She said the man in the gabardine suit was a spy

FB-I said "Be careful his bowtie is really a wi-fi"
Next time you flip open your laptop as you wait for a flight or work at a coffee shop, beware, says the Federal Bureau of Investigation. The person next to you may be stealing your personal bank account information, address book and other files from your computer.

The agency warned earlier this week that the information on your computers may not be protected when using some of the 68,000 Wi-Fi hot spots, or local wireless Internet connections, around the country.

"Odds are there's a hacker nearby, with his own laptop, attempting to 'eavesdrop' on your computer to obtain personal data that will provide access to your money or even to your company's sensitive information," the FBI said in a advisory on its Web site.

Think that's bad, the FBI goes further to warn that if a hacker hooks into your computer, you are also connecting to his computer. That means you could be unknowingly downloading viruses and worms.

Protect yourself:
• Update the security protection on your computer with current versions of operating systems, web browsers, firewalls and antivirus and anti-spyware software.
• When tapped into a Wi-Fi network, don't conduct financial transactions or use e- mail and instant messaging.
• Change the default setting on your laptop so you have to manually select the Wi-Fi network you connect to.
• Turn off your laptop's Wi-Fi capabilities when you're not using them. (more)
Clients... Ask us to demonstrate this during our next eavesdropping detection audit.

Cautionary Tale: Prevention = Cost-Effective

Hannaford spending millions to upgrade after security breach.
Background...
Yet Another Corporate Info-Loss Confession
"But, IT said our data was secure."

Hannaford Bros. Co. said it is spending millions of dollars to enhance the security of its data network following a massive security breach that exposed up to 4.2 million credit and debit card numbers to fraud...

Hannaford President and CEO Ron Hodge apologized again Tuesday to customers for concerns and inconvenience they experienced because of the breach...

In a conference call with reporters, Hodge and Bill Homa, senior vice president and chief information officer, declined to address the cause, scope and nature of the breach, citing the ongoing criminal investigation and pending litigation.

The Hannaford case is among the largest security breaches on record but is much smaller than the tens of millions of credit cards that were exposed at TJX Cos. of Framingham, Mass., which has 2,500 stores and includes the T.J. Maxx and Marshalls chains. (more)

The "millions" figure is likely just a system fix number. The final cost, which will include: public embarrassment, loss of customer good-will and customer ill-will lawsuit losses, can not be tallied just yet.

Recommendation:
Be smart.
Be frugal.
Be a corporate hero.
Spend the bucks to protect your company's communications privacy (voice and data). There is a good chance you will save money in the long run... a lot of money! ~Kevin

Data Land Mines

1. A slip of the finger reveals the company secret.
- Turn off that auto-fill feature.
2. People give away passwords and other secrets without thinking.
- Engage brain. Shut mouth.
3. A trusted partner ends up not being so trustworthy with your data.
- Share sparingly.
4. Web-based apps can be portals to leaks and thieves.
- VPN it instead.
5. Hoping the worse doesn’t happen only makes it worse.
- Plan for disasters.
6. Avoiding or diluting response leadership makes breaches worse.
- Designate a buck-stopper.
7. Handling breach details sloppily tips off the perp.
- Practice 'need-to-know'.
8. Trusting "silver bullet" technology hides real threats.
- There ain't no Lone Ranger.
9. Spending unthinkingly wastes resources you might need for important threats.
- Gauge threats.
10. Don't save the wrong data.
- Only store what you need.
(more)

Search Engine with Reduced Squeal

Ixquick.com deletes its users' search data (including IP addresses) within 48 hours... Furthermore Ixquick does not set any uniquely identifying cookies or share your privacy details with 3rd parties.

Corporate Espionage Arrest - AMX Corp. V.P.

Short version: AMX Corporation's Vice President, David Goldenberg, was "arrested for allegedly participating in corporate espionage practices against a competing manufacturer's representative firm."

The following is from the Bergen County (NJ) Prosecutor's press release...
NJ - Bergen County Prosecutor John L. Molinelli announced the arrest of David A. Goldenberg, D.O.B. 05/18/1962, of 432 Golf Dr., Oceanside NY. Goldenberg was arrested on March 28, 2008, on charges of Unlawful Access of a Computer System / Network (2C:20-25b); Unlawful Access of Computer Data / Theft of Data (2C:20-25c); and Conducting an Illegal Wiretap (2A:156A-27)...

The arrest stemmed from an investigation concerning the following: The Paramus Police Department received a complaint from a Paramus based corporation known as Sapphire Marketing, who specializes in high-end audio/visual systems. Representatives of Sapphire reported that they were being suspiciously and consistently underbid for contracts by a competitor for whom David Goldenberg works. They expressed suspicion of corporate espionage. Based on anomalies that the complainant noticed within their computer network and more specifically their electronic mail (e-mail) system, they suspected that the company’s e-mail system had been compromised and that e-mail was being intercepted. The Paramus Police Department (a member of the Computer Crimes Task Force) and the Bergen County Prosecutor’s Office Computer Crimes Unit initiated an investigation.

