- Email: [email protected]
ID theft levels rise unabated
computer FRAUD & SECURITY ISSN 1361-3723 March 2008
www.computerfraudandsecurity.com
ID theft levels rise unabated
I
dentity theft has emerged as the number one complaint for the seventh year in a row in the US according to Federal Trade Commission (FTC) records.
Identity theft accounted for 32% of 813 899 public complaints received by the FTC in 2007. Credit card fraud was the most common form of identity theft at 23% followed by utilities fraud (18%). Consumers lost a total of US$1.2 billion, which is equivalent to an average of US$349 per person, according to the FTC Consumer Fraud and Identity Theft Complaint Data publication. The commission received almost 140 000 more consumer fraud complaints last year than in 2006.
Contents NEWS
The Top 10 complaints received by the FTC: 1 2 3 4 5 6 7 8 9 10
Identity Theft Shop-at-Home/Catalogue Sales Internet Services Foreign Money Offers Prizes/Sweepstakes and Lotteries Computer Equipment and Software Internet Auctions Health Care Claims Travel, Vacations and Timeshares Advance-Fee needs and Credit Protection/Repair
32% 8% 5% 4% 4% 3% 3% 2% 2% 2%
Avoiding acquisition of bad habits
M
process not to just adopt the practices of the acquiring company. And he says a newly combined team needs a single Chief Security Officer.
Mathieu Gorge says companies need to be careful during an acquisition
Turn to page 6...
How not to breed a cybercriminal
A
US researcher has published a paper on the measures taken at a US university to ensure students studying IT security don’t turn into blackhat hackers.
Course leaders at Ball State University worried the university would be held liable if students inflicted damage on external networks. For Research Focus turn to page 10...
1 2 3 3 3 4 4 4 4 5 5
FEATURES Merger Focus Mathieu Gorge considers security for mergers and acquisitions
Featured this month: erging two security companies needs to be carefully negotiated so good habits are retained and bad practice isn’t inherited.
ID theft levels rise unabated UK Ministry of Defence cracks down on IT security after laptop theft FTC fines child social networking site for privacy violations Marks & Spencer ordered to encrypt Systems administrator jailed for planting logic bomb at work Carphone Warehouse told to comply with data protection Man pleads guilty to hotel keystroke fraud Computer programmer pleas guilty to planting logic bomb. Russia’s spam level output surges HMRC could face compensation bill for lost discs CPS neglects to act on disc of fugitives for one year
6
Research Focus The challenges of teaching IT security
10
Online Banking Rob Rachwald looks at the risks with online banking versus conventional banking
11
User Training The US Federal Trade Commission (FTC) wants to train the general public in malware spotting 12 Data Protection Plugging the holes in data protection − US Government update
14
Internet Outage Internet outages show that in the face of a disaster, some people fare better than others
16
War & Peace in Cyberspace Power and Forte discuss the Société Générale fraud
18
Staff Monitoring Corporate Big Brother is unleashed to monitor Internet misuse
20
REGULARS Students: keeping them onside.
Editorial Calendar
2 20
ISSN 1361-3723/08 © 2008 Elsevier Ltd. All rights reserved This journal and the individual contributions contained in it are protected under copyright by Elsevier Ltd, and the following terms and conditions apply to their use: Photocopying Single photocopies of single articles may be made for personal use as allowed by national copyright laws. Permission of the publisher and payment of a fee is required for all other photocopying, including multiple or systematic copying, copying for advertising or promotional purposes, resale, and all forms of document delivery. Special rates are available for educational institutions that wish to make photocopies for non-profit educational classroom use.
www.computerfraudandsecurity.com
ID theft levels rise unabated
I
dentity theft has emerged as the number one complaint for the seventh year in a row in the US according to Federal Trade Commission (FTC) records.
Identity theft accounted for 32% of 813 899 public complaints received by the FTC in 2007. Credit card fraud was the most common form of identity theft at 23% followed by utilities fraud (18%). Consumers lost a total of US$1.2 billion, which is equivalent to an average of US$349 per person, according to the FTC Consumer Fraud and Identity Theft Complaint Data publication. The commission received almost 140 000 more consumer fraud complaints last year than in 2006.
Contents NEWS
The Top 10 complaints received by the FTC: 1 2 3 4 5 6 7 8 9 10
Identity Theft Shop-at-Home/Catalogue Sales Internet Services Foreign Money Offers Prizes/Sweepstakes and Lotteries Computer Equipment and Software Internet Auctions Health Care Claims Travel, Vacations and Timeshares Advance-Fee needs and Credit Protection/Repair
32% 8% 5% 4% 4% 3% 3% 2% 2% 2%
Avoiding acquisition of bad habits
M
process not to just adopt the practices of the acquiring company. And he says a newly combined team needs a single Chief Security Officer.
Mathieu Gorge says companies need to be careful during an acquisition
Turn to page 6...
How not to breed a cybercriminal
A
US researcher has published a paper on the measures taken at a US university to ensure students studying IT security don’t turn into blackhat hackers.
Course leaders at Ball State University worried the university would be held liable if students inflicted damage on external networks. For Research Focus turn to page 10...
1 2 3 3 3 4 4 4 4 5 5
FEATURES Merger Focus Mathieu Gorge considers security for mergers and acquisitions
Featured this month: erging two security companies needs to be carefully negotiated so good habits are retained and bad practice isn’t inherited.
ID theft levels rise unabated UK Ministry of Defence cracks down on IT security after laptop theft FTC fines child social networking site for privacy violations Marks & Spencer ordered to encrypt Systems administrator jailed for planting logic bomb at work Carphone Warehouse told to comply with data protection Man pleads guilty to hotel keystroke fraud Computer programmer pleas guilty to planting logic bomb. Russia’s spam level output surges HMRC could face compensation bill for lost discs CPS neglects to act on disc of fugitives for one year
6
Research Focus The challenges of teaching IT security
10
Online Banking Rob Rachwald looks at the risks with online banking versus conventional banking
11
User Training The US Federal Trade Commission (FTC) wants to train the general public in malware spotting 12 Data Protection Plugging the holes in data protection − US Government update
14
Internet Outage Internet outages show that in the face of a disaster, some people fare better than others
16
War & Peace in Cyberspace Power and Forte discuss the Société Générale fraud
18
Staff Monitoring Corporate Big Brother is unleashed to monitor Internet misuse
20
REGULARS Students: keeping them onside.
Editorial Calendar
2 20
ISSN 1361-3723/08 © 2008 Elsevier Ltd. All rights reserved This journal and the individual contributions contained in it are protected under copyright by Elsevier Ltd, and the following terms and conditions apply to their use: Photocopying Single photocopies of single articles may be made for personal use as allowed by national copyright laws. Permission of the publisher and payment of a fee is required for all other photocopying, including multiple or systematic copying, copying for advertising or promotional purposes, resale, and all forms of document delivery. Special rates are available for educational institutions that wish to make photocopies for non-profit educational classroom use.