes security enforcement even more difficult.

Friday, October 27, 2006


The national check clearing system processes 37 billon checks totaling more than $39 trillion dollars every year. Within the billions of dollars traversing the network every day are car payments, toothpaste purchases, utility bills, and forged checks or "demand drafts" produced by internet service provider Qchex.

New techniques in check forging and forged electronics fund transfers using bank routing numbers are on the increase. With the credit card companies establishing in the public mind that identity theft equal credit theft, consumers are failing to protect themselves against one of the oldest identity theft crimes – check forgery and bank account fraud.

The state of Florida, one of the states with the highest incidence of identity theft crimes, reports a 54% increase of check forgery facilitated by copying bank routing numbers. Bank routing numbers are the key to both depositing and withdrawing funds. Bank routing numbers flow through the system, not the checks themselves. These simple numbers are the key to stealing funds directly from consumer accounts.

How are these numbers captured? One way is by looking at your checks and copying the numbers down. A merchant employee can do this, or a teenage visiting the household. It’s not necessary to steal the checks. Only the numbers are required. The latest technique is to use cell phone cameras to photograph the routing numbers as you fill out your check at a merchant or bank. Too many consumers assume that by protecting their supply of checks they are preventing forgery. It’s not the checks themselves that really need protection – it’s the bank routing and account numbers than are critical to protect. Signatures are irrelevant to this scheme.

One recent scam involved a company called Qchex which provided an internet service that allowed stolen account and routing numbers to create “demand draft” checks that did not require signatures. The demand drafts then were used to steal money from consumer accounts and deposit them into criminal accounts. The criminal accounts were then immediately converted to cash. The website of qchex has since been shut down.


At KnightsBridge Castle we deal with Identity Theft in all its forms every day. We understand the current limits of the law and the many failures of our legal system to adequately protect us against both identity theft and the new technologies that facilitate commission of the crime. After three years of fighting Identity Theft and assisting thousands in the prevention, detection, recovery, and prosecution of the many crimes of identity theft the team at KnightsBridge Castle calls for the following general legislative initiatives at both the state and federal level.

Require that consumers provide affirmative consent before selling personal information or “profiles” from commercial databases to others.

Require notification to the consumer within 48 hours and, for free, of any sale of his personal information to another. The person or entity purchasing the information should be clearly identified as well as the purpose for such access.

Establish a definition for identity theft that includes the three general elements of the crime – credit fraud, impersonation crimes, and criminal identity theft.

Require affirmative confirmation for credit applications. Passive confirmation of credit applications, such as mailing in pre-approved credit forms, should be forbidden. To complete a credit application, the applicant should physically present themselves together with their identity documents to the credit grantor or his agent.

Prohibit pre-approved credit card and bank draft solicitations.

Require police departments within the jurisdiction of the victim to take police reports for identity theft even if the actual identity crime occurred in another jurisdiction. Identity crimes are committed against a person living in a locality, even though the incident of the crime occurred in another jurisdiction often hundreds or thousands of miles away. Do not require that victims travel to a remote location to file a police report.

Make it an additional and serious crime for persons arrested with multiple and different forged identity documents in their possession at the time of arrest. Own recognacense release on bail should be disallowed if a person has multiple identity documents in his possession.

Dumpster diving, for the purpose of committing fraud, should be a crime.

For Data Breach remediation, breached companies must provide comprehensive identity theft prevention solutions for a minimum of three years. Such comprehensive services must include social security number use monitoring, false identity document use notification, account data monitoring, as well as other indicators of significant impersonation crimes. Credit monitoring alone is not sufficient.

Require credit grantors to report the issuance of new credit instruments to the credit rating companies immediately upon issuance. Credit rating companies currently report “credit inquiries” instantly. If credit is granted then the credit rating companies and credit grantors must be required to immediately update the credit records. Current lag times of 60 to 90 days are woefully inadequate.

Establish tougher laws for identity thieves working in organized groups. Most professional identity thieves need the cooperation and assistance of others to be effective. Establish penalties for identity thieves conspiring to commit impersonation crimes and fraud.

Require merchants with video surveillance of identity theft incidents, to release the videos to identity theft victims who have filed police reports and who have legal representation in seeking redress of an identity theft crime.

Require government agencies who issue identity documents, such as deriver’s licenses, to provide mechanisms for validation of identity through the document granting agency. Currently, most identity document granting agencies will not validate documents, or the existence of documents, except for the license purpose for which it was issued – e.g. driving a car and internal use by government. Government needs to recognize that a drivers license or state issued identity document is used for more than just driving. Validation systems supported by the government agency are critical in establishing a true identity.

Establish penalties for employees of companies holding sensitive personal information if they sell or transfer that information to others for purposes of committing fraud or identity theft.

Require that social networking websites that solicit minor children to their sites, or fail to affirm age allow automated programmatic access to their systems by independent entities for purposes of monitoring the safety and security of minor children in these systems.

