Yuri bruce

instagram scammer

An instagram scammer attempted to rip people off using the stolen identification of “Yuri Sincero”.  She managed to get money from someone and attempted to scam someone else.  The name she used to retrieve the money was Denise Manlutac at 156 Brgy. Balibago 1st, Tarlac City, Tarlac, Philippines.  If this person tries to get money from you, don’t do it.

bruce brown tips

3 Tips for Buying Online

We had a few people get scammed by a person using Yuri Sincero’s information. The reason they were scammed is because they did not follow these three tips:

1. Verify before you buy – double check the identity of the person you buy from.  DO NOT trust the image of someones ID.

2. Use Third Party Payment System – ebay, amazon, paypal are ways to reduce your risk, because these services verify the identity of the person.

3. No Cash Online – Do NOT send cash online.  They safest way to buy online is to use a separate bank account via a third party payment system.


Colorado warns of major corporate ID theft scam

Computerworld, 16 Jul 10: Colorado’s Secretary of State and other officials are warning the state’s 800,000 or so registered businesses to watch out for scammers who have been forging business identities to make fraudulent purchases from several big-box retailers in recent months. So far, at least
35 businesses in the state have had their corporate identities misused to open fraudulent credit accounts at retailers such as Home Depot, Lowe’s, Office Depot, Apple and Dell. According to the Colorado Bureau of Investigation (CBI), the scammers so far have made at least $750,000 in fraudulent purchases from Home Depot alone after opening up lines of credit there using forged corporate identities. Five people in California have been arrested in connection with the scam, said Robert Brown, agent in charge of the fraud unit at the CBI. It’s unclear how many other businesses may have been affected. But the problem appears to be growing, with several more groups likely involved in similar scams, Brown said. Since news of the corporate identity theft in Colorado became public, law enforcement authorities in Texas have reported at least one similar incident. The corporate identity thefts itself were possible because of what appears to have been a surprisingly wide open business registration system at the Colorado Secretary of State’s Office. As with every other state, Colorado requires companies doing business in the state to register details of their business. Like other states, the business registration details, which include the name of the registered agent of the company, its full local address and other information, are a public record that can be viewed by anyone. In Colorado’s case, however, not only does the state allow anyone to view the record — it also allows just about anyone to alter or update it.
The state site requires no username or password for access to a company’s registration information, which means that anyone with access to the site can make changes. The identity thieves used this hole to alter the contact and other registration information for several companies. According to Brown, many of the companies targeted appear to have been smaller and medium-sized firms and, in some cases, defunct companies. Once the registration information was changed, the scammers then used the forged identity to make online applications for lines of credit with the retailers.
Richard Coolidge, a spokesman for Colorado Secretary of State Bernie Buescher, said the state’s decision not to use passwords and usernames to control access to the registration data goes back more than 10 years. It’s designed to make the system easy to use and was put in place at a time when identity theft was not a rampant problem. Businesses can, however, sign up for an e-mail notification that alerts them to any changes made to their registration data. According to Coolidge, though there are no controls for editing the registration data, in Colorado it is a felony for someone to make unauthorized changes. Following the discovery of the scam, the state is asking businesses to be vigilant about their registration data and make sure that no unauthorized changes are being made to it. The state is also telling businesses to sign up for the e-mail notification system so that they can get alerted of any changes. For now, there are no plans to implement a username and password to control access to the data because the budget for that has yet to be approved. That will be discussed when Colorado’s legislative session resumes in January. Coolidge estimated that the state will need to hire between five and seven additional employees to handle password help issues if tighter access controls are added. According to Brown, state authorities were alerted to the scam earlier this year when a company reported being contacted by Home Depot about purchases totaling nearly $250,000 that had been made in its name. A review of the online credit application made on the company’s behalf was done by Citibank which underwrites the lines of credits offered by Home Depot. The review showed that someone had altered the company’s registration information and changed its location from Boulder, Colo. to a virtual office in Aurora, Colo. The owners of the virtual office in Aurora were instructed to forward all mail received on the company’s behalf to another virtual office address in Harbor City, Calif. The individuals behind the scheme used their Home Depot line of credit to make online purchases of a large number of household appliances including refrigerators, TVs and other electronic items. They also purchased a large amount of copper wiring from Home Depot. In most cases, the scammers made in-store pickups using “street urchins” to go into a store location and collect the items, he said.

