Most Recoveries by One Officer
Location: CA, USA
Scenario: Working alongside Absolute to track and recover stolen laptops, a California officer recently made his 277th recovery of a Computrace equipped machine.

In a rather dramatic recovery, Absolute identified an adolescent as this laptop’s unauthorized user, and so the officer visited the boy’s house to discuss the matter with his father. The father was not home at the time, although the officer was advised that he would be arriving soon. And he did – although fled upon seeing police. The officer then visited the boy’s school, where the father reappeared – this time to frantically direct his son into the car before fleeing again. Talk about suspicious…

A determined officer was able to track the father down – a parolee, as it turns out – and recover the stolen machine. We expect this officer will reach the 300 recoveries mark soon – great work!

Quickest Recovery
Location: BC, Canada
Scenario: An auto theft left a BC customer without a laptop – but not for long. The computer came online the next day, allowing it to send valuable user and location information to the Absolute Monitoring Center. The Absolute Theft Recovery Team was able to positively identify the machine’s unauthorized user and whereabouts, and passed this information to police. Just 8 days later, police were able to recover the machine and return it to its rightful owner.

Least Believable Story
Location: CA, USA
Scenario: After a laptop was stolen from a school district’s office, Absolute was quick to identify its unauthorized user, who, of little coincidence, was employed by said district. Police followed up with the suspect by phone, only to have her adamantly deny having any laptop in her possession. Absolute’s evidence contradicted these claims however, spurring police to visit the suspect’s residence. Again, she denied any knowledge of the case, but was then presented with the evidence. Suddenly, her story changed.

This time, she actually did have the laptop in her possession – though it was not stolen, of course. A friend had found it, she alleged, in a trashcan. Conveniently, the power cord also happened to be in the same trashcan, making for a great find. Needless to say, police did not buy the story and charges will be laid. The laptop was recovered and returned – marking the 49th Computrace-equipped computer that the involved officer has recovered. 

Please note that indictments and criminal complaints are merely unproven accusations and the accused in all cases are presumed innocent until proven guilty.

Cell phones are used for a lot more than making calls these days.  We listen to music, keep track of our schedules and, of course, surf the internet using mobile browsers.  Naturally, criminals see this as an opportunity to tap into our personal information.

An article published by CBC demonstrated how risky it can be to hand out our cell phone numbers without considering the ramifications.

Cell phone numbers are being used as identification on some websites and, in some circumstances, is almost as good as a credit card. 

Canadians are reporting that they’ve been tricked into signing up for high-priced text message services that cost as much as $5 per text simply by entering the phone number when using games and quizzes.

David Fewer, the director of the Canadian Internet Policy and Public Interest Clinic drove the point home.  “We give out our cellphone numbers willy-nilly. This is information that is not treated with particular sensitivity,” said Fewer.  “I don’t think most cellphone users think that their wireless service provider is going to act as a middle man [in these premium texting schemes],” said Fewer.

In Europe they are already using cell phone numbers to pay for things like parking and restaurant bills, so it’s only a matter of time before we see that in Canada.  Sites such as MobileGivings.ca even allow Canadians to donate to charities using their cell phone numbers, and I can see how that could easily be exploited.

As Marc Choma, a spokesman for the Canadian Wireless Telecommunications Association, put it, “your cell number is really a personal piece of information and your cellphone is more than a phone.  It’s a computer in your hand.”

image: Amazon

It’s almost unbelievable but hackers have found a way to steal personal information through electrical outlets.  It sounds implausible to many but, unfortunately, the threat is actually real.

I read an article about how hackers have found a way to “steal information typed on a computer keyboard using nothing more than the power outlet to which the computer is connected.”

How is that possible?  Typing on a regular keyboard sends an electrical signal through the unshielded cable to the computer which then leaks the information into the ground wire on the computer’s power supply.  All a thief has to do is set up in a nearby location and use a power socket in order to detect and grab the information in the ground leakage.  This is possible up to 15 meters away.