Establish firm legislation making “pretexting” or the access for personal information records, such as phone records, bank records, or personal identity records, a crime if committed by an individual or corporate entity.

Make it a criminal offense to “spoof” another’s telephone number in committing a fraud.

Require companies performing background checks for purposes of employment to carry prospective employee messages in the record, if serious errors are contained within the report.

Require “permissive use” for access to all personal information resources on the internet. Hold “independent” information brokers to the same standards of information dissemination as established information brokers. Establish brokers adhere to GLBA, and other state and federal rules for information dissemination. The new breed of internet brokers ignores all laws and offer information for sale to anyone.

Establish a uniform credit freeze demand document and credit freeze criteria. Disallow each credit rating company from using its own forms for purposes of delay or denial in requesting credit freezes.

Require cellular telephone providers to destroy SIM cards immediately when SIM upgrades are required or cell phone upgrades are required. SIM cards contain extensive personal information.

For internet access to public records, require registration and logging of all information requests. Registration must be easy and simple. Logging should not be restrictive. An audit trail must be established and available if public records access is used in committing fraud or identity theft.

Make it a felony to use the Social Security Number of another person in committing employment fraud, medical benefits fraud, insurance fraud, or other fraud and identity theft.

Thursday, October 26, 2006


Eric Drew, founder of KnightsBridge Castle, was interviewed on the CBS Studio's Montel Show on October 19, 2006. Eric's interview is available on-line for viewing on our ID Theft Video blog. You can access the video bog at:


A recent report in the UK newspaper The Scotsman revealed that 3 of 4 UK businesses do not destroy sensitive personal information about customers when throwing out trash. 93% of the companies polled said they treated the issue of identity theft seriously, however, their document disposal processes revealed a significant weakness in their processes.

91% of the businesses said they shred documents containing sensitive personal information. However the researches examined the contents of company trash and found sensitive customer business information including home addresses, phone numbers, and photocopies of passports.

At KnightsBridge Castle we investigate many cases of identity theft every day. Victims often have theories of how the identity theft attack occurred. They are almost always wrong. Identity theft originating in the workplace or from business records is still the most common vector for this crime. The second largest vector is identity theft crimes committed within the family.

We challenge all businesses to examine their trash on a regular basis to see what information is revealed in the trash. It is not enough to have a shredder and a policy. Businesses must routinely monitor their trash disposal to ensure that the shredder is used and the policy followed.

Wednesday, October 25, 2006


If you were a bank employee and you received the following email, what would you do?

Dear ____, I am a reporter for Finance News doing a follow up story on the recent leak of customer records from [the bank's name]. I saw your name come up in the article from Central News and would like to interview you for a follow-up piece."

If you have time I would greatly appreciate an opportunity to further discuss the details of the above article. Regards, Gordon Reily

The email provided a link for responding the Reily.

If you suspect this is a scam your right. Hundreds of employees at a number of banks have been receiving the same message. If the bank employee clicked on the link to reply the remote site then downloaded a key logging bot from a Chinese website that was storing all of their keystrokes.

This was clearly a targeted attack on banking records by a sophisticated group. Not only did they understand psychology, but they also had the latest malware and key logging software.


The research team at KnightsBridge Castle has been looking into social network instant messaging (IM) and the personal information security risks posed by these technologies. New risks have been identified in the past weeks and we wanted to share with you the evolving risks for IM

IM systems have been hijacked by hackers in recent months and used for the spreading of spam messages. The messages try to trick people into giving up personal information. Included in the personal information scams are the usual elements of Social Security Number and logon information for internet accounts.

Website references on IM have included redirects to phony websites of branded names such as EBAY, Amazon, and others. The website looks real, but as in phishing scams the websites are fraudulent and intent on causing you harm.

IM worms have appeared which propagate themselves from IM user to IM user. These automated systems appear to want to engage in a conversation, but they are intent on propagating malware, spyware, or malicious programs.

We always urge caution in revealing any personal information on the internet. IM is clearly a risk to anyone if personal information is revealed. Caution in using IM systems are warranted, because you can never be sure of whom you are actually communicating with – friend or foe?

Tuesday, October 24, 2006


We were recently asked to provide a list of suggestions and tips to "high net worth individuals" for a speaking engagement. Here is our "tip sheet" for those with significant assets to protect. Most of us know the basics, like shredding and a locking mailbox. These tips and suggestions assume the basics are well understood.
Suggestions for those with assets to protect.


Identity Theft is not just about credit. Credit card theft is less than 25% of Identity Theft. Employment fraud, and its associated frauds, such as IRS fraud, medical benefits fraud, drivers license fraud represent the vast majority of identity theft frauds.

Credit monitoring provides little protection against credit fraud. The lag times involved in the credit rating companies systems result in notification by credit grantors of problems long before those problems are reflected in a credit monitoring system.

Identity Thieves target high net worth individuals. While identity theft is statistically most common among the age group of 22 to 24, the greatest monetary damage and disruption of life occurs among those with significant assets.