Brown said that Colorado, as a precautionary measure, has implemented a system to alert authorities when a company’s address information has been changed or updated. That will let authorities match a company’s registered address against the addresses of roughly 10,000 virtual offices around the country. Companies concerned about identity theft need to monitor their registration information and understand what kind of public access their state allows to the information, he said. Companies should also consider becoming registering with organizations such as Dun & Bradstreet and Standard and Poor, which maintain reliable and up-to-date registration information and alerts companies of any changes. Don Childears, president of the Colorado Bankers Association (CBA), expressed frustration at the situation and said that a lot of it was enabled by the open access to registration data at the Secretary of State’s site. The scam has already cost retailers and banks substantial amounts and will end up tarnishing the credit worthiness of businesses whose identities were misused, he said. At the same time, the fraud was detected relatively quickly because of ID theft prevention mechanisms the CBA has put in place in conjunction with the CBI, he said. Source:

Dangers on the Internet

Dangers on the Internet
This is a follow up to my post Why is Internet Safety Important

Dangers of the Internet are relative to the perspective of those accessing it. That is to say, on the Internet “dangers” are completely dependent on who is accessing what data from where and what their intentions are for accessing it. For example, researching a list of poisons could be a considered “dangers to the Internet” if a seriously disturbed person intends to kill his or her spouse. On the other hand, if a parent is just wondering what house hold products are poisonous with the intention of protecting her children, can that be considered a danger?

So protection from dangers on the Internet should be proactive and involve human judgment at some level. Policies must be written, planned and implemented in advanced or ad hoc to suit the environment and the users accessing the Internet. Children at a school with access from the classroom will more than likely be different from employees at a skating rink.

Even the items commonly considered dangers on the Internet relate directly to how much access individuals and organizations allow to and from the web. Common “dangers” may include (but should not be limited to) the following:

Accessibility to personal – applies to educating users on the dangers of putting personal information on the Internet and protecting organizational data bases

Sensitive data – For a school sensitive data is likely linked to the grades and personal information of staff and student, but for a business sensitive information could include proprietary information that would hurt the bottom line if it were leaked to competition.

Financial fraud & criminal hackers/scammers- This applies to educating users about criminal hacker techniques such as malware, social engineering, email and website phishing

The access of impressionable and/or psychologically disturbed individuals to potentially harmful and destructive information – This is rather subjective however it should be a concern to schools from elementary – colleges, rehabilitation facilities and mental institutions. There are ways to block certain obvious material with web-blocker type applications, but no one can stop them all. Monitoring is a must if this danger is to be handled seriously.

The risks and damage of these dangers are dependent on the environment & the users involved. It is up to the system owners to ensure that the policies are properly planned, implemented and maintained as exposure to any Internet danger can disrupt the safety, mission and/or values of an organization or individual.

LifeLock Guy Hacked :(

457-55-5462 Todd Davis
I think this is a sad day. A sad day indeed. Todd Davis, CEO of Lifelock (his social security #457-55-5462). Todd Davis has promoted his company by advertising his social security number on the web, radio, tv and billboard signs.

My name is Todd Davis
My social security number is 457-55-5462

I’m Todd Davis, CEO of LifeLock, and yes, that’s my real social security number*. Identity theft is one of the fastest growing crimes in America, victimizing over 10 million people a year and costing billions of dollars. So why publish my social security number? Because I’m absolutely confident LifeLock is protecting my good name and personal information, just like it will yours. And we guarantee our service up to $1 million dollars.”

While I’ve always thought that it was a risky way to promote one business (lol), I’ve always believed that it was a good idea. What they do is monitor your credit card and fico information and alert you if there is anything suspicious. It works (you can also do your self for free). But the Life lock service doesn’t protect you 100% from identity theft.
Some guy in Texas took Todd’s personal information and used it for a pay day load (there is not system to actively keep track of the Payday loan market). So the guy was able to get $500. When it was time to pay back the Payday loan (+1million% interest or whatever it is) the Payday store called the REAL Todd Davis (social security #457-55-5462). I think its unfortunate because it seems like a pretty good service. They are one of the few organizations in the U.S. actually trying to help people take on what is now and epidemic with now grassroots effort to slowdown ID theft and financial fraud.

Although Todd Davis was hacked, I believe their product will still be an effective way to be proactive method of protecting yourself from ID theft & financial fraud. But you should definitely take extra steps to safe guard your personal information. Don’t advertise your social security, your physical address, phone number, birthday or critical information.

Its $10 a month. I’m thinking of doing it just so I can contribute to their cause.

US National ID Card: Security or Citizen Tracker

Most American citizens violently oppose a National ID card.  The federal government can get around this in two ways: 

    1. Don’t call it a national ID card 
    2. Don’t put the federally controlled database in a federal building

The U.S. government is doing both of these things (as up 2007, should be complete by 2009).

According the the Department of Homeland Security’s FAQ on REAL ID it is NOT a national ID card & the feds will not create a national database:

“Is this a National ID card?

