RSS
 

Archive for the ‘Security’ Category

Email theft

27 Dec

I ran across the article "IRS employee uses Outlook rules to intercept boss's e-mails, convicted of wiretapping" irs employee uses outlook rules to intercept boss's e-mails. Essentially the former IRS worker setup a rule on the server to forward copies of his boss' email to his email so he could monitor the emails to see if anything was said about him. 

 
The question from the article was do you charge him under the Wiretap act for intercepting messages or Stored Communications Act for copying them. Apparently he got hit with an 18 month sentence under the wiretap act. 
 
I wonder how common this is? Clearly the rule implementation is in place for corporate and government owners of email systems to meet all kinds of monitoring and compliance regulations. But I've run across this same situation a couple of times. I have no idea what the motivation  was, but in the situations I've seen, a manager (both cases were managers) sets up or has someone with admin access setup a rule to copy messages sent/received by another manager to his email account.
 
In each case, I ended up disabling (but did not delete) the rule and strongly suggesting to my immediate supervisor that they audit the email and firewall rules as there were signs that the system may have been compromised – it was not really clear what other action I should take and I hadn't actually thought about this in terms of legal/criminal activity (unethical, yes) until I saw this article.
 
Unlike the government action these cases occurred at companies small enough (fewer than a thousand employees) that they didn't even have a formal HR department so there was not a whole lot of formal policies in place for IT systems or anything else although they did have the standard login boilerplate "systems belongs to the company and only to be used for company business e.t.c". 
 
Of course the government case might have ocurred at a small regional/branch office, large enough to warrant its own email server and managed more or less locally, which is why the employee thought he could get away with it so the IT situation there may be very similar to a smaller company.
 
No Comments

Posted in Observations, Security

 

Scam through the mail: Be careful out there

14 May

We read all the time about investment fraud, internet phishing schemes, identity theft and other scams and usually it happens to other people  but occasionally it hits closer to home. 

This is a departure from my usual posts and I am putting it online just so that if anyone searches for any of this information they will realize, hopefully before they get taken, that they are being scammed.  My mother got this letter in the mail and at least she is now listening to her sons and not responding to every pitch that comes into her mailbox so she showed this to me.
I have scanned the letter and check so that you can see the details. You can click on the images to enlarge them but essentially the scam says that she has won $450,000.00 and that enclosed is a check (made out in her name and with her address) for $4990.00 to cover Canadian taxes of $4500.00 which must be wired before payment can be made. So the scenario is as follows:

  • American Family Publishing sweepstakes win.
  • Canadian Taxes must be paid (on an American Publishing Sweepstakes win).
  • The notification is from a (supposedly) U.K. company First Security Corporation PLC (and U.K address).
  • The check to be deposited is from the New York Yankees and a Florida Bank (don’t ask how the Yankees got involved).
  • The Contact Agent is in the U.S (an 866 number).
  • The Wire Transfer (to supposedly pay for Canadian taxes) is going to a U.K destination.

Yeah that all looks amazingly legitimate so far:

Of course, the way the scam works is that once you deposit that $4990.00 check (which is phony and/or stolen) you are now out-of-pocket for your banks bounced check fee even if the bank doesn’t come after you for handling stolen checks.  If you proceeded to withdraw and send $4500.00 via Western Union anywhere then you are out of that money too because the wire transfer of your money is real and can’t be reversed whereas the deposited check can be, and will be reversed by your bank in days or even weeks after the deposit has been made and the check supposedly cleared.  By the way the $4990.00 figure is not accidental, that amount is just under the (usual) $5,000.00 radar where a bank teller generally has to get a Supervisor’s approval for deposit and additional verification must be made,  verification tests that might immediately expose that check as phony or stolen.

So if a Steve Crouch at 1-866-890-005 is sending you money – maybe you should just tear up the check and in the words of the old “Hill Street Blues” TV show: “Be careful out there”.

 
1 Comment

Posted in Observations, Security

 

McAFee antivirus – Oops my bad!

22 Apr

   It’s an old Reagan saying that should be familiar to Corporate IT – “Trust but verify“  (then again with all of the IT downsizing outsourcing and re-alignment these days maybe this is a now a new thought).   Okay, McAfee has egg on the face for the botched update that took out more systems yesterday than any recent virTrust but verifyus attack that I can remember, however the IT departments at those corporate sites that were hit may also have some ‘splainin to do.

   Clearly more and more departments are taking the easy road and either letting their corporate charges go directly to the vendors sites to pull down updates whenever they (or the vendor) feel like it OR if they do install centralized update servers within the corporate network, fail to adequately test those updates before releasing them to the rest of the corporation.
   McAfee has work to do but none of the other big vendors should be resting on their laurels either, IBM, McAfee, Symantec, Microsoft, Adobe or a host of other companies can make a mistake. Even if the update is 100% correct (from the vendors point of view) without testing how does the corporate IT department know that an update won’t take out an important company asset due to an unintentional (and untestable from a vendor viewpoint) conflict?

Trust but verify guys.

 
No Comments

Posted in Just Business, Observations, Security, Technology