Some identity thieves specialize in victimizing the very young, the very old, the very sick, and the dead. You need to protect the entire family.

Data breaches are a very real threat to your privacy and security. 40% of data breaches are intentional criminal acts, and not lost laptops or misplaced backup tapes.


Avoid using ATM machines when traveling outside the USA/Canada. Never use an ATM machine in mainland China, Eastern Europe, or Southern Europe.

Freeze your credit – stop credit rating companies from selling your credit information to others, including criminals, without your permission.

Eliminate paper statements from banks and financial institutions. Use on-line systems with good software protection to access your financial records frequently. Set aside a specific time, say Sunday afternoon, to review your accounts on a weekly basis. Don’t wait for a monthly bill to uncover trouble.

Eliminate all unused credit vehicles. Cancel “emergency” credit cards. Close lines of credit you do not anticipate using in the near future. Cancel all cash balance dormant accounts. Bank employees are often bribed into providing this information to thieves. These accounts are targeted by criminals and tend to be unmonitored, giving criminals valuable time to escape detection.

Turn off wire transfer facilities with financial institutions. Use these facilities only when needed.

Billing errors are increasingly uncommon. Don’t assume a billing error will be cleared up without your direct action. It may not be a billing error. It could be identity theft.

Always file a police report when you are a victim of identity theft. Without a police report, no crime has been committed. Without a police report you have no rights to dispute claims by others.

If a victim, always create a paper trail. Do not rely of phone calls to permanently resolve problems. It its credit fraud, call the credit issuer immediately. Then follow up with a written statement and a copy of the police report. Create a contemporaneous log of all your activity. Document as if you were going into court.

Be sensitive to the fact that identity theft often occurs within families. These cases require swift but discreet handling. Knowledge experts will be required.

Second homes and vacation homes are major targets for mortgage fraud. Real property you do not closely observe is subject to significant risk.
Information about you has cash value to criminals. Criminals trade "profiles" for cash. If you are a victim once, you will probably be targeted again.

Monday, October 23, 2006


We frequently write in this blog about the dangers of revealing too much personal information on social networking sites such as MySpace. Pre teens and teens are particularly at risk; primarily due to the lack of caution, peer pressure to reveal too much information, and targeting by predators.

At KnightsBridge Castel we have searched through hundreds of records in MySpace looking for personally revealing information. This research was conducted with the approval of the MySpace participants, including teenagers. We found the amount of personal information revealed on these sites to be appalling.

In the last month we began researching the new social network craze – Second Life. Unlike MySpace, Second Life creates an active virtual world in which “players” in the game interact with each other through instant messaging (IM). Compared to Second Line, MySpace is passive, dull, and not interactive. Second Live is visually stunning and allows for interaction between players at a far more engaging level.

Second Life, has its seamy side, however we have noticed that players in Second Life are far more reluctant to reveal personal information than on MySpace. Our findings at this point are intuitive, but based on hundreds of IM conversations with participants. Only time will tell if players in Second Life fall into the same patterns of revealing too much personal information as they easily do in MySpace.

However, the dynamics of the almost real interactive nature of Second Life seems to make people more cautious than the simple posting systems of MySpace. In interactions on Second Life, you are presented with an interactive visual image of the person you are talking to, and although most of the players depicted are “beautiful” people, the very act of talking (via IM) to a virtual person makes players more cautious about revealing identity details.

A more scientific study is needed; however there is a deep difference in the psychology of interaction between MySpace and Second Life. Its worthy of a dissertation.

Friday, October 20, 2006


Phishing is not longer a crime of individual hackers. Phishing has become a favored tool of organized criminals. To facilitate the volume of frauds perpetrated by crime groups these organizations have been recruiting innocent citizens into their criminal activities. These “money-mules” are recruited to launder stolen money and stolen goods nationally and internationally.

Innocent people are drawn into participating in these frauds through major employment listings and often as work at home opportunities. Job titles such as “financial receiver”, “sales rep”, “shipping manager” or “stock supervisor” are offered for these fake positions.

Innocent victims from the US, UK, and Australia are often duped into the illegal transfer of funds to Eastern Europe. Money mules are critical to the success of these operations. Identity Theft victims are at the start of the chain of fraud. Money mules are at the end. The criminal organizations, in the middle, not only steal, but then must convert their ill gotten gains into clean money.

Successful phishing often results in “profile” information of the identity theft victim that allows the thieves to attack the victims assets. Money mules are needed in the same country as the victim in order to easily accept money transfers or to ship items to the crime groups.

Investigators recently spotted a Craigslist advertisement for a "regional assistant" and contacted a company called Terenfc and requested a job application. Terenfc described itself as a wholesale product distribution company. They offered a commission program of $50 per received package and then transferred plus a base salary of $2,000 per month.