No. The proposed regulations establish common standards for States to issue licenses. The Federal Government is not issuing the licenses, is not collecting information about license holders, and is not requiring States to transmit license holder information to the Federal Government that the Government does not already have (such as a Social Security Number). Most States already routinely collect the information required by the Act and the proposed regulations.”

“Will a national database be created that stores information about every applicant?

No. The REAL ID Act and these regulations do not establish a national database of driver information. States will continue to collect and store information about applicants as they do today. The NPRM does not propose to change this practice and would not give the Federal government any greater access to this information”  

Well piss on my back and tell me its raining! The government is NOT creating a national ID card.  The only problem with the above statements issued by the DHS is that they are bullshit. 

Imagine.  ME, a security guy of all people, opposed to a National ID Card?  But I’m not the only one.

First off, what is this National ID Card REAL ID Card?

On March 1, the Department of Homeland Security (DHS) released draft regulations [PDF] for implementing REAL ID, which makes states standardize drivers licenses and create a vast national database linking all of the ID records together. Once in place, uses of the IDs and database will inevitably expand to facilitate a wide range of tracking and surveillance activities.EFF

As stated above, the National ID Card for the U.S. would be based on existing State I.D. Cards and driver’s license programs.  The main issue is linking all state databases together so that the federal government can track citizens.  

Now you may be wondering: Does this sound like something an illegal immigrant and/or criminal would not be able to falsify?  (and even if they are caught current laws for illegal immigrants are not enforced)  If illegal immigrants are not going to abide by the law, does this law really enhance the nation’s security?  

Oppose the Real ID Act of 2005 

My main reason for opposing a US national ID card is that I don’t trust the federal government with a consolidated view and control of all of our information.  I think all the information they gather will eventually fall into the wrong hands (on purpose or by negligence).  I was in the military, so the feds already have my data and the feds have lost MY {privacy act protected} information more than once.  A branch of the U.S. government lost 25.6 million account including the Social Security Numbers for Veterans more than once. They kept this information secret from the victims for 19 days.  19 days is ample time for someone to steal an identity once they have the information they need.  In one case the data was supposedly recovered and deemed by the FBI forensics as un-tampered with.  Supposedly they are not creating a seperate national database… but the linked state system WILL be the national database from which the feds will feed.  Its a play on words and I wish people would wake up screaming about this.

There seems to be a disregard for protecting the privacy and security of citizens.  The resources that would normally be used to protect us are being wasted and sent to serve other purposes.  In my oppinion security is still NOT being done because illegal immigrant laws are not being enforced despite the fact there is a “war on terrorism”.  Now if you don’t think something is seriously wrong about the protection of our borders at a time when their is a “war on terrorism” read the story of Border Patrol Agent Ignacio Ramos being jailed for shoot a drug dealer trying to enter the country. The DHS officials lied to congress about these agents (and got caught).  Drug smuggler Osbaldo Aldrete-Davila is a free man.  Meanwhile, other border patrol agents are being deployed to IraqI believe there is a reason that the law is not enforced but I leave that speculation up to you.

Privacy Clearing House has a chronological list of data breaches starting from 2005.  The more databases of large organizations (schools, federal/state, credit cards) our personal information is in, the greater the risk of ID theft and financial fraud we face.  ID theft is currently the fastest growing crime in the US and UK.  And its been the fastest growing for a long time.  I attribute this to organizations putting security last when it should be implemented from the very begining and maintained aggressively. 

So, a national card REAL ID registry databases at the federal level may only add to on-going issues of personal security of US citizens which the US government does not seem to worried about too much. 

To the credit of the U.S. federal government, the Department of Homeland Security’s Chief Privacy Officer, Hugo Teufel III, issued a Privacy Impact Assessment (PIA).  According to the document the National ID card would be difficult to falsify. 

Other issues addressed in the PIA:

The PIA addresses the key privacy issues posed by the Act: (1) Does the REAL ID Act create a national identity card or database; (2) How will personal information required by the REAL ID Act be protected in the state databases; (3) How will the personal information stored on the machine readable technology on the driver’s licenses and identification cards be protected from unauthorized collection and use; and (4) Do the requirements for a photograph and address on the credential and the DMV employee background check erode privacy.

The REAL ID method will extend the life and legitamacy of the Social Security Number as a national ID number.

The DHS PIA document is exactly right when it states:

Some of the public concern about the REAL ID stems from the history surrounding the expansive use of the SSN beyond its original purpose of recording the information necessary to provide a public pension benefit.

The original purpose of the Social Security Number was to track taxation and payments for social programs under Roosevelt’s New Deal created in the 1930s following the Great Drepression.  These days the Social Security number is a de facto national ID number issued to all citizens and you really can’t do anything signifigant without it (i.e. get a job… unless your are an illegal immigrant.. i guess people in the US have privacy after all).  BTW – Collecting Social Security after age 65 is a joke… it is program that will not support the “baby boomer” (but that is a different issue all together). 

