Criminal hacker gets 20. Books, movies and Hollywood starlet next

• Tweet

April 9th, 2010 - Posted by Robert Siciliano

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger

Albert Gonzalez and his gang of criminal hackers were responsible for data breaches in retailers and payment processors, with some estimates saying they breached over 230 million records combined. Gonzalez, considered a proficient criminal hacker, provided "dumps," a term which refers to stolen credit card data, to "carders." "Carders" are the people who buy, sell, and trade stolen credit card data online.

“Gonzalez and his hacking buddies hacked into computer systems and stole credit card information from TJX, Office Max, DSW and Dave and Buster's, among other online retail outlets, in one of the largest — if not the largest — cybercrime operations targeting that sort of data thus far. They used some of the stolen numbers to remove cash from ATM machines and sold many of the other numbers to other criminals, including those in Eastern Europe.”

Gonzalez provided "sniffer" software used to intercept the credit and debit card numbers for the Russian hackers. Sniffer software or "malware" malicious software, acts like a virus attaching itself to a network and often spreading. The software allows the criminal hacker backdoor access to all the data in the server and provides remote control functionality.

Wired reports "Gonzalez earned $75,000 a year working undercover for the U.S. Secret Service, informing on bank card thieves before he was arrested in 2008 for running his own multimillion-dollar card-hacking operation."

It was reported that Gonzalez buried a million dollars in the backyard of his parents' Miami home. At one point he cracked and drew a map for investigators to find the money. WOW!

How many people in the course of history have actually dug a hole and buried a million bucks in it? I can’t wait to see the movie. I’d be happy playing a part in it. I’ll be the shovel.

Protect your identity:

1. If you think you're a victim of identity theft, find out how to get a credit freeze. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.
2. Invest in anti-virus and keep it auto-updated.
3. With your iPhone get my book as an App or go to my website and get my FREE ebook on how to protect yourself from the bad guy.
4. Invest in identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano is CEO of IDTheftSecurity.com, an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Intelius to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

Using Facebook to steal company data

• Tweet

April 7th, 2010 - Posted by Robert Siciliano

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger

There is a reason why computer users are called "users." Like crack addicts who are drug users, more is never enough. And when under the influence, people do stupid things. I find myself scanning the Dell catalog like it's the latest (or any) Victoria Secrets catalog. I'm amazed at how many people I know that are online all day long and digitally stoned. The bad guy knows you are obsessed and uses this against you. He sees that you are comfortably numb here. He understands that in the virtual world you're delirious and more apt to respond to his message then log your credentials.

Steve Stasiukonis is vice president and founder of Secure Network Technologies Inc. and publishes to Dark Reading. He tested his client's network using a bogus identity, and joined the company's Facebook site and started mining the names and email addresses of individuals who identified themselves as employees.

As he collected a database full of names for a penetration test in the phish, he secured a domain name similar to that of his client. This domain name took on the appearance of a human resources or benefits portal. When he emailed the employees as "human resources," they were redirected to a Web page, such as https://www.xyzcompany-benefits.com.

He has been able to accumulate significant numbers of emails for phishing targets from Facebook and other social networking sites. When he launched his Facebook spear-phishing attack, he usually got an average response rate of 45 to 50 percent. So nearly half of the employees responded to an email with the logins and passwords they use on their employers' network.

Steve says:

– Officially sponsor the social networking site and assign an administrator who is responsible for permitting employees to join. This will help control somebody infiltrating the site for devious purposes.

– Establish a social networking policy. If your employees are participating in social networking sites (company sponsored or not) make sure company policies dictate what is and is not permissible. For example, divulging your corporate email account on social networking sites should not be permitted.

– Last but not least, if employees feel the need to gather and converse about their day-to-day work, personal lives, and hobbies, consider a corporate intranet. Maybe someday social networking vendors will launch a product that will provide the same features and benefits, but with the security tools needed to keep employees and company secrets safe. But in the meantime, it's up to you.

Sober up and protect your identity.

Protect your identity:

1. If you think you're a victim of identity theft, find out how to get a credit freeze. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.
2. Invest in anti-virus and keep it auto-updated.
3. With your iPhone get my book as an App or go to my website and get my FREE ebook on how to protect yourself from the bad guy.
4. Invest in identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano is CEO of IDTheftSecurity.com, an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Intelius to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

Top 8 worst Twitter social media hacks

• Tweet

February 3rd, 2010 - Posted by Robert Siciliano

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger.

In the past year, the use of Twitter has increased dramatically. And so has the criminal hacker's attention to the opportunity to use it for illicit gain. Here are the top-eight worst types of Twitter social media hacks:

1. Jacked Twitter Accounts: Numerous Twitter (and Facebook) accounts, including those belonging to President Obama, Britney Spears, Fox News and others, were taken over and used to ridicule, harass, or commit fraud.
2. Social Media Identity Theft: Hundreds of impostor accounts are set up every day. Sarah Palin, St Louis Cardinals Coach Tony LaRussa, Kanye West, Huffington Post and many others have had Twitter accounts opened in their names or names similar to theirs.
3. Twitter Worms: Worms infiltrate Twitter sending requests to click on links that, in turn, infect user accounts and begin to multiply the message. Followers of infected accounts get the requests, and then their followers get them, causing more grief than anything else.
4. Twitter DOS Attack: Twitter itself was victimized by a denial-of-service attack that left the site dark for more than three hours. Reports indicated that a politically motivated attack in Russia seemed to be the cause.
5. Twitter used as a Botnet Controller: A Twitter account produced links that led to commands to download code to run a botnet.
6. Twitter Phishing: Cybercriminals use tweets to draw users to spoofed sites and trick them into entering account or financial information. It's a crime that's on the rise.
7. Twitter Porn: Please, "Misty Buttons" stop sending me another invite to chat or see your pics.
8. Twitter Spam: The use of short URLs has made Twitter's 140-character limit the perfect launch pad for spam leading to diet pills, Viagra and whatever else you don't need.

