Thursday, July 16, 2009

YouTube - How to hack RFID-enabled Credit Cards for $8 (BBtv)

Hacker demonstrates exactly how easy it is to obtain RFID data.

Click here:

YouTube - How to hack RFID-enabled Credit Cards for $8 (BBtv)

Please comment.

Saturday, July 11, 2009

RFID Chips in New Forms of ID Facilitate Massive Scams, Security Breaches


Nightmare security issues with the new US Passport and e-Passport (Passport Card) call into question the compliance of these documents with even the most basic security issues.

Chips in official IDs raise privacy fears - Yahoo! News

The U.S. Dept. of Homeland Security did much to avoid risk of hackers getting in to the database, by making the number a mere pointer to their own files grounded in DHS computers. But the very function of the RFID chip, broadcasting an ID number, is easily co-opted by the private sector (retailers), and combined with the other information the retailer collects.

No need to obtain the government's data file, just about anyone can buy the data collected by the retailer, including your identity, all of your buying habits and payment options, demographics information, etc. The data then is neatly wrapped up and tied together with your RFID number, then sold, legally, to any number of buyers.

Now you walk through the mall, with your new drivers license, passport or passport card in your wallet, and that Israeli chick at the kiosk with the Dead Sea soap calls you by name - from 30 feet away.

Worse, some creepy guy likes what he sees when you pull up next to him in traffic. He inputs your RFID on his mobile, and gets everything about you, including address. He may even add your license plate number to the database app on his iphone.

Worse again, you can be completely watched on cameras which turn on only when you are within 30 feet, anywhere in the world. You might not be worried about that at home, but what about when you are at a foreign airport, or in a foreign city? How about when you are crossing between two foreign countries?

you can remedy the problem at http://jonathanwarren.wordpress.com/privacy-services/, but should you have to?

It seems that RFID has no redeeming value. Please comment.


Thursday, July 9, 2009

Hospital Billing Scam: Ignoring Health Insurance, Billing Taxpayer Instead

U.S. hospitals fraudulently writing off huge "losses" after inflating prices beyond insurance approval limits.

Health services networks collecting full retail prices from federal government by writing off bad debt of three to six times the billing amounts approved by health insurers.


TYPICAL SCENARIO

You are injured in an auto accident. An ambulance takes you to a hospital, where you are admitted. The hospital collects your insurance data, and provides service.

Your auto insurance, and/or that of the other driver(s), is billed for it's medical coverage, typically in the range of $15,000 to $30,000.

Three months later you get a bill from the hospital for the remainder of your hospital costs, which may be in the hundreds of thousands of dollars. You tell them to bill your health insurance, but the hospital shows you that your health insurance finally declined your claim, 4 months later. They seek a statement from you that you can not pay the bill. They then write it off as bad debt, and assign it to collections.

You file a "medical bankruptcy", just like over half the consumer bankruptcies filed.


WHAT HAPPENED?

Your health insurer is tough for the hospital to deal with. The insurer holds down the price of services by not allowing the hospital and health care providers and suppliers to overcharge. The hospital would rather not deal with this.

Instead, the hospital bills the auto insurance for the limited medical coverage. This insurance does not fight the hospital on the overcharging. The hospital can therefore bill you 3-6 times what your health insurance would pay for the same services.

The hospital ignores the health insurance for (in most states) three months, beyond which time the health insurance will deny the claim by expiration clause.

The hospital then simply writes off the bill, at an average of 3-4 times the amount they would have collected from the insurer. The write-off credits back the hospital about 1/3 of the amount written off, in taxes.

The end result is that the hospital is paid 100% or more of the amount it could have collected from the insurers, and they do not have to invoice or negotiate. The government pays the bill. the debt is simply passed on to the tax payer.

800,000 personal bankruptcies were filed in 2007. Medical bankruptcy accounted for 62% of personal bankruptcies filed in 2007, with a national average of $26,971 included in bankruptcy filings, for each uninsured person, and $17,749 for each insured person.