Terenfc then sent the investigator an employment agreement with the following terms:
-- To accept merchandise orders at his/her residential address;
-- To handle the received merchandise in accordance with the reasonable conditions of handling of items;
-- To fill in all the necessary postal documents of the postal service company in complete accordance with their instructions;
-- To ship the item or merchandise to the address listed in the instructions;
-- To scan and send via e-mail or fax all postal documents attached to the shipped correspondence (such as invoices, package slips, custom declarations, receipts or courier's tracking numbers) to the representative of the company within one business day.

Investigators also determined that money mules were encouraged to open multiple accounts with the same bank as the identity theft victim. This allows for small transfers between accounts that just stay under the radar.

Criminal groups contact prospective victims with phony job ads through employment websites, general company websites, e-mail, and Internet chat rooms. Jobs are often advertised as managerial but have no real requirements for experience or education.

Criminal organizations convince victims to work for their company and often use contracts forms to cement the employment relationship. When employed the money mules take funds into their accounts from accounts that have been stolen or compromised. Mules then transfer funds out of their accounts and send them via wire transfer service to criminal accounts overseas.

Money mules are key to the success of these criminals. Without the money mules the criminals cannot get to their stolen goods and get their money.


Every day at KnightsBridge Castle we receive phishing attacks. We monitor them but I thought today I would share with you the Phishing effort of the day. Today’s effort is the common Ebay notice. The wording of the phishing attempt is as follows.



Dear sir,

We recently have determined that different computers have logged onto your eBay account, and multiple password failures were present before the logons. We strongly advice CHANGE YOUR PASSWORD.

If this is not completed by October 24, 2006, we will be forced to suspend your account indefinitely, as it may have been used for fraudulent purposes. Thank you for your cooperation.


Thank you for your prompt attention to this matter.

We apologize for any inconvenience.


Upon clicking to change your password you are directed to a DNS location, not the URL of EBAY. A trace of the DNS reveals the following location of the phishing effort. EBAY has not moved its security facilities to Uruguay as indicated by the DNS.

OrgName: Latin American and Caribbean IP address Regional Registry

Address:    Potosi 1517
City:       Montevideo
Country:    UY 

Thursday, October 19, 2006


Recent research conducted by KnightsBridge Castle indicates that the majority of children and teens using the internet and social networking sites such as MySpace violate at least one of the 6 basic child safety guidelines provided by the National White Collar Crime Center (NW3C).

We quote the NW3C child and teen safety guidelines:

Examples of information a child should not give out in their online profile include:
-- Real Name
-- Addresses
-- Any phone numbers
-- Name and location of school
-- Name or location of a teen’s place of work
-- Pictures of himself or herself.

KnightsBirdge Castle research indicates that social networking sites have proven so attractive to children, and that peer pressure to participate is so strong, that the majority of children interviewed violate one or more of the guidelines given above. During the interviews most children knew of the dangers of revealing this information, however, their resistance to providing detailed information often broke down with usage, time, and poor examples set by peers. Some children and teens that held to the guidelines often had their security compromised by friends who often posted this information on their own web pages.

Wednesday, October 18, 2006


Phishing Alert
Neighborhood Credit Union
Phishing Alert
OSU Federal
Phishing Alert
Britannia Building Society
Phishing Alert
Lorain National Bank
Phishing Alert
Bank of the Cascades
Phishing Alert
CU @ Home, Home Banking
Phishing Alert
Great Western Bank
Phishing Alert
BB & T Branch Banking & Trust
Phishing Alert
Teachers Credit Union
Phishing Alert
OCHA Credit Union
Phishing Alert
Alliance Bank
Phishing Alert
Notre Dame Federal Credit Union
Phishing Alert
Brattleboro Savings & Loan Association
Phishing Alert
USA Federal Credit Union
Phishing Alert
Bank of America, Military Bank
Phishing Alert
Del Norte Credit Union
Phishing Alert
Boulder Valley Credit Union
Phishing Alert
Phishing Alert
St. Bernardino School Employees FCU
Phishing Alert
Honolulu City & County Employees Federal Credit Union
Phishing Alert
Cahoot Bank
Phishing Alert
Heritage Oaks Bank
Malicious Website / Malicious Code
Email Fraud Using Brazilian Gol Airlines Crash
Phishing Alert
National Bank of Abu Dhabi
Phishing Alert
Arkansas Federal Credit Union


On October 19, Eric Drew, founder of KnightsBridge Castle, will appear on the Montel Show to discuss Identity Theft prevention, detection, and recovery. Eric is regularly featured as identity theft prevention expert on national television and appears regularly on NBC, CNN, and other networks. Please check your local listings for the time and location of this show with Eric Drew

Friday, October 13, 2006


Markus Jakobsson of Indiana University recently published a paper demonstrating computing techniques which can deduce a mother’s maiden name against a targeted individual with great efficiency. Using public records in the state of Texas his technique was able to deduce the maiden names of the mothers of over 4 million Texans.

Security professionals have known for many years that the use of the mother’s maiden name is a very poor authentication technique. However its use as a verification tool is still widespread.