I never would have thought this sort of thing was possible but that’s why hackers are so good at what they do – they find ingenious ways to get other people’s vital information.  If only they used those skills to do something good for the world…like find a solution to this problem.

It seems like it’s getting harder and harder for spam filters to differentiate between true spam and regular emails.  There are times when legitimate emails get flagged while malicious content slips through the cracks.  As such, consumers might need to adopt some habits to ensure that they can spot scams without relying on their filters.

Switched.com created a list of 10 Ways to Spot an E-mail Scam and I thought it would be good to discuss some of their suggestions (click here to read their whole article).  The site also has an article about the top email scams which, although things are always evolving, is definitely worth reading.

The first and most important warning sign is the request for personal information.  If someone is asking for your log-in or bank account number, it’s probably not safe to reply.  I have never had a legitimate business ask me for important information through email so make sure you verify the source of the email before you reply.

Look out for multiple typos, generic greetings (“hello friend”), red-flag phrases (”verify your account” and “you have won the lottery,” etc…), wordless emails, attachments from unfamiliar senders and outdated information. 

You should also be suspicious of surveys and market research that require you to log in to your account to fill out forms or enter a contest.

And if it does look like a legitamite email and there’s a link to log into your account, be safe and type in the url for the website you want to log in to. If it turns out to be a spoof, you at least know that you didn’t click a link that could have been hijacked.

Again, trust your gut instincts.  If something doesn’t feel right, it’s better to investigate than to be duped into sharing personal information. 

image: Flickr/B Rosen

Informed and vigilant consumers have probably gone through a number of steps to protect their personal information by becoming familiar with the common threats.

Phishers try to collect “usernames, passwords and credit card data by posing as a legitimate, trusted party.” Almost everyone can relate to getting an email from a trusted email address (perhaps, an online banking or social networking site) asking users to confirm their login information.

Most security software and browsers will alert users of the fact that a site contains potentially harmful or malicious content, which has prompted these criminals to come up with a new approach – fake antivirus products. We recently wrote about how this manifested on the New York Times website, which is an indication of how common the problem is becoming.

Another tactic being used is the fake “online chat” option promising customer service assistance over the internet. Criminals posing as real customer service representatives have been duping people into divulging personal information by saying that they are using it to confirm the account holder’s identity.

PC World offered some great tips for staying safe in today’s ever-changing online world. Among the suggestions are using strong browser, malware-resistant platforms including Mac OS and Linux, using anti-malware software, and ensuring that your software is up-to-date.

Of course, it’s important to trust your instincts. If something doesn’t feel right, err on the side of caution.

image: Flickr/Creative Commons

Windows users who have been unimpressed by the features (and problems) offered by Vista have been rushing out and buying Windows 7.  The reviews, so far, have been largely favourable but, as is the case with any brand-new version of the software, a large number of vulnerabilities were discovered – 34 to be exact.

In order to address the issues, Microsoft released a record number of patches earlier this month, including the first critical update for the program.

Some of the more serious problems included an SMB (Server Message Block) flaw that allowed attackers to remotely take control over the computer.  That’s pretty serious!

Fortunately, the patches were released before the October 22, 2009 release date for consumers (although, some large businesses have been using Windows 7 since this summer).

If you are concerned or are interested in learning more about the patches, there is a great article on CNet News outlining the vulnerabilities and fixes.  Otherwise, Windows 7 users are advised to visit the Microsoft website to ensure that they have the most recent updates.

image: Best Buy

PC World recently wrote a story about Wi-Fi cable modem routers and how a security hole left thousands of Time Warner customers vulnerable to hackers.  Incredibly, the company isn’t responsible for uncovering the problem.

A customer needed help with his Wi-Fi network and asked a friend for help with the configuration.  His friend, David Chen who writes the Chenosaurus blog, was surprised to discover the issue and wrote: “from within your own network, an intruder can eavesdrop on sensitive data being sent over the Internet and even worse, they can manipulate the DNS address to point trusted sites to malicious servers to perform man-in-the-middle attacks.  Someone skilled enough can possibly even modify and install a new firmware onto the router, which can then automatically scan and infect other routers automatically.”