If half of the filers were insured and half were not, then the total discharged debt is just under $25 Billion for 2007 alone, not including those who did NOT file bankruptcy and did not pay the medical bill.

Industry estimates are that 66-90% of charged-off medical bills are not included in any bankruptcy filings. This would bring the total to between $75 billion and $250 billion in medical receiveables written off by healthcare providers in the US, in 2007 alone.

These writeoffs gave $25 billion to $83.3 billion to the healthcare providers, directly from the federal government- no billing, no negotiating, no oversight, no customer service to have to bother with. The present system might be considered the wost government-paid health care system in the world.

This ripoff bilks everyone, in favor of the institutional health care provider and the insurance company which typically owns it.

Wednesday, July 8, 2009

Cyber Attacks Clobber USA

Sustained attack closes off many sites:

http://news.yahoo.com/s/ap/20090708/ap_on_go_ot/us_us_cyber_attack

I noticed this when for the past few days the FTC website would not load. It is not much better as of this writing. Security professionals please comment.

Tuesday, July 7, 2009

Social Security Numbering System Is Vulnerable to Fraud, Researchers Say - NYTimes.com

The system has been cracked. This of course is nothing new. Those who manufacture false ID's, including false social security cards, have known this for years.

Social Security Numbering System Is Vulnerable to Fraud, Researchers Say - NYTimes.com

Monday, July 6, 2009

pissedconsumer.com, ripoffreport.com, complaintsboard.com Extort, Facilitate Identity Theft, Potential FTC violations

The new, for-profit model of consumer complaint websites have left the old BBB in the dust, generating tremendous profits with which they have successfully combated nearly every legal challenge to their bold-faced facilitation of slander and libel.

Complainsboard.com, ripoffreport.com and pissedconsumer.com (formerly pissedcustomer.com, before they lost their old domain) have all jumped to the top of the Google pile whenever a search is done on the name of a person or company who has been bashed on their servers. Their successful trade in advertising to all who search the web using the name of their mark has been second only to the thinly-veiled blackmail perpetrated by their offer of "Reputation Management" services to those who have suffered form the illegitimate complaints.

Hiding behind the Right to Freedom of Speech, these clowns openly refuse to remove any posting, true or not. Unlike the Better Business Bureau, this new model is closed, and offers no third-party arbitration. Rather, these new 'slander sites' allow you to post your rebuttal. This of course is of no use when the damage is done by the illegitimate initial report, which remains in the initial search results, which show that the mark is perhaps the next Charles Manson or Bernard Madoff.

The so-called "reputation management" services offered by these anonymous providers will charge the mark about $2,000. typically to remove the damage from the site of the "reputation manager". Sound familiar?

This is a protection racket. Pay up, or we 'facilitate' the first amendment rights of anonymous people to slander you. It easily crosses the line to organized conspiracy to extort; blackmail.

The perpetrators have weathered many lawsuits attempting, for the most part, to have the name of the mark removed from the URL generated by the services. These suits have failed due to the strength of the right to free speech.

THE WEAKNESS

It appears that these sites, do not well police their own postings. Many seeking vengeance simply slander individuals as best they can put a sentence together, and post anything they can which they feel will embarrass, humiliate or endanger the mark. Herein lies your ability to combat the scam.

Many complainants have posted personally identifiable information (PII) on their marks, in hopes of doing them damage. This could include combinations of name, address, birth date, telphone number, financial information, social security number, family member names and family member financial information. Slander sites gulp the information in, without regard for the liability of posting it, because they sell the ads viewed by the many who seek the information posted by the conspirators.

But The FTC may not like that. Personally identifiable information about you can't be traded in without your consent. By posting it on ad-supported sites and not allowing you to remove it, they are certainly trading in your PII. That's an FTC violation.

With enough complaints to the FTC, this practice may be quashed. Let's try it, shall we? If you or someone you know has been a victim of some one posting your personally identifiable information on any of these slander sites, post your complaint here: https://www.ftccomplaintassistant.gov/

If you would like help with the wording, I offer my assistance free of charge. It is critical to keep the complaint honest and accurate. Just email me the links to the PII posted, and I'll draft your complaint for you to post if it meets your approval. Again, free of charge.