At KnightsBridge Castle, using both public and private databases we easily find mother’s maiden names of our clients when providing identity theft protection services and with a clients “permissive use authorization.” When performing authentication we do not use this poor validation technique. Why do businesses continue to use this technique? We are not certain, but it is cheap and while it no longer can be relied upon, it once had some validity.

Professor Jakobsson’s approach is of great interest and the full paper may be found at:

Thursday, October 12, 2006


Picture phones are everywhere and they are often used by identity thieves to facilitate crime. Consumers need to increase their sensitivity to the prying eyes of picture capable cell phones. Common risks of identity theft facilitated by identity thieves with picture phones and standing near you are:

  • Capture of bank routing information when writing checks. Routing numbers are used for check forging and electronics fund transfer.
  • Capture of key strokes at ATM machines – video records of keystrokes can be used to reconstruct pins. Account number data is stolen by skimming devices attached to the ATM. The combination allow thieves to steal from your accounts
  • Drivers license numbers and address information when providing proof of identity – used to create forged drivers licenses which have correct validation information.
  • In house account numbers – if you have an account number with a local merchant and use it to make purchases, cell phone camera’s may catch these numbers.

    We are now very sensitive to “prying eyes”; however the cell phone camera is held in the hand and may compromise our personal information even though the eyes are not “prying.”

Wednesday, October 11, 2006


Passwords and PIN’s are our primary defense in protecting our personal security in personal systems as well as in commerce. Unfortunately, breaking these codes is easy. There are three common techniques for breaking your password and stealing your information or commercial accounts.

Dictionary or Brute Force attacks – these attacks use word frequency dictionaries and simply submit one common word after another until the logon is accepted. In the early 70’s when this author was a young programmer my password was “dog”. Today’s powerful servers and PC’s would have cracked open my old accounts in less than a second.

Rainbow Table attacks – these attacks use a technique which constructs a chain of possible passwords. Each chain contains randomly selected “guesses” of passwords and then successively applies a hashing technique and reduction function to search for a valid password. Failed password guesses are discarded and new random guesses constructed through the creation of a “rainbow table”. This table takes time and memory to build, but must only be built once at which point, it can then very quickly recover unknown passwords.
With the growth of on-line accounts we are all having trouble remembering passwords. The most common call to help desks is for forgotten passwords. Therefore we tend to fall into an all too common trap – we create a basic easily remembered short password and we use it for many accounts. The easily remembered password is usually a common English language word or a variant on that word. We all know the need for adding special characters, but few of us do so. Your keyboard has 64 characters on it and another 104 non-alpha-numerics. Both of the above techniques will search the character strings first. By including many of the other 104 keyboard elements you make these techniques much more complex and more time consuming.
Here are some poor passwords easily cracked but easy to remember.

  • alphabeta
  • abouttown
  • speedlimit

Here are some far more difficult passwords to crack but probably more difficult to remember.

  • $,H&aNlo*>>
  • M#ar”tin
  • Over64$easy^^TOn(=12

Tuesday, October 10, 2006


For years the conventional wisdom has held that Microsoft’s Internet Explorer (IE) was not as safe from intrusion, hackers, keyloggers, or malware, than independently produced browsers such as Apple’s Safari or Mozilla’s Firefox. This axiom has been true for years, however we need to reassess the validity of this assumption given current developments.

Hackers prefer to write code that will cause the greatest harm or provide them with the greatest ill-gotten gains. Hackers and identity thieves have concentrated on Microsoft’s Internet Explorer, not because of inherent flaws, but rather because it was the most widely used browser technology. A week spent designing successful malware for IE would result in millions and millions of successful attacks. Time spent on formerly tiny Mozilla FireFox would gain only a few hundred thousand successes.

However with the growing popularity of independent browsers, and the increasing security efforts of Microsoft, these conclusions may not be valid. A leading internet security company recently reported that for the first time the number of known significant security risks was slightly greater for independent browsers.

We do not recommend changing browsers. We do recommend that you reconsider any assumptions about your browser based of traditional views of security.

Monday, October 09, 2006


As part of our identity theft prevention program we advise clients to destroy old hard disk drives from personal computers when scrapping them or donating the units to schools or charity,

While this caution is well understood, consumers continue to make the error of leaving a hard drive in a PC when disposing of it.

When PC’s are recycled the hard drives are pulled from the units and often auctioned off. In a recent study 300 used hard disks were purchased on auction site throughout the world. 41% were unreadable, 20% contained information identifying their previous owners, 5% held commercial business information such as account numbers and customer information, and an additional 5% held “illicit” data.

Data commonly found on these old hard drives included payroll information, mobile telephone numbers, copies of invoices, employee addresses and pictures, IP addresses, network information, illicit audio and video files, and financial details including credit card accounts.

