Declassified documents obtained (but not published) by WIRED Magazine indicate that the FBI has been hard at work expanding a database of Americans’ personal and financial information. According to WIRED, the FBI’s National Security Branch Analysis Center (NSAC) has compiled a database of “more than 1.5 billion government and private-sector records” and has been mining this database for use in criminal investigations. The data, which apparently has been obtained from a number of private companies,… More
Monthly Archives: September 2009
Massachusetts Supreme Judicial Court Allows Use of Secret GPS To Track an Individual’s Movements, But Requires Police To Obtain Warrant
Earlier this year, the Wisconsin and New York state courts split on whether police may install a covert GPS tracking device on a suspect’s car without a warrant. On September 17, the Massachusetts Supreme Judicial Court addressed the GPS tracking device issue, ruling that Article 14 of the Massachusetts Declaration of Rights requires a warrant before such a device may be installed and used.
The defendant,… More
Massachusetts Holds Public Hearing on Information Security Regulations — Regulators Contemplating Additional Revisions in Final Rulemaking
This morning, the Massachusetts Office of Consumer Affairs and Business Regulations (OCABR) held a public hearing in connection with its promulgation of revisions to the Commonwealth’s information privacy regulations, 201 CMR 17.00. The standing-room-only crowd endured a modest, unventilated conference room in the Transportation Building to make comments on the stringent regulations. OCABR Undersecretary Barbara Anthony led the meeting with OCABR Deputy General Counsel Jason Egan and Assistant Attorney General Diane Lawton. … More
In a press release issued last week, Massachusetts Attorney General Martha Coakley announced the opening of a "new, state-of-the-art Computer Forensics Lab in Boston" as part of the Attorney General’s Cyber Crime Initiative. Under the Initiative, the Attorney General’s office received funding from the U.S. Department of Justive to "develop a sustainable cyber crime information sharing program in Massachusetts" for the Massachusetts law inforcement community.… More
Incident of the Week: Security Officer Indicted On Obstruction of Justice Charges For Shredding Evidence
Thomas Raffanello, global director of security for Stanford Financial Group (SFG), now faces charges of obstruction of justice based on claims that he directed employees at SFG’s Fort Lauderdale office to shred evidence of fraud.
In February, the Securities and Exchange Commission (SEC) filed a complaint against SFG (.pdf) in Texas alleging that the double-digit returns it promised potential customers was part of a fraudulent scheme. … More
The Federal Trade Commission will host a series of public "roundtable discussions" to explore the privacy challenges posed by "technology and business practices that collect and use consumer data," including social networking, cloud computing, online behavioral advertising, mobile marketing, and the collection and use of information by retailers, data brokers, third-party applications, and other diverse businesses. The FTC’s expressed goal of the meetings is to determine how best to protect consumer privacy while supporting beneficial uses.… More
In August, Albert Gonzalez was indicted for the theft of credit and debit card information from Hartland Payment Systems, the largest known breach of its kind, while awaiting trial for a similar attack against TJX, the second largest known breach of its kind. Last week, Gonzalez pleaded guilty to nineteen charges relating to his role in the TJX breach (see Gonzalez’s 2008 indictment (.pdf) for list of the various charges).… More
Incident of the Week: Indictments Issue Against The Individuals Behind RNS, Pirate Site for “Pre-Release” Music
Yesterday, a federal indictment issued charging four individuals for their role in the "Rabid Neurosis" or RNS, an alleged "Internet music piracy group" that distributed copies of music prior to their commercial release. According to the seven-page indictment (.pdf) filed in the federal court for the Eastern District of Virginia, between 1999 and 2007, RNS obtained and distributed a number of notable albums before they were released,… More
It just became a little cheaper and a little easier to access public court filings through PACER (the Public Access to Court Electronic Records), thanks to RECAP, an open-source Firefox plug-in designed to create a free secondary archive of PACER materials.
Court filings contained in PACER are public documents, and are, in theory, open to the public. But, in the past, the fact that these materials were either maintained in individual courthouses or,… More
Incident of the Week: NCUA Issues Fraud Alert Based On Fake NCUA Fraud Alert (Which Turns Out To Be Part of Security Consultant’s Penetration Testing)
The National Credit Union Administration (NCUA) issued an official NCUA Fraud Alert on August 25, 2009 reporting that someone was sending around a fake NCUA Fraud Alert (.pdf) with CDs purporting to contain security software updates, but instead contained malware. The NCUA warned “Should you receive this package or a similar package DO NOT run the CDs.” The NCUA, which regulates federally insured credit unions,… More
Still Wondering What Changes Massachusetts Made to the State’s Information Security Regulations? Here’s a Redline of the Revisions to 201 CMR 17.00.
As we reported on August 17th, the Massachusetts Office of Consumer Affairs and Business Regulation (OCABR) has promulgated a revised set of information security regulations (201 CMR 17.00 et seq.) and will hold a meeting for public comment on September 22, 2009. For those who are still wondering what revisions were made, here is a redline comparison of the amendments (.pdf). More