With Twitter now a part of the daily routines of millions of people, who login from home or work, it will undoubtedly play a big role in the criminal hacking community in 2010.

Protect your identity:

1. If you're a victim of identity theft, get a credit freeze. Click on the preceding link and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief, but it also makes it impossible for you to open any new accounts yourself.
2. Invest in social media protection at Knowem.com.
3. Go to my website and get my FREE ebook on how to protect yourself from the bad guy.
4. Invest in  identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk.

Robert Siciliano is CEO of IDTheftSecurity.com, an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Intelius to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

Robert Siciliano, identity theft speaker, discussing social media identity theft on CNN.

10 business identity theft risks in 2010

• Tweet

January 20th, 2010 - Posted by Robert Siciliano

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger

Advancements in technology over the past decade have created a tremendous amount of opportunity for the savvy businessperson. Whether it's mobility, streamlined processes, marketing, or the ability to sell to a global market, there's never been a better time to be in business.

Like anything good, there is always a negative. While there are certainly many negatives in technology, like the headaches when something doesn't work correctly and the constant learning curve we must all endure, the biggest negative is security issues.

So for the SMB (that's you, the savvy businessperson), here are ten considerations for the new decade:

Back up your back up. Numerous reports of cyber-war, thousands of new viruses weekly, and even Mother Nature reeking havoc on the Internet, have caused concern among industry professionals. Doing business in the cloud is fantastic; however, make sure you have redundant local backups of your data.

Protect against all Internet security threats, not just viruses. The sheer volume of attacks and new viruses created will keep the antivirus vendors busy. But there is no way they can keep up the pace 100% of the time. There are numerous technologies that will immunize your PC and make any virus or spyware impotent, and any data typed in your browser useless to a thief.

Social media identity theft is the act of creating a blog or social media site that models your day to day operations. At any time, someone can register domains or social media sites with your brand as the face. They then sell products that they never ship and/or do things to damage your brand. Scoop up your social media identities with Knowem.com.

Social network nitwits. One of the easiest ways into your companies' networks is via social media. The explosion of "I just made a tuna" communications has brought out the dumb in many people. The simple act of setting up a group on Facebook and getting your employees to join can open up a treasure trove of data that can facilitate social engineering attacks. Create policies and procedures that involve appropriate use.

Social engineering, the ruse of a confidence man, is back in full force. It never really went away, but with the amount of security in place, sometimes the path of least resistance is simply asking your cleaning crew for the keys to the building. By gaining the trust of employees over the phone, via email or in person, a conman can get almost anything he needs in order to get whatever he wants. The best defense is effective policies coupled with ongoing awareness training.

Insider identity theft can ruin your business. Most companies have done their due-diligence to keep the bad guy from hacking from the outside. But many organizations have neglected the risks associated with employees gone bad and the internal damage that can be done. Numerous technologies monitor and control access to sensitive information. But preventing bad employees from doing bad things starts with not hiring bad people.

Phishing scams still work. Despite consumer and employee awareness, a carefully crafted and well designed email that looks like it's coming from another employee is probably the most effective spear phish. Going after the CEO or high level executive, or "whaling," can often be even more successful. The bigger they are, the harder they fall, as they say. From my experience, it's often the smartest ones in the room that lack all common sense. Test your employees and see what they will fall for. Then test them again.

Tighten up employee remote access. Allowing Suzy Admin to access the company's VPN from a home PC that Suzy's son Steve uses to play games on servers hosted in North Korea will end up bad. Malware on a home computer can compromise user names and passwords, resulting in spyware on the network. Set up Suzy with her own laptop that's fully locked down and prevents Steve from doing anything fun.

Peer to Peer (P2P) file sharing is a fantastic way to leak company and client data to the world. Obama's helicopter plans, security details and notes on congress members being deposed were all leaked on government controlled computers via P2P. Setting admin privileges and installing numerous technologies that will prevent P2P is essential.

Identity theft will get worse before it gets better. And whether it's your identity, your family's or your employee's identity that is stolen, it can be a huge time suck and a costly event. The best defense involves a three legged stool. First, awareness training of all the scams that lure people in, and how to appropriately respond to numerous communications. Second involves a little time and investment in a "credit freeze" or "security freeze." Third is an annual investment in identity theft protection. In today's cybercrime climate, and with the recession making people desperate to make money any way they can, NOT investing in identity theft protection is, in my opinion, irresponsible. The worst thing you can do is nothing.

Robert Siciliano, identity theft speaker, discusses identity theft on Fox News.

Robert Siciliano is CEO of IDTheftSecurity.com, an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Intelius to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

Google gets hacked

• Tweet

January 18th, 2010 - Posted by Robert Siciliano

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger

Last week, Google disclosed that it had been breached by Chinese hackers, who were apparently targeting Chinese dissidents:

"The cyber-assault came to light on Tuesday when Google disclosed to the public that the Gmail Web service was targeted in a highly-organized attack in late December. Google said that the intrusion attempt originated from China and was executed with the goal of obtaining information about political dissidents, but the company declined to speculate about the identity of the perpetrator."

McAfee found evidence that the attack exploited a vulnerability in Internet Explorer. Google Enterprise president Dave Girouard blogged to inform Google App clients their data was safe: "This incident was particularly notable for its high degree of sophistication. This attack may understandably raise some questions." Girouad stated, "We believe our customer cloud-based data remains secure."