How do you dispose of old hard drives? You have two options – degauss the drive or physically destroy the drive. Degaussing the drive involves a placing the drive in a powerful magnetic field to erase information. Some PC stores may have degaussing units available for consumer use, however these systems are not easy to find. The other option is to physically destroy the drive. Two physical destruction techniques are common – sledge hammer or a bucket of salt water. While the sledgehammer technique has some merit, we advise the salt water technique. Take a bucket of water, add a cup of salt, drill a hole in the disk drive housing to let the water in, place the drive in the bucket, put the bucket in the garage, wait a week, toss out the drive into the trash or recycling. Salt water attacks the circuitry of the unit as well as the aluminum substrate of the disks themselves. After a week the drive is ruined and recovery of data impossible.

Friday, October 06, 2006


This counterfeit check is part of a "work at home scam." Targeted victims receive a letter and this above check allegedly from the Shopping Group Inc., informing them that they had been hired as a "secret shopper". The letter stated that she would be making a $50 secret purchase at Wal-Mart, a $40 secret purchase at Gap, then a $2500 wire transfer at Western Union and a $1200 wire transfer at Money Gram.The victim was instructed to call the Shopping Group at a specific number for instructions. When the victim called they were advised to deposit the check and once the check had cleared to call back. At that time they would tell the victim where to send the wire transfers.

The victim,suspecting fraud, looked up the phone number for Artisan's Bank and called them direct. An employee at Artisan's informed her the cashiers check was counterfeit and they had received several calls on them.


Ten years ago the Association of Certified Fraud Examiners (ACFE) predicted that “fraud will be the crime of choice for the 21st century.”

Today the ACFE concludes that fraud in the US alone exceeds $600 Billion dollars annually.

Many of these fraud schemes are the result of identity theft and impersonation crimes.

Organized crime groups, have in recent years, seized upon new technologies to increase criminal attacks. These technological resources include powerful computers, advanced servers, state of the art networking equipment, skilled programmers and even computer scientists with advanced skills.

In the database world, in which our personal information resides, there is a cyber war between organized crime groups and businesses. Crime groups seek to break into personal information databases and businesses struggle to counter these attacks in protecting their data.

Detica, a leader in financial crimes prevention, in a recent article describe new developments in organized criminal attacks on databases.

“The modern criminal has adapted to these new environments, developing new ways of perpetrating serious financial crimes while continuing to operate below the radar. This new modus-operandi is characterized by well organized executions of many smaller frauds spread across multiple individuals and often across a number of financial institutions.”

Rather than launch massive attacks against a data base, which is easily detected, the new criminal technique is to target databases in low volume and low frequency attacks. By flying “under the radar” organized groups can repeatedly attack databases with far less chance of detection.

Thursday, October 05, 2006


The GAO (Government Accountability Office) recently issued a report which found serious deficiencies in the Medicare and Medicaid computer network systems called the CMS system.

These vulnerabilities made it possible for hackers to access personal medical records and other personal records. The report found “significant weaknesses in electronic access and other systems control threatened the confidentiality and availability of sensitive CMS financial and medical information…. As a result sensitive, personally identifiable medical data traversing the network is vulnerable to unauthorized disclosure….”

At KnightsBridge Castle we have been following an alarming increase in medical benefits fraud facilitated by identity theft. The lack of a secure network system within CMS places all Medicare and Medicaid patients, medical professionals, and consumers at risk.

The full report may be read at:


The “talking heads” on the financial news channels have today been assessing the recent HP “pretexting” case, and have been challenging the possibility that HP’s executive team violated the law. On the other hand, the California Attorney General filed charges yesterday against the executives. In addition to conspiracy charges the basic criminal charges are based on the following penal code sections.

538.5. Every person who transmits or causes to be transmitted bymeans of wire, radio or television communication any words, sounds,writings, signs, signals, or pictures for the purpose of furtheringor executing a scheme or artifice to obtain, from a public utility,confidential, privileged, or proprietary information, trade secrets,trade lists, customer records, billing records, customer credit data,or accounting data by means of false or fraudulent pretenses,representations, personations, or promises is guilty of an offensepunishable by imprisonment in the state prison, or by imprisonment inthe county jail not exceeding one year.

530.5. (a) Every person who willfully obtains personal identifyinginformation, as defined in subdivision (b), of another person, anduses that information for any unlawful purpose, including to obtain,or attempt to obtain, credit, goods, services, or medical informationin the name of the other person without the consent of that person,is guilty of a public offense, and upon conviction therefor, shall bepunished either by imprisonment in a county jail not to exceed oneyear, a fine not to exceed one thousand dollars ($1,000), or boththat imprisonment and fine, or by imprisonment in the state prison, afine not to exceed ten thousand dollars ($10,000), or both thatimprisonment and fine.

(c) Except as provided in subdivision (h), any person who commits any of the following acts is guilty of a public offense:
(2) Knowingly accesses and without permission takes, copies, or makes use of any data from a computer, computer system, or computer network, or takes or copies any supporting documentation, whether existing or residing internal or external to a computer, computer system, or computer network.