The investigation revealed that Mr. Goldenberg had engineered the passwords protecting several of the complainant’s e-mail accounts. For a period of time, Mr. Goldenberg was intercepting and reading e-mails that related to potential contracts. Mr. Goldenberg then established a free e-mail account that he had control over, and created an automatic forward of the victim’s e-mail so that they would be sent to him directly. This afforded Mr. Goldenberg advanced knowledge of Sapphire’s customers and bid prices, thus further affording him an opportunity to underbid Sapphire. Sapphire Marketing estimates the loss in revenue from Mr. Goldenberg’s actions to exceed one-million dollars. Mr. Goldenberg was arrested without incident on this date. (more) (more - scroll down)

Goldenberg was hired by AMX June 11, 2007...
“David has a proven track record of satisfying the needs of his customers while boosting sales and profitability. He is also an aggressive marketer focused on value creation,” said Rashid Skaf, AMX president and CEO. “David is a dynamic leader who has proven that he can successfully manage and motivate a diverse team of individuals. I am confident that he will fit well into the AMX culture and accomplish great things with our company.” (more)

"But, IT said our data was secure."

Data Theft Carried Out On Network Thought Secure
Criminals involved in a massive data breach at the Hannaford Bros. and Sweetbay grocery chains stole the customer information from a part of a computer-network system that security experts had believed was secure.

As many as 4.2 million credit- and debit-card numbers were exposed in the breach.

The Hannaford data, which included customer account numbers and card expiration dates, was stolen between Dec. 7 and March 10. ...it has resulted in at least 1,800 cases of fraud.

A malicious software program, written by the thieves, intercepted the information as it went back and forth over a cable to a transaction processor in Denver. It was then transmitted to an Internet service provider somewhere outside the U.S. The software, known as malware, was planted on computer systems in every store in the two chains, the company says.

...it took a team of about 30 forensics experts and information technologists more than 10 days of round-the-clock troubleshooting to discover the malware. (more) (recent data theft list)

Think data theft is rare?

Think again.

Massive information theft occurs almost every day.
Every day, other information thefts occur massively.

One example of infotheft from the list below...
"Personal information on customers of J.C. Penney and up to 100 other retailers could be compromised after a computer tape went missing. The missing information includes Social Security numbers for about 150,000 people." (Jan 17, 2008)

So far this year; by date, victim and records lost.
Jan. 2, 2008 Workers Compensation Fund (Salt Lake City, UT) 2,800
Jan. 3, 2008 Robotics Industries Association (Ann Arbor, MI) Unknown
Jan. 3, 2008 Dorothy Hains Ele. School (Augusta, GA) Unknown
Jan. 4, 2008 Health Net (Mountain View, CA/CT) 5,000
Jan. 4, 2008 FL Dept. of Children and Families (Osceola, FL) 1,200
Jan. 4, 2008 MD Dept. of Assessments & Tax (Baltimore, MD) 900
Jan. 5, 2008 NM State University (Las Cruces, NM) Unknown
Jan. 7, 2008 Sears/ManageMyHome.com (IL) Unknown
Jan. 7, 2008 Geeks.com (Oceanside, CA) Unknown
Jan. 8, 2008 WI Dept. of Health & Family Ser. (Madison, WI) 260,000
Jan. 8, 2008 University of Georgia (Athens, GA) 4,250
Jan. 10, 2008 Select Physical Therapy (Levelland, TX) 4,000
Jan. 11, 2008 University of Akron (Akron, OH) 800
Jan. 11, 2008 University of Iowa (Iowa City, IA) 216
Jan. 11, 2008 VA Dept. of Social Services (Richmond, VA) 1,500
Jan. 12, 2008 CA State University, Stanislaus (Turlock, CA) Unknown
Jan. 14, 2008 Tennessee Tech University (Cookeville, TN) 990
Jan. 15, 2008 Department of Revenue WI (Lakewood, WI) 5,000
Jan. 15, 2008 Naval Surface Warfare Center (MD) Unknown
Jan. 16, 2008 University of Wisconsin (Madison, WI) Unknown
Jan. 17, 2008 GE Money / Iron Mountain (Boston, MA) 150,000
Jan. 23, 2008 Baylor University (Waco, TX) Unknown
Jan. 24, 2008 Fallon Community Health Plan (Worcester, MA) 30,000
Jan. 24, 2008 OmniAmerican Bank (Fort Worth, TX) Unknown
Jan. 25, 2008 Penn State University (University Park, PA) 677
Jan. 28, 2008 T. Rowe Price Retirement Services (MD) 35,000
Jan. 29, 2008 Georgetown University (Washington, DC) 38,000
Jan. 29, 2008 Wake County Emergency Medical Services (NC) 4,642
Jan. 29, 2008 Horizon Blue Cross Blue Shield (Newark, NJ) 300,000
Jan. 30, 2008 Davidson Companies (Great Falls, MT) 226,000
Jan. 31, 2008 SC Dept. of Health & Environmental (SC) 400
Jan. 31, 2008 University of Minn. Medicine Center (MN) 3,100
Feb. 1, 2008 Marine Corps Bases Japan (Okinawa, Japan) 4,000
Feb. 2, 2008 Diocese of Providence (Providence, RI) 5,000
Feb. 7, 2008 Memorial Hospital (South Bend, IN) 4,300
Feb. 8, 2008 MLSgear.com Unknown

Attention infomasochistics!
You can see all the gory details, going back to 2005, here.

Attention smart security directors!
You can get non-IT Department infosecurity help, here.