The most successful techniques of Chinese hackers involve phishing and social engineering. These hackers determine their targets, then send a "spear phish," or targeted email, to a specific employee, in which they pose as a coworker or a vendor. Once the target clicks a link, a remote control or malicious software is automatically downloaded. On a broader scale, hackers may send a blast to everyone in the company and ultimately hook a few employees, giving them access to company accounts.

The recent Google attack indicates that criminal hackers with financial incentives aren't necessarily the only ones attempting to penetrate your networks. There is a strong possibility that hacking is being sponsored by foreign governments with a much bigger agenda.

All the more reason to be aware and alert in regards to your security.

1. Never click on links in the body of an email. NEVER!
2. Always be suspect of any external or internal communications. You could be a target of a phisher.
3. Before divulging a user name and password in response to an email, pick up the phone to verify the legitimacy of the request.
4. Make sure your PC's critical security patches are updated fully and automatically.
5. Antivirus software must be run automatically and kept fully up to date.
6. It's not enough to just run antivirus software. Run a program that also protects against keyloggers.
7. Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.
8. Invest in identity theft protection. Not all forms of identity theft can be prevented, but an identity theft protection service can dramatically reduce your risk.

Robert Siciliano is CEO of IDTheftSecurity.com, an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Intelius to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

Impostor poses as Secret Service agent and police officer

• Tweet

January 11th, 2010 - Posted by Robert Siciliano

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger

At a friend's 40th birthday party, we wound up discussing my Craigslist ATM, and that led to a conversation about how easily people can be conned. One friend's new boyfriend began telling us how frequently he is able to con people in order to get into bars and clubs. "I never wait in lines," he claimed, "and I always get VIP treatment." I hate lines, too, but I have a hard time lying to get what I want.

He says he finds the phone number of the bar or club and calls ahead of time, claiming to be the manager of a Boston Celtics player and explaining that he'll be coming to the bar with a few people and that his player will arrive later. He gets the name of the club manager and someone from security. That night, he goes straight to the front of the line and drops the manager or bouncer's name and acts as if he's entitled to enter. He says his success rate is 100%, and I believe him.

When a  couple can crash a formal event at the White House despite Secret Service presence, then almost anything is possible. People successfully pose as health inspectors, police officers, and even Secret Service agents. As I demonstrated on The Montel Williams Show, I once posed as a "water inspector," gaining access to people's homes by saying I needed to "check the colorization of their water." Any kind of fake badge and uniform can do wonders.

One recent example is a Massachusetts man who has been accused of posing as a Secret Service agent in order to enter the U.S. Department of Health and Human Services and pleaded guilty to disorderly conduct, trespassing, and impersonating a public official after attempting to enter a U2 concert without a ticket by impersonating a police officer:

"Authorities say he flashed what appeared to be a gold Massachusetts State Police badge and entered Gillette Stadium in Foxborough, Mass., on Sept. 21. They say he didn't have a ticket to the concert.

He repeatedly asked to see the fire chief and where the ambulances were parked. When he refused to identify himself, stadium security called police, who then arrested him."

A criminal can easily impersonate you online or in person to commit financial identity theft as it relates to new account fraud and account takeover, or to commit social media identity theft. This is why a credit freeze and an identity theft protection service are essential. Because identity theft will flourish until we are properly identified and systems are in place that point towards effective authentication and identification which leads to accountability.

Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

And invest in identity theft protection. Not all forms of identity theft protection can be prevented, but an identity theft protection service can dramatically reduce your risk.

Robert Siciliano, identity theft speaker, discusses imposters and home invasions on The Montel Williams Show.

Robert Siciliano is CEO of IDTheftSecurity.com, an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Intelius to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

I wasted four hours with a criminal hacker

• Tweet

January 6th, 2010 - Posted by Robert Siciliano

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger

Lately I've been coming across "advertisements" on forums, posted by criminal hackers looking to sell our stolen information. They are "carders," selling "dumps" and "fullz." Well, I decided to make contact with one of them to see what the deal is. It turns out the one I connected with was less than forthcoming, but was very persistent and more than likely has and will continue to scam people. Here is an example of a post advertising illegal services.

The hacker I contacted immediately returned my email. I told him I was a journalist and wanted to do a story on him. I couldn't have been more upfront with my intentions. I even provided him with a link to my website, but that didn't seem to matter. He just wanted my money. First he wanted me to open up an instant message and connect with him via his Yahoo email. That way we could chat. But I wasn't about to let him in via IM, because there are known hacks that can allow a bad guy into your PC via an IM service. So instead, I set up a private chat at tinychat.com.

What follows is an abridged version of our conversation. (The full version is here.) I am robertsicili, and the scammer is dskimmed2009 (how appropriate).

[11:50] robertsicili: who is here?
[11:51] dskimmed2009: yes its me man
[11:52] robertsicili: nice meeting u
[11:52] robertsicili: where are you from
[11:52] dskimmed2009: I Have told you already man
[11:52] dskimmed2009: or have u forgotten that man
[11:53] robertsicili: you havent told me
[11:53] dskimmed2009: oh okay man

He avoided the question.

[11:55] robertsicili: why did you agree to speak to me?
[11:55] dskimmed2009: what do u mean ?
[11:56] robertsicili: well, your business isnt a normal one and usually guys like you try to stay 100percent under the radar
[11:56] dskimmed2009: ahahaha
[11:56] dskimmed2009: very good man
[11:56] dskimmed2009: so u too which country are u from ?
[11:57] robertsicili: US
[11:57] dskimmed2009: VERY GOOD

"VERY GOOD" in all caps tells me right away he thinks I'm an idiot.