The National Cyber Security Alliance (NCSA) a not-for-profit organization, has released a study which confirms the concerns of many that social networking sites pose a significant risk to personal security and to increased risk of identity theft attacks. The National Cyber Security Alliance (NCSA) is a public resource for cyber security awareness and education for home user, small business, and education audiences.

Social networking sites such as MySpace have become extremely popular in the last two years with MySpace alone having over 80,000,000 subscribers world wide. Social networking technologies allow individuals to create their own web pages full of personal information, chat with friends, photos, videos and instant messaging.

KnightsBridge Castle examined the risks to social networking some months ago by conducting focus groups with both teens and parents. Our conclusion was that the peer pressure to participate in social networks by teens was irresistible, and that teens often deceived parents about their use of these networks.

We also concluded that parents were unable to restrict access by their teens and children to these sites regardless of their vigilance. We advised that parents should set down rules for social networking use rather than to forbid their use. In addition we suggested for parental monitoring and enforcement of those rules.

The NCSA study concluded that many who used social networking sites were unaware of the risks to personal security and to identity theft.

We believe that this study is of great utility in understanding the risks to adults. The study has one major flaw in its methodology. It spoke only to adults. The study therefore gives the perception of adults as to the use of these sites by teens. NCSA reports that less than 25% of teens are active on social networking sites. Our studies, here in the San Francisco/Bay Area indicate that teen use of these sites exceeds 80%. In our focus groups we found that 40% of teens using social networking sites were doing so by deception to their parents.


83 percent of adults who use social network expose themselves to hackers and thieves by downloading unknown files potentially opening up their PCs to attacks.

74 percent have given out some sort of personal information such as their email address, name and birthday. Some have even given out their social security number. Providing this type of information can provide enough ammunition for criminals to hack into financial records and compromise users’ personal information.
57 percent of adults who social network received unsolicited emails or phishy emails asking for money, requesting account information, informing users of lottery winnings or asking users to download a video or picture.

31 percent of those who received these phishy emails actually responded to them. Responding to phishy emails dramatically increases the chances of receiving more unsolicited emails and providing personal or financial information that could be used to commit identity theft or fraud.

40 percent of employed respondents with access to a computer at work claimed to visit these types of Web sites at work, opening up their businesses to the same cyber security risks.

20 percent of adults surveyed are aware their children under the age of 17 use social networking services, only 49 percent of those adults limit access to their children’s profile.

The full report may be found at:

Wednesday, October 04, 2006


Many of us have become increasingly reliant on internet messaging facilities, such as email and now IM (instant messaging). In 1995 we wrote an article for West Publishing entitled “Electronic Discovery in a Paperless World”, and in this article we discussed the concept that “an email is forever.” In other words, emails are not ephemeral. Emails do not disappear in the ether, but rather can be recovered and read by others. At the time we wrote the article, it was standard procedure for Silicon Valley companies to log and retain all email and voice mail messages for a minimum of seven years. Corporate emails are known now to have no assurance of privacy, and corporate logging and capturing systems are only one way in which personal information can be compromised.

Today, we can say the same for IM – Instant Messaging systems. To rephrase our earlier conclusion about emails we can now say “an Instant Message is forever.” Not only do corporate systems and internet service providers keep copies of instant messages, but hackers, keyloggers, and malware also may capture IM.

At KnightsBridge Castle we have a policy regarding electronic messaging. Our policy is never to include personally identifying information within an electronic message. Emails are used only to notify a client of the need to contact us directly about a problem or issue detected in their profile. When we use our website “Chat line” we insist that our consultations with potential clients and others, be kept of a general nature. The specifics of any situation, which would reveal personal information are not discussed at any time by email or IM. Critical communications with clients concerning personal information are carried out on secure telephone lines or through the US Mail. Telephone conversations and the US Mail have their own security issues, however, federal enforcement of privacy laws regarding the content of these messages is strong and enforced.

Tuesday, October 03, 2006


In a recent interview with Frank Keffer of the San Jose Police department he reiterated advice that KnightsBridge Castle has provided to clients for a long time – don’t fill out surveys of your interests, buying habits, or which ask for personal information such as income. Our perspective on this scam is a bit theoretical, but Detective Keffer’s view is very practical.

When you see that new car at the mall you may be tempted to fill out the marketing survey and take a chance at winning a new car. Keffer advises you resist the temptation. Information you provide will be collected by marketing companies and potentially sold to hundreds of legitimate and not so legitimate data mining companies. Their purpose is to harvest the data and learn as much about you as possible. If identity theft does not follow, then marketing blitzes surely will.

Ask your self, “Why would someone give away a car in exchange for survey information?” The answer – survey information has value to marketers and thieves.

That car by the way, is probably traveling throughout the state our country as an inducement to provide personal information. Its not a local contest. Your chances of winning are very slim indeed – in fact the car may never be awarded at all.

Monday, October 02, 2006


London’s Channel 4 presents a documentary airing on Thursday which will put the problem of British consumer data theft from Indian call centers under the spotlight.

