If you’re a security pro, then you might think the most likely victims of identity fraud are those with the most poorly protected systems and the least knowledge of computer security. Identity thieves are drawn to the easiest targets, right?

Wrong, according to a study issued today by Experian, a company that does both identity fraud protection services and marketing demographics services. In fact, the most likely victims of identity fraud are those with the most money, the study says.

The study — which was created using Experian’s unlikely combination of identity fraud incidence statistics with basic consumer demographics — indicates that identity thieves are successfully targeting the wealthy and affluent, regardless of the systems and software they use.

According to Experian, consumers in the “Affluent Suburbia” category — the wealthiest of the company’s 12 demographic categories — are 43 percent more likely to fall victim to identity fraud as the average credit applicant. Experian describes Affluent Suburbia as “the wealthiest households in the U.S., living in exclusive suburban neighborhoods and enjoying the best everything has to offer.”

Individuals in the “Upscale America” category are 22 percent more likely to fall prey to identity fraud than the average credit applicant, Experian says. Upscale America is defined as “college-educated couples and families living in metropolitan sprawl, earning upscale incomes that provide them with large homes and very comfortable, active lifestyles.”

The study offers a different perspective on identity fraud than more technical studies, which suggest the most likely victims of identity fraud are those who don’t deploy security software or are ignorant of best practices.

In its study, Experian found the median income of identity fraud victims is 11 percent higher than the average credit applicant. The percentage of victims who own luxury vehicles is 26 percent higher, and the percentage of homeowners is 23 percent higher.

The Experian study suggests that identity thieves and fraudsters could be targeting victims by their neighborhoods, rather than by their computer systems or defenses.

For example, the study found that the percentage of victims found in metropolitan communities and other high-population areas is significantly higher than areas where the population is less than 20,000. In fact, consumers who live in rural areas with a population of 2,500 or less were 60 percent less likely to fall victim to identity fraud than the average consumer.

Attackers may also target users by their hobbies and interests, the study suggests. Consumers who displayed an interest in traditionally affluent avocations were much more likely to fall prey to identity thieves, the study says.

For example, users who displayed an interest in tennis were 85 percent more likely to have been victims of identity fraud than users who didn’t, Experian says. Consumers who were interested in foreign travel were 70 percent more likely to be victims. Interests in cultural arts (52 percent) and skiing (50 percent) also set victims apart from nonvictims.

Experian has not yet posted the study for general viewing on the Web, but the company plans to make it available at a future date, a spokeswoman said.

SOURCE: http://darkreading.com/securityservices/security/privacy/showArticle.jhtml?articleID=222600185

Password cracking of iPhone backups has become a point-and-click exercise thanks to software unveiled Thursday by a computer forensics tools provider.

The Elcomsoft iPhone Password Breaker, which was released for free into beta, recovers passwords for iPhones and iPod Touches by trying thousands of phrases per second. It performs wordlist-based attacks only, but the final version will allow dictionary attacks that can be customized.

Apple’s iTunes application allows users to make iPhone and iPod Touch backups that store a wealth of potentially sensitive information, including call logs, address books, SMS archives, calendars, pictures and voice mail. Brought to you by the same company that offers password crackers for wireless networks, Quicken files and many other applications, the iPhone Password Breaker doesn’t require the use of iTunes.

It makes use of multi-core processors, extended CPU instructions and will run faster on certain types of graphics cards.

After taking a long hiatus, trojan dialers that can rack up thousands of dollars in charges are back by popular demand.

According to researchers at CA Security’s malware analysis lab, a new wave of malicious dialers is hitting users of mobile phones. The trojans are built on the Java 2 Micro Edition programming language and cause infected handsets to send SMS messages to high-cost numbers, at great expense to the victim.

“As soon as the application is loaded, this malicious software starts to send premium text messages,” CA warned on Tuesday. “The messages sent out are in the typical format to invoke premium services and land the mobile user with heavy mobile bills without the user’s knowledge and consent.”

Malware that automatically dials pricey premium numbers was all the rage a decade ago, when dial-up internet services required computers to connect to a phone line. With the growth of broadband connections the frequency of dialers waned.