[11:57] dskimmed2009: I'm 27 years of age and u?
[11:57] robertsicili: im 41
[11:58] dskimmed2009: wow…….then am small boy to u right
[11:58] robertsicili: youll be 40 before you know it

More small talk, getting used to each other.

[11:59] robertsicili: what country? your english is fine
[11:59] dskimmed2009: CVV,FULZ,DUMPS,BANKLOGINS,BANK TRANSFER,WU TRANSFERS,SKIMMING,ETC

And it's down to business.

[12:00] dskimmed2009: What do you need to buy now man?
[12:00] robertsicili: all business, i get it.
[12:00] robertsicili: i want to tell your story. you are very interesting.
[12:01] dskimmed2009: yes am interesting man ok
[12:01] dskimmed2009: dont be serious let finish the deal at least today now ok
[12:01] robertsicili: i write for numerous US papers and find what you do facinating. Id like to understand your process.

This seemed to have gone right over his head because he never acknowledged it.

[12:06] robertsicili: so its not a problem for you to be public? how do you keep from being traced?
[12:06] dskimmed2009: i have many securities upon me so u dont need to be worried about that at all man ok
[12:07] dskimmed2009: becoz i do genue and valid business here with many and more costumers man
[12:07] dskimmed2009: so no one will traced upon me ok
[12:07] robertsicili: not worried, just curious, youre very smart
[12:07] dskimmed2009: why are u saying that am smart
[12:08] robertsicili: because you are able to be public, but still anonomous
[12:08] dskimmed2009: of course man becoz if i were to be bad i will never be in public annoucenment forums
[12:09] robertsicili: what is your "valid business"
[12:10] dskimmed2009: My valid business is to just do long term business with the other costumers man

He begins to tell me how honest he is with his customers.

[12:10] dskimmed2009: always i do give them what they will paid me for ok
[12:10] dskimmed2009: i dont dissapoint them as some ppl's are doing to the other costumers
[12:10] robertsicili: so you are an hoinest business man who doesnt stiff his customers.
[12:11] dskimmed2009: i never stiff my costumers ok
[12:11] robertsicili: i see you take pride in that. and you should.
[12:11] dskimmed2009: am not interesting to do that to my costumers to loose my market man
[12:11] dskimmed2009: i always want to do long term business with my costumers
[12:12] robertsicili: there must be a lot of dishonest people in your business who stiff people
[12:12] robertsicili: how long have you been doing it?
[12:12] dskimmed2009: of course and they are those who used to spoiled most of the hackers business man
[12:13] robertsicili: so you are a "hacker", do you get the data directly?
[12:13] dskimmed2009: i have been in this business for very good 17 years of age man

He loosens up a little and begins to give me history and a bit about his process.

[12:14] dskimmed2009: i use to go to Ho Minh Chin…Vietnam to hack softwares and come back to russian again man
[12:15] dskimmed2009: i have 3 types of softwares i use for my work man
[12:15] robertsicili: what are they called?
[12:15] dskimmed2009: One if for use to skimmed dumps
[12:15] dskimmed2009: software to skimmed dumps called Skimmer
[12:16] dskimmed2009: i have one too hacking software it used to hack credit card numbers and bank logins man
[12:16] dskimmed2009: i have western union bug software version 2010 with an activation code
[12:17] dskimmed2009: used to do online western union wireing and also hacking an mtcn numbers out from fullz man
[12:17] dskimmed2009: i have all types of skimming
[12:18] robertsicili: "hacking software" so on other peoples computers?
[12:18] dskimmed2009: OH YES

He's all happy now.

[12:22] robertsicili: are you russian?
[12:23] dskimmed2009: am not a russian man
[12:23] dskimmed2009: i have been there for good 8 years just to study how to hack very experiencely and perfect way man
[12:26] robertsicili: in the US we are hacked by many countries. The chinese are great hackers, Romanians too.
[12:27] robertsicili: I have heard of vietnamese hackers too but not as often.Ukraine have many good hackers
[12:27] dskimmed2009: oh yes man
[12:27] dskimmed2009: RUSSIAN,VIETNAM,THIALAND,ROMANIA,UKRAINE,NIGERIA ,GHANA
[12:28] robertsicili: Yes. All hacking Americans or all over the world?
[12:28] dskimmed2009: All those countries i just mention they contain alot of fake and good hackers
[12:29] dskimmed2009: they hack EUROPE,UK,US,CANADA,ASIA,WESTERN PART OF AFRICA

We discuss family!

[12:29] robertsicili: do you have kids?
[12:29] dskimmed2009: they hacked all over the world man
[12:29] robertsicili: ok
[12:29] dskimmed2009: i have 2 kids and my personal wife

Back to business.

[12:35] robertsicili: how do you get paid?
[12:35] dskimmed2009: they are sooo many ways of means to get money easy but they dont like it on that way
[12:36] dskimmed2009: Through Western Union,Money Gramm,Liberty Resrve and Web Money
[12:38] dskimmed2009: u can also do western union online transaction money transfer with fullz
[12:39] robertsicili: define fullz
[12:39] dskimmed2009: fullz contain , SSN : SOCIAL SECURITY NUMBERDOB : DATE OF BIRTHDL : DRIVING LINCENSEMMN : MOTHER MAIDEN NAME
[12:40] robertsicili: I now understad fullz, but how do I turn that data into money?
[12:40] dskimmed2009: i will teach u if u buy either the fullz or the software ok
[12:40] dskimmed2009: u will just process and operate the software thats all
[12:41] robertsicili: how much for the software?
[12:41] dskimmed2009: 700$
[12:41] robertsicili: damn!~
[12:42] dskimmed2009: Don't make noise
[12:42] dskimmed2009: i can reduce the price for u if u are ready at any time ok
[12:42] dskimmed2009: am not difficult hacker ok\

Such a great guy and all around good business man. Now I want more details. I want raw data, I want proof.