A British documentary scheduled to air tomorrow night in London claims that thousands of credit card and passport details are being stolen from British consumers and sold on for as little as £5 each. The culprit – foreign call centers.

Channel 4 will broadcast 'Dispatches' an undercover documentary entitled ‘The Data Theft Scandal' on Thursday at 9pm.

The program follows a 12-month investigation and exposes "alarming security failures in a number of commercial call off shore centers".

Hidden camera footage shows one middleman offering the undercover reporter a database containing the credit card details of 200,000 people and another middleman offering details of customers with Halifax, Nationwide, Woolwich, Bank of Scotland and NatWest for £5 each.

The UK government estimates that identity fraud costs the UK economy £1.7bn and that there are more than 100,000 victims every year.


The Office of Inspector General (OIG) of the Social Security Administration (SSA) reported a successful prosecution for disability benefits fraud. Disability benefits fraud is taken seriously by the SSA and is vigorously investigated. Other forms of fraud, such as the use the fraudulent Social Security Number to seek fraudulent employment or to seek non-SSA benefits (such as medical benefits fraud, and IRS fraud) are not actively pursued by OIG of SSA. We have discussed this problem with SSA fraud investigations earlier in this blog. While this story is not about Identity Theft it does illustrate where the SSA puts its investigative efforts.

The New Haven office of the SSA investigated a woman employed by the United States Postal Service who fraudulently received $137,591 in disability benefits from both SSA between 1996 and 2005. She left the Postal Service in 1996, and filed claims for disability benefits in April and September 1999, alleging that she was unable to work because of physical ailments that prevented her from employment. The woman was granted SSA disability benefits in 1996 and received benefits until her conviction in August 2005. The United States Postal Inspection Service obtained extensive video surveillance footage of the woman between August 2000 and April 2001 which showed her engaging in activities inconsistent with her alleged disabilities. Subsequent investigation determined that she had made misleading and fraudulent statements and representations about her medical condition to SSA during the benefit application process.


“Inside”, the newsletter of Consumer Reports, this week ran a short article on “Safeguarding your Social Security Number”. Missing from its discussion of protection was a key and critical element.

The good advice from Consumer Reports?

-- Don’t carry your SSN
-- Don’t put documents with your SSN in your mailbox for pickup.
-- Don’t give your SSN to anyone – unless absolutely necessary.
-- Get your SSN off pay stubs
-- Don’t throw away old insurance cards, pay stubs, or anything with your SSN into the trash.

Missing from these recommendations – find out if someone else is using or has used your SSN. How? By checking over 85,000 databases for name, address, SSN combinations to ensure that your SSN is secure. If not, there are specific actions you can take to make yourself secure.

KnightsBridge Castles SSNWatch service ( provides you with this capability.


Following 9/11 the FBI saw a major change to its priorities and one of the unintended consequences of these changes was a de-emphasizing of its role in white collar crime investigation including identity theft crimes. Some analysts have commented that the FBI lost all interest in these crimes, and others assert that the Secret Service is now responsible for identity theft frauds. The FBI following 9/11 transferred 500 agents from traditional crime areas to terrorism related programs.

The US Justice Department has reported a 38% reduction in the overall number of white collar crimes (including identity theft crimes) that the FBI has referred for prosecution, as well as a 37% reduction in organized crime referrals.

The actual commitment of the FBI to identity theft crimes is difficult to ascertain. Our contacts within major metropolitan police departments indicate that the FBI was rarely involved in day to day identity theft investigation and that their efforts were focused on high impact and high visibility major fraud.

Published on the FBI website are its top ten priorities. These are:

1. Protect the United States from terrorist attack.
2. Protect the United States against foreign intelligence operations and espionage.
3. Protect the United States against cyber-based attacks and high technology crimes.
4. Combat public corruption at all levels.
5. Protect civil rights.
6. Combat transnational and national criminal organizations and enterprises.
7. Combat major white collar crime.
8. Combat significant violent crime.
9. Support federal, state, county, municipal, and international partners.
10. Upgrade technology to successfully perform the FBI’s mission.

With respect to the many crimes of identity theft, including credit fraud, impersonation crimes, and criminal identity theft, the FBI priority list clearly delineates where the FBI places resources regarding this crime.

Identity theft to facilitate terrorism, foreign intelligence, espionage, public corruption, trans-national crime, significant or major white collar crime and violent crime are stated objectives. Effectively this means that for the FBI to take an interest in identity theft crimes affecting consumers the impact must be very large indeed.

By implication these priorities leave the vast majority of identity theft crimes to local police authorities with one notable exception – organized international criminal id theft rings.

At KnightsBridge Castle we believe that consumers and individuals are increasingly “on their own” when it comes to preventing, detecting, and recovering from these crimes. The U.S. Department of Justice statistics, as well as the new FBI priorities seem to lend credence to this conclusion.

Blog tracker