The DHS Privacy Impact Assessment goes through most general concerns the the REAL ID act posses to the privacy of U.S. citizens thoroughly…. except for one. Put on your tin-foil hats for this one.  The government works so closely with private companies (namely lobbyists pushing and paying for certain policies, bid and no-bid contracts, laws and regulations) that I believe that they would give out our con$olidated information for the right price. Realistically, a national database in some form or another already exists (social security).  But the REAL ID database would make it possible to have a REAL-time view of all transactions.

DHS PIA pg. 6: “financial institutions, retailers, hotels, health-care providers, and others may consider the REAL ID credential”. 

It sounds like the ultimate consolidation of all personal data.  It will merge your social, driver’s license, and possibly finacial and medical info. 

You see, the REAL ID system would not just be used in the police but with PRIVATE agencies.  On military installations you can’t do much of anything without a certain government ID card.  The data on this REAL ID will be the cream of the crop.  Particularly if is collects data on where you’ve been.  But conspiracy theories on new American corporate facism aside, people need to know that this is happening.  A wake up is long over due for Americans.  I just hope this cancerous apathy doesn’t kill the priciples of the country I love.

Check out the last line of the DHS Privacy Impact Assessment:

The public is encouraged to comment on the NPRM and on the privacy issues associated with implementation of the Act in order to ensure that the final rule reflects robust public input on these important issues.


Facial Recognition to deter ID Theft

DHS Privacy Impact Assessment REAL ID Act – Chief Privacy Officer, DHS

Four State Oppose RealID (New Hampshire, Oklahoma, joined Montana, Washington – as of 10 Jun 2007)

(New Hampshire, Oklahoma, joined Montana, Washington – as of 10 Jun 2007)Ron Paul oppinion on Amnesty for illegal immigrants and the National ID

(New Hampshire, Oklahoma, joined Montana, Washington – as of 10 Jun 2007)

(New Hampshire, Oklahoma, joined Montana, Washington – as of 10 Jun 2007)New World Ord… I mean other things that didn’t make it into the REAL ID ACT:

(New Hampshire, Oklahoma, joined Montana, Washington – as of 10 Jun 2007)

(New Hampshire, Oklahoma, joined Montana, Washington – as of 10 Jun 2007)

Original legislation contained one of the most controversial elements which did not make it into the final legislation that was signed into law. It would have required states to sign a new compact known as the Driver License Agreement (DLA) as written by the Joint Driver’s License Compact/ Non-Resident Violators Compact Executive Board with the support of AAMVA which would have required states to give reciprocity to those provinces and territories in Canada and those states in Mexico that joined the DLA and complied with its provisions. As a part of the DLA, states would be required to network their databases with these provinces, territories and Mexican states. The databases that are accessible would include sensitive information such as Social Security numbers, home addresses and other information. The foreign states and provinces are not required to abide with the Drivers Privacy Protection Act (DPPA) and are free to access and use the sensitive information as they see fit.  – REAL ID wiki

The UK is fighting the same battle of liberties

If I trusted the government, I suppose this would not be that big a deal.

Bonus: Total “Terrorism” Information Awareness – TIA 

 Multiple standardized computing environments can be monitored and controlled using Open Grid Service Architecture (OGSA).  If the federal government is not using this technology togather data from the DMV systems I would be very surprised.





Your Social Security Number is sent all over the world

From SmartMoney.com:

Outsourcing to IndiaOnce a county's records are digitized, it's very easy — and incredibly cheap — for data compilers like Axciom and DataTrade to purchase the files and sell them to information brokers like Choicepoint, says Bloys. That's because under most states' Open Records laws, counties cannot charge more than the cost of copying the documents — which means a computer disk containing 10,000 records can be had for as little as a few dollars. What's more, Bloys explains, the companies that actually scan the documents for the county — the so-called wholesalers — often ship the images to foreign countries, like India or China, where outsourcers index the records much more cheaply than could be done in the United States. “[Our public information] is being distributed instantly all over the world,” says Bloys.

Smartmoney did an article featuring B.J. Ostergen.  I've been trying to get an interview with B.J.  But she is no doubt busy with the big boys. 

Ostergren has made it her full-time job as the founder of Virginia Watchdog to alert legislators and the general public about what's out there. “It's dangerous, and it's just reckless of those clerks to have these records online,” she says. According to a November 2004 report by the Government Accountability Office, as many as 28% of U.S. counties post their records — including people's Social Security numbers — on the Internet.

No cries of outrage, not even a peep from the American public about this.  More than likely it is because they don't know about it.  I guess they'll find out when someone steals their Identity and destroys their credit.

1 2