[12:48] robertsicili: when you get a chance send me samples of what I can get with the software. CVV2?
[12:49] dskimmed2009: all my software are containing security password and codes so i cant just give out like that man
[12:49] dskimmed2009: unless u have make payment for it
[12:49] dskimmed2009: b4 i can give u man

He is refusing to send me samples of data he hacked. I'm beginning to think he has nothing.

[12:50] robertsicili: if im going to make an investment in your softwareI need to understand what it does.
[12:51] dskimmed2009: it will hack the amount on the fullz as mtcn numbers for u to get out with the rest of the infomations man
[12:51] robertsicili: what is mtcn
[12:52] dskimmed2009: Money Transfered Control Number

But he never tells me what it does or how it works. I spend the next hour trying to pull that from him.

[12:54] robertsicili: you sell logins, how do you get them?
[12:55] dskimmed2009: bank logins ?
[12:55] robertsicili: is that what you sell?
[12:55] dskimmed2009: i have software to hack that from bank personal and company account's
[12:55] dskimmed2009: yes i sell bank logins too man
[12:55] dskimmed2009: CVV,FULLZ,DUMPS,LOGINS,TRANSFERS
[12:56] dskimmed2009: I Do bank transfer,western union transfer and paypal verified account transfer toooo
[13:12] robertsicili: How do you get login data?
[13:14] dskimmed2009: i hack from online banking with software
[13:14] dskimmed2009: i have boa,rbc,wamu,wachovia
[13:14] dskimmed2009: icici,hsbc,abbey
[13:37] dskimmed2009: u need banking software for bank login date?\
[13:38] robertsicili: if im to start a business of hacking data I want to know what to buy from you.
[13:38] dskimmed2009: yes man
[13:38] dskimmed2009: please give me ur western union infomations now ok
[13:38] dskimmed2009: with ur phone number
[13:39] robertsicili: and what will you do with my western union info?
[13:39] dskimmed2009: i want to send some money for u to cash it out and send it to me on my infos in ghana man ok

Now he wants my Western Union account data so he can send me money, so I can send his partner money in Ghana. He's beginning to try an "affinity" scam on me.

[13:39] dskimmed2009: one of my business patner man
[13:39] dskimmed2009: he is online now am talking with him
[13:40] dskimmed2009: so i want to give him us infos to send the money
[13:40] dskimmed2009: through money gramm
[13:40] dskimmed2009: becoz right now all the banks is close
[13:40] dskimmed2009: here in ghana now
[13:41] robertsicili: why do you want to send me cash?
[13:41] dskimmed2009: i want him to send the money to us country so that u cash it out send it to me here in ghana now man ok
[13:41] dskimmed2009: becoz right now all banks is close in ghana now ok
[13:44] robertsicili: OK so he sends me money and i send it back to you because the banks are closed?
[13:44] dskimmed2009: oh yes
[13:44] dskimmed2009: that is it my brother
[13:45] robertsicili: In the US we call that an "advanced fee" scam. At least thats what someone told me.
[13:46] dskimmed2009: okay then stop ok
[13:46] dskimmed2009: don't do it again ok
[13:46] dskimmed2009: we continue our business now

"Don't do it again," he tells me. Hilarious.

[13:47] robertsicili: I want to buy your software that hacks online banks. Tell me what it does and how much money it will cost me.
[13:49] dskimmed2009: it cost 1300$ for online banking software to hack bank logins both personal and company account
[13:51] robertsicili: tell me how it works, I want to undersyand the technology. Is it sql-injection, spyware? Password hacks, Phishing?
[13:52] dskimmed2009: 2 COMERSUS SOFTWARE WITHOUT BANK LOG IN AND BANK CREDIT CARD CODE ==========1000$
[13:52] dskimmed2009: 3 NEW WESTERN UNION HACKING BUG FOR WORLD WIDE TRANSFER ==========700$4 NEW PAYPAL LOG IN HACKWARE FOR HACKING FRESH PAYPAL ==========250$
[13:53] dskimmed2009: 7 NEW CREDIT CARD VALIDATOR FOR VALIDATING ANY FULL CC INFO ==========120$
[13:53] dskimmed2009: WESTERN UNION ONLINE SOFTWARE(WESTERN UNION BUG)VERSION 2009/2010PRICE:700$

I begin to get confused as he describes his process, because it makes no sense.

[14:22] robertsicili: explain to me me how it brings the infos and what the software hacks
[14:22] dskimmed2009: it will hack the bank u will choose on the list of the software processor
[14:23] dskimmed2009: then u will wait for 30 minutes for that bank u choose it's infomations
[14:23] dskimmed2009: every infomations that will appear within that 30 minutes if valid infomations
[14:25] dskimmed2009: It's not difficult to understand but if u understand i will be very happy man ok
[14:25] robertsicili: so the software is hacking the banks processor and getting consumer logins?
[14:28] dskimmed2009: it's like bank transfer
[14:36] robertsicili: explain how th bank transfer works?
[14:36] dskimmed2009: a'm worry about how u dont understand man
[14:36] dskimmed2009: infact its pains me

Too funny: "infact its pains me"

[14:36] robertsicili: Im skilled in software but want to understand how it works. is it a sql injection?
[14:38] robertsicili: if I am to spend thousands of dollars I needd to know how the tech nology works. you are selling hacking softeware but wont tell me how it works
[14:38] dskimmed2009: it will bring that bank u choose all its infomations will appear on it within that 30 minutes time man

None of this makes sense.