The explosion of smart phone that can run software made by anyone has given malicious dialers a new lease on life. And as was the case in the days of yore, they mostly tap into porn services.

SOURCE: http://www.theregister.co.uk/2010/01/13/trojan_dialer_comeback/

The plot thickens. According to iDefense Labs, the recent Internet attack that  has so upset Google  affected 33 other US tech and defence firms and is directly related to an Adobe Reader-based attack of last July.

The US flaw-hunting specialist said that the attack was an attempt to steal source code on an industrial scale and was, in many cases, probably successful. If correct, this might explain why Google has by its own normally quite restrained standards gone ballistic to the extent of threatening to quit China.

“Two independent, anonymous iDefense sources in the defense contracting and intelligence consulting community confirmed that both the source IPs and drop server of the attack correspond to a single foreign entity consisting either of agents of the Chinese state or proxies thereof,” said the iDefense press statement, confirming what the world already knows.

It now turns out that Adobe itself was targeted in the latest alleged Chinese attacks, as a statement on its own website explains.

“Adobe became aware on January 2, 2010 of a computer security incident involving a sophisticated, coordinated attack against corporate network systems managed by Adobe and other companies.”

The note goes on to say that in Adobe’s case, the attack was not successful in stealing any data.

More embarrassingly, a flaw in Adobe software has been implicated in the new attacks. iDefense has forensically linked these to last July’s attacks, which involved exploiting zero-day flaws in Adobe Reader 9.1.2 and Adobe Flash Player 9 and 10 to send specially-crafted PDFs.
As well as using the same emailed PDF technique to drop Trojans, the two attacks used the same HomeLinux DynamicDNS provider, pointed to the same virtual private server host owned by US-based Linode, and had IP addresses on the same subnet within a very similar address range.

“Considering this proximity, it is possible that the two attacks are one and the same, and that the organizations targeted in the Silicon Valley attacks have been compromised since July,” says iDefense.

In fact, it is also possible that exploits go back further since the flaws used in last summer’s attack pre-date the known attack by some months.

Whatever the details, that China is targeting the US technology firms, the government and military is nothing new, as a Northrop Grumman report of last October made clear. It now looks as if the latest cycle of attacks could take US firms, and perhaps even the US government itself, beyond breaking point.

SOURCE: http://news.techworld.com/security/3210137/google-hack-hit-33-other-companies/

Hackers have stolen the login credentials for more than 8,300 customers of small New York bank after breaching its security and accessing a server that hosted its online banking system.

The intrusion at Suffolk County National Bank happened over a six-day period that started on November 18, according to a release (PDF) issued Monday. It was discovered on December 24 during an internal security review. In all, credentials 8,378 online accounts were pilfered, a number that represents less than 10 percent of SCNB’s total

“Although the intrusion was limited in duration and scope, SCNB immediately isolated and rebuilt the compromised server and took other measures to ensure the security of data on the server,” the bank, located about an hour east of New York City, stated. “To date, SCNB has found no evidence of any unauthorized access to online banking accounts, nor received any reports of unusual activity or reports of financial loss to its customers.”

The breach represents a variation on more traditional types of attacks on online banking. Cyber crooks typically target customers by surreptitiously planting malware on their computers that log their user name and password. The FBI estimates that online banking losses to small and medium-sized businesses alone have reached $100m.

By contrast, accessing a server that storing online credentials for tens of thousands of customers isn’t the kind of intrusion one hears about every day. Best security practices are clear that passwords should never be stored on servers unless they are encrypted.

The bank began notifying affected customers on Monday evening using first-class mail. The two-week delay “was necessary for making a lot of arrangements so we could come out with an absolutely conclusive statement about what happened,” said Douglas Ian Shaw, the bank’s corporate secretary. Retail customers whose details were lifted will be given two years worth of credit monitoring services at SCNB’s expense.

In the fourth quarter, the bank budgeted $351,000, or about 4 cents per share, to account for expenses related to the intrusion. Additional expenses may be incurred.