Saturday, July 4, 2009

ID Theft: Corporate ID Theft, Case 1

If you think it's easy to steal some one's ID, you'll be really surprised how simple it is to steal the identity of a corporation. For this one, I'll bring in some personal experience.

One day, while in Washington, D.C. for an embassy party, I got a call from an FBI agent who said he needed some information on a borrower client of mine, from a few years earlier. The client had caused someone to wire my firm "some money", and he was investigating where it gone from there. I asked him to fax me his subpoena for my record, and to please give me the names by phone so I could begin the investigation.

The names associated did not sound familiar. "How much money was wired to us?" I asked.

"Nine hundred thousand dollars." His reply made no sense. I knew I would remember clients of such size. I told him I was suspicious.

The agent was quite seasoned, and knew enough to confirm the bank name bank account number of my operating account. I provided this, and he realized the account number had not matched. It was however, the a different branch of the same bank, in the same city as my branch. My company name and address had been used. I later double checked, to find I had no record of ever having received any such wire, and had no involvement with the named individuals.

So what happened?

Quite simply, someone had obtained a copy of the address articles of incorporation of my firm from public records, faked a list of officers, opened a bank account in the company name, pretended to be the company in offering like services, and got a client to wire them $900,000. for nothing. My corporate identity had been assumed. Their client (the mark) never saw the benefit of his $900,000. He thought he had been talking to the company, was made who-knows-what promises, wired money to the sammer when he thought he was wiring it to the real company, the rest is history.

Bank Fraud Scam: The "Who's Who"

This US-only, 3-victim scam is designed to allow the perpetrator to spend small amounts of money from one victim's checking account, while convincing him or her that it was done by another victim. The money is paid to a third victim who has to refund it.

Imagine you get a phone call from a vendor telling you your check bounced, and demanding payment. Only you never heard of the vendor. Or perhaps you see some small checks clearing your bank account that you didn't write. You might be a vendor who gets checks from a local company which don't clear, and the vendor seems to be playing dumb to the fact.

All of these could be victims of this scam.


  1. Scammer obtains banking ID numbers of an existing valid account of Victim 1. This is usually done just by seeing the check. Any cashier can easily obtain the data, especially if they are using a mobile phone camera. The information needed is only the account number and routing number at the bottom of the check. This information is of course also available to anyone to whom you write a check.
  2. The scammer obtains the name and address of a valid company, which will become Victim 2. This can be as easy as going to the phone book or the internet. Just about any company will do.
  3. Scammer prints checks (easily done on any computer, no special ink necessary) which shows the routing and bank numbers of Victim 1 at the bottom of the check, and the company name and information of victim 2 at the top left of the check.
  4. Scammer then goes pays for services or goods from just about any retailer (victim 3) using the checks he has created. He signs his own name, or the name of any fake or stolen ID he has. The amounts of each check are usually under $100.
  5. The check confirms, because the numbers read by the cash register at the bottom are valid, and the balance is sufficient. The ID matches perfectly and signatures are spot-on. The name of the account is usually a corporation, and no retailer has a way of verifying if the signer is a signatory to accounts for the corporation.
  6. The check clears the account of Victim 1, who may or may not notice the small amount missing. If Victim 1 catches the bogus check, they notify the bank, which then closes the account and returns the check to the retailer or payee's bank.
  7. Victim 3, The retailer or payee, then gets notice that the check is returned. Naturally they contact the Victim 2, the company who's name was used at the top of the check. The company denies all knowledge. If it is a small company, Victim 1 probably won't believe them, and will pursue them with bad check laws, only to find out they never wrote the check.
  8. Unkown perpetrator gets away with paying bills with other's names, addresses, bank accounts, etc.

How to Protect Yourself

  1. Write checks as seldom as you possibly can.
  2. Don't send checks bearing a signature to vendors you don't know. Use a credit card or online bill pay service instead.
  3. As soon as you hear something that sounds like any of the above, file a police report to protect yourself from further action done in your name.