[14:40] dskimmed2009: u see someone's bank account
[14:40] dskimmed2009: he is from usa
[14:40] dskimmed2009: his account was hacked by the software last weeks monday
[14:41] dskimmed2009: 38k was withdraw from it by one of my costumer who come to buy the software man
[14:43] robertsicili: ok
[14:43] dskimmed2009: u see ?
[14:44] robertsicili: soft of. I think there mayt be a language barrier here
[14:45] dskimmed2009: what do u mean by that man?
[14:45] robertsicili: so the software gives me access to the server and shows the banks customers accounts?
[14:45] robertsicili: then I can withdraw from the account and make a transfer?
[14:46] dskimmed2009: oh yes man
[14:46] dskimmed2009: that is it
[14:46] dskimmed2009: u can make the transfer ur self to ur account either company or personal account

So I ask him how he hacks Paypal. It can't possibly be as easy as he claims.

[14:50] robertsicili: ok. how does it work with paypal?
[14:51] dskimmed2009: We have Verified and Non Verified Account
[14:51] dskimmed2009: just the id and the password
[14:51] dskimmed2009: we have ones with an empty balances and with ones with founds tooooo
[14:59] robertsicili: how does it work?
[15:00] dskimmed2009: for that one is not difficult man
[15:01] dskimmed2009: u will just put the id on it,it will show the password and the amount in the account

What? He says that his software just needs an account number and it shows the password? I smell a rat.

[15:01] dskimmed2009: then u transfer to ur bank account or ur paypal account or uur personal account or any of ur company accout man
[15:02] dskimmed2009: that'sall
[15:02] robertsicili: serious? you have software that will show a persons user ID and their passwords and whats in the account? How does it do that?
[15:03] dskimmed2009: the software self will show the password and the amount on it
[15:03] dskimmed2009: infact i have sell this to 2 costumers only
[15:03] dskimmed2009: it's too cost but simple to operate
[15:05] robertsicili: This sounds to good to be real. How can you prove this works before i send you money?
[15:05] guest-14953 entered the room
[15:06] dskimmed2009: i dont have any thing to show man

So he's got nothing. Or at least won't give up anything.

[15:07] dskimmed2009: if u are ready u go to send money now so that i send u the software man
[15:07] dskimmed2009: becoz with the software u will make alot of money
[15:07] dskimmed2009: and am going to do long term business with u for ever man
[15:07] robertsicili: if what you say is true then the entire banking and paypal security is non existent.
[15:08] dskimmed2009: so u must to trust me and to be honest with me that alll
[15:08] robertsicili: dude, i find it hard to trust in this situation.
[15:09] dskimmed2009: ok
[15:09] dskimmed2009: any way thanks for contacting me ok
[15:09] dskimmed2009: bye

I learned he wasn't much of a hacker, or at least didn't have a very good handle on his technology, or he just didn't want to tell me. But the mere fact that he is sitting in a hut or Internet café somewhere and communicating like this tells me someone somewhere has sent him money.

Protect yourself from scammers and hackers. Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

And invest in identity theft protection. Not all forms of identity theft protection can be prevented, but an identity theft protection service can dramatically reduce your risk.

Robert Siciliano, identity theft speaker, discusses credit and debit card fraud on CNBC.

Robert Siciliano is CEO of IDTheftSecurity.com, an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Intelius to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

Profile of a real hacker

• Tweet

December 28th, 2009 - Posted by Robert Siciliano

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger

The wild, wild web never ceases to amaze me. My daily routine includes a tremendous amount of research, keeping me on top of what's new in information and personal security. Every day, I spend about three hours simply "consuming" information via news alerts, feeds, and subscriptions, then breaking it down for others.

Recently, I was shocked to come across a website created by a self-declared "real hacker," advertising his services.

"I SELL CCV2,tracks+ ATM PIN,FULLZ, BANK LOGIN, BANK TRANSFER… PRICE FOR CCV us (visa or master)= 2$ us (amex or dis)= 3$ uk (visa or master)= 4$ uk (amex or dis )= 6$ US Amex 3 $ UK master/visa 6$ … All Our PayPa Acc Have Full Info And With Email Access and With All Security Answer . And With Orginal Ip And A Program For Fake Your System Ip To Orgina Ip For Full Access To PayPal Acc. Ebay Login : Fresh And Verified And Unlimited Ebay Account"

This guy is a "black hat hacker," a carder selling stolen credit card data, referred to as "fullz" and "dumps." His website includes live examples of his wares, including names, address, phone numbers, bank account numbers, credit card numbers, CCV2 numbers, Paypal account logins, you name it.

On his "Rates and Services" page, he states:

"We are a group of Ethical Hackers based in the Turkey but our staff comprises of Experienced hackers around the world, we have over the years strategically recruited the best hackers from the UK,USA,Russia,India,Philippians,Vietnam and Egypt.

Our policy is simple "making the world a better place by creating an equal balance" in other words, hack the rich and give to the poor, Robin Hood style

The way we do this is to sell Carding Stuff and hacking softwares and tools at really cheap prices so that everyone can afford it and also be able to hack.You can definitely be a hacker with our new approach tutorial. We can offer you pre-written tutorials but we will also allocate you your own specialist hacker, who you can add to your yahoo messenger and will give you a more hands on approach by teaching you everything you want to know over instant messenging.

We are ethical hackers and here to help not make money, we only charge because of the cost,time and effort involved in the services and products we offer.