That’s a very scary thought!  Most subscribers trust the equipment installed by their service providers and would never imagine that a router they have been given could leave them open to attack.  Time Warner has implemented a temporary patch but prior to Chen’s discovery, administrative access to the routers was allowed and attackers were free to run programs against them.

A permanent fix for the SMC 8014 wireless router and cable modem is expected sometime in the near future.

image: SMC.com

Absolute Software co-hosts free webinar on how one K-12 school district
simplified IT asset management and reduced computer loss by 95%

Join Absolute for a FREE webinar on October 27, 2009 featuring the first-hand laptop management and theft deterrence experiences of one of the largest school systems in the U.S., Prince Georges County Public Schools (PGCPS).

Schools with computing programs need to combat computer theft or loss, comply with regulations, and find ways to efficiently and easily track and maintain a large fleet of computers. Learn why PGCPS chose to implement state-of-the-art laptop management technology and outsource key operations to Absolute Software professional services – in order to reduce costs.

When: Tuesday, October 27, 2009; 2:00pm ET/ 11:00 am PT; 60 minutes

What: Learn how PCGPS:

• Increased use of laptops in the classroom, benefiting teachers, students, and the community
• Implemented a paperless, more efficient asset tracking system, allowing IT techs to see the location of over 40,000 laptops, desktops and mobile computers county-wide
• Saved over $47,000 annually on teacher laptop hand-out/take-back tasks, representing a 30% increase in efficiency
• Reduced computer losses by approximately 95% per year, saving an estimated $93,000 in capital expenses

Who: This webinar will feature

• Chantelle Folkes, Network Engineer, Prince George County Public Schools
• Richard Fuhr, Director of Professional Services, Absolute Software

>>Register Now

Twitter has become a great way for friends and family to keep in touch throughout the day.  It’s become so popular that even celebrities provide daily updates so that they can keep track of each other and connect with their fans.

As is the case with many social networking sites, predators have been trying to capitalize on the weaknesses associated with using Twitter.  Whether someone has created an account for the sole purpose of befriending potential identity theft victims or the profile just pumps out spam, not everything on the popular site is as it seems (read about how scammers are abusing Twitter).

Twitter has decided to take action by adding a “report as spam” feature which can be found under the “Actions” section of a profile’s sidebar.

Once a user has been reported, Twitter’s Trust and Safety team investigates the situation and makes decisions regarding what action, if any, should be taken.  Users who click the “report as spam” button will automatically have the profile blocked from following or replying to them.

I think this is a step in the right direction and, hopefully, will help deter spammers and scammers from using Twitter as a way of hurting others.  It’s important since cybercrime on social networking sites is on the rise.

A Blue Cross and Blue Shield Association employee broke protocol by transferring the names, addresses, Social Security numbers and provider identification numbers of about 800,000 doctors to his personal laptop.

Unfortunately, his computer was stolen from his car this past August but, as of yet, there haven’t been any signs of identity theft.

The affected physicians have been informed and, thankfully, no patient information was included in the database.

A representative for the health insurance company was quoted in the Chicago Tribune as saying: “At this point, we have no evidence that the data was misused.  We think this was a random criminal act. Regardless, we take these kinds of breaches extremely seriously and so we are alerting all doctors in the database.”

In an attempt to offset any negative consequences associated with the theft of the laptop, the Blue Cross association is offering crediting monitoring services to the individuals whose Social Security information was exposed.

It goes without saying that this is really a worst-case scenario, since so many could be affected by this breach and the laptop hasn’t been recovered.  This is an unfortunate example of how the mistakes of a single person could after thousands of people. 

In a situation like this, using a program like Computrace would be helpful since sensitive data can be deleted remotely and the Theft Recovery Team will work with local police to try to find the stolen laptop – and the thief who stole it. And once the they have the laptop back, Computrace can be used to help determine if files were accessed post-theft. While it would still be important to be vigilant for signs of identity theft, the risk would be considerably lower.