Enjoy your stay and we hope we can help. Thank you!! :-"

And on his "About Us":

"GOOD HACKER WITH GOOD PRODUCE HIEN_HACK IS A GOOD HACKER WITH FRESH PRODUCE…ALL STUFFS HAVE THEIR PRICE AND ALL STUFFS GOT GOOD LIMIT AND GOOD BALANCE..WE HAVE MANY SOFTWARE FOR HACKING STUFFS…HE IS A GOOD HACKER AND NEVER RIPP HATE RIPPERS IN IS LIST…HE DO GOOD DEAL FOR LONG ….WITH GOOD CUSTOMER WHO IS READY TO HAVE GOOD DEAL…ANY THING U NEED CONTACT HIM AND HE WILL HELP GET ANY STUFFS…HE DO BANK TRANSFER FOR REAL AND WESTERN UNION TRANSFER,GOT FRESH CC ETC…TRY HIM AND YOU WILL BE HAPPY OF HIM….IF U NEED HIM JUST GO TO IS CONTACT AND GET IS YAHOO ID OR EMAIL ADDRESS ALSO HE HAVE IS NUMBER THERE CONTACT HIM AND CALL HIM FOR GOOD DEAL OKAY..BE FAST SO THAT STUFFS WILL NOT GET FINISHED….."

This is the epitome of scum. He and his band of delusional criminals have convinced themselves they are good and their victims are bad. Unfortunately, this is what we have to contend with. Hackers have been selling raw, stolen data to one another for a while now. But the fact that this type of underground activity is so prevalent that it's begun showing up in my Google News Alerts is alarming, and indicates that it isn't getting any better any time soon.

Most of the raw data being sold online is used for account takeover, but can also lead to new account fraud. In many cases, it's your own computer that's compromised, while other hacks target retailers or banks. Either way, you are ultimately responsible for the charges made in your name, unless you do something about it.

• Check your bank and credit card statements frequently, and refute unauthorized charges within 60 days.
• Be alert for phishing emails asking for personal information, credit and banking data, etc. These emails may appear to come from a trusted source, but look more closely and delete them if they are at all questionable.
• Install Internet security software, and keep it updated. If your computer becomes infected with a virus that allows it to be controlled remotely, a criminal can access all your important files and financial data.
• Get a credit freeze at ConsumersUnion.org. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.
• Invest in identity theft protection. Not all forms of identity theft can be prevented, but an identity theft protection service can dramatically reduce your risk.

Robert Siciliano, identity theft speaker, discusses credit and debit card fraud on CNBC.

Robert Siciliano is CEO of IDTheftSecurity.com, an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Intelius to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

2010 Identity Theft Resource Center predictions

• Tweet

December 18th, 2009 - Posted by Robert Siciliano

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger

I've joined forces with the Identity Theft Resource Center to expand the pool of knowledge about identity theft issues. As nationally recognized experts in this crime, we have come up with ten predictions for what the nation can expect in the area of identity theft in 2010 and beyond.

1. More Scams: The recession will lead to more scams. Whenever our nation has faced a difficult time, thieves have found a way to use the problem to their advantage. In my adult life, I've never seen more variations of old scams and the degree of sophistication in newer scams.

2. Job Scams: Criminals will take advantage of increasing unemployment rates by tricking desperate people searching for job listings. These fake job listings and work-at-home scams will eventually end with the job seeker providing Social Security numbers to criminals. If the job description is not one that you would see printed on a business card or you are asked to front money, it's a scam.

3. Newbie Low Tech "Desperate" Identity Theft: Additionally, there will be an increase in the number of individuals – who have no criminal history – beginning to explore the crime of identity theft for financial gain. For these thieves, it will be about quick money. Once desperate people max out their credit limits and wreck their own credit histories; they will start to use Social Security Numbers that they can easily access.

These new identity thieves will take advantage of low tech methods – stealing credit card numbers, dumpster diving, making phone calls, or phishing for credit card numbers. These techniques may also include placing ads in auctions and Craigslist for phantom products for sale to get either credit card numbers or cash.

4. All-in-the-Family ID Theft: Desperation will lead to more child identity theft and "all-in-the-family" cases, as well as the fraudulent use of numbers belonging to close friends, roommates and fellow workers. It has long been documented that a significant percentage of identity theft cases are perpetrated by people close to the victim. We predict that this number will increase during these tough economic times.

5. Child Identity Theft: The ITRC has noted that nearly 10 percent of its case load, for the past six months, involved child identity theft issues. These cases often involve more varied components of identity theft than ever before. Some people have finally realized that a child's SSN can be used for more than just opening a line of credit.

6. Medical Identity Theft: While not a new crime, this will reflect the distress of those who have become unemployed. High COBRA premiums, growing individual medical insurance costs, or the inability to afford insurance or medical care will cause a spike in this area of identity theft. The Social Security Administration has noted an increase in uninsured people using the coverage of a friend, relative or even a stranger to get medical care.

7. Insider Identity Theft: In the coming year, this will increase due to the failure to follow simple security protocols in the workplace. This will create opportunities for thieves to gain access to personal identifying information retained in databases or paper files. Additionally, the lack of computer security measures and the increasing skill levels of hackers will lead to larger and more financially harmful breaches. Although a few sophisticated hackers have been arrested recently, these large, extremely damaging hacking events will continue to occur. These thieves are educating young protégées on high tech methods to access "secured" information and will likely continue to coordinate malicious attacks from their jail cells.

8. Governmental Identity Theft: More individuals will discover that they have become identity theft victims as they apply for government assistance and/or benefits. Not only will their own SSNs be used, but they may be temporarily denied benefits due to the use of their child's SSN, which has been used fraudulently. This type of identity theft, identified as "Governmental Identity Theft," may be associated with complications with the IRS, Social Security Administration, Departments of Motor Vehicles, Medicare and Welfare.

9. Criminal Identity Theft: The number of cases of criminal identity theft will continue to grow. This type of crime is defined as the use of an individual's personal information to avoid being tied to their own criminal record. In the current environment, the effects of criminal identity theft on the victims will be more apparent with the loss of employment, loss of benefits and the increased number of arrests of victims ranging from failure to appear warrants for traffic citations all the way to felony level crimes. Criminals will continue to exploit the weaknesses of the current system and revictimize the individual whose information has been used.

10. Social Media Identity Theft: The meteoric rise in social media use has also created a launch pad for identity thieves. Social media identity theft happens when someone hacks an account via phishing, creates infected short URLs or creates a page using photos and the victims identifying information. My prediction for 2010 is that the increase in social networking activity, along with a user's failure to implement security and privacy settings and protocols, will lead to an increased exposure of not only the user's personal information but possibly that of their "friends."

Bottom line, there will be an increase in identity theft crimes and the number of victims over the next two years unless significant changes are made in information security. Our most important asset is our identity. And we are functioning under a completely antiquated system of identification with wide open credit and few safeguards to protect the consumer. When state governments agree with federal agencies on effective identification and industry comes together, not to profit from the problem but to solve it, only then will we prevail.

Protect your identity. Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

Invest in identity theft protection. Not all forms of identity theft can be prevented, but an identity theft protection service can dramatically reduce your risk.

Robert Siciliano, identity theft speaker, discusses social media identity theft on Fox Boston.

Robert Siciliano is CEO of IDTheftSecurity.com, an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Uni-Ball to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

My Craigslist ATM causes industry stir

• Tweet

December 16th, 2009 - Posted by Robert Siciliano

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger

Apparently I raised a hackle or two. Seems my little stunt got the attention of industry insiders, and not all of them believe that I bought a used ATM on Craigslist, which turned out to contain thousands of credit card numbers. Well, it did actually happen, and despite what many say, that the ATM couldn't have contained 16-digit credit and debit card numbers on it, it did.

The most intense resistance to my experiment came from one Boston cop who watched me plant this thing in Downtown Crossing. He crossed his arms, glared at me, and when I walked away from the ATM, asked what I was doing. When I told him, he yelled for the women who were already using my ATM to stop, then took down my information while screaming at me. He later told me that his main concern was the possibility that the ATM might have contained a bomb!

According to ATMmarketplace.com, the ATM industry is braced for a backlash in the face of security concerns. There should be a backlash. We definitely need some regulation as to who can or can't buy an ATM. And according to Mike Lee, the chief executive of the ATM Industry Association, "while ATMIA does not condone the auctioning of ATMs, online or otherwise, the association has little control over how they are sold."

Personally, I think that the association needs to start establishing some control, and throwing your hands up in the air is lame. Both eBay and Craigslist have prohibited certain items. Why can't I buy an old credit card off eBay, but I can buy an ATM with thousands of credit and debit card numbers on it? I can't buy a "traffic signal control device" off eBay either. Because someone recognized in the wrong hands, the device can wreak havoc.

James Phillips, director of North American sales for ATMGurus, a Triton company, says that "an ATM that has old software or one that retains card numbers does not provide enough information for the owner to compromise consumer accounts," but that my experiment still "has the potential to be so damaging to the industry's reputation." First of all, a 16-digit number is enough to turn data into cash. Even without a PIN, the 16-digit number can be used to buy goods online, or encoded on a blank card to buy goods in a store. This is why Visa and MasterCard require new software to block out the numbers. Second, Jim, you're right, this is damaging. So please, fix it, and don't allow lame excuses. And my machine is a Triton 9100. She's a beauty by the way. Works nice off a 12-volt car battery, too.

Wendy Amaral, an account manager at Nationwide Money Services, says that while it's possible that some companies could provide processing without collecting the required background information about the ATM owner, Visa, MasterCard, and other financial institutions are firm about the rules, and that audits are unlikely but possible. I think "possible audits" sounds like another cop out. For those of us who use ATMs, the idea that we are protected by "possible audits" is a slap in the face.

George McQuain, chief executive of ATM ISO Global Axcess Corp., which provides ATM processing, says he's skeptical that I was able to set up my ATM for processing without a background check or even any questions. I haven't revealed the processors who agreed to set up my ATM because they seemed to be small shops, and I don't intend to destroy their livelihoods in my attempt to point out the inadequacy of the industry's regulations. But the first processor set me up over the phone, and all I had to do was fill out a PDF and fax it back. The second showed up to my house in a pickup truck to service the ATM in my garage.

McQuain also says that it is rare for an ATM to have such outdated software that it would allow the owner to print so much customer information. But it was easy for me to find one. And even when they are replaced with newer models, where do they go? Where does the data go? I'll tell you. On Craigslist, and then to the criminals.

There have been tons of reports on my story:

• Fox Boston video
• Extra TV video
• Boston Globe article
• The Register article
• SC Magazine article
• NBC Boston video
• Dvorak Uncensored
• The Consumerist
• Digital Journal
• Tom's Guide

You can protect yourself from ATM scams by paying attention to your statements and refuting unauthorized transactions within 60 days. Consider never using a debit card again, since credit cards are safer. When using an ATM, pay close attention to details, and look for anything that seems out of place. If your card gets stuck in the machine or you notice anything odd about the machine's appearance, such as wires, double sided tape, error messages, a missing security camera, or if the machine seems unusually old and run down, don't use it. Don't use just any ATM. Instead, look for ATMs in more secure locations. Cover your pin!

And invest in identity theft protection. Not all forms of identity theft can be prevented, but an identity theft protection service can dramatically reduce your risk.

Robert Siciliano, identity theft speaker, rolls an ATM around on Fox.

Robert Siciliano is CEO of IDTheftSecurity.com, an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of two books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Uni-Ball to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.