in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Full Disk Encryption Tales: So, How Are Those Stolen SSNs Used?

The importance of full disk encryption solutions for laptops and other digital media has been espoused a myriad of times by numerous security vendors like AlertBoot.  We’ve all heard the stories regarding identity theft, and the importance of keeping Social Security Numbers safe.  Then there are those unique stories that cause one’s jaws to slacken.  Those unique, imaginative capers that remind me again and again why protecting data is no laughing matter.

 

For example, SSNs could be used to build up your wealth two cents at a time.  Wired.com is reporting that a man in California, Michael Largen, did exactly that by using a common procedure used by brokerages and other companies to verify accounts.

 

Brokerages will often test the validity of a brokerage‑account to checking‑account link by depositing a small amount of money, usually measured in cents, into your checking account (this is usually known as an ACH setup).  These small monies are known as micro‑deposits, and as far as I know, it’s free money.  I know I’ve never been asked for two‑seven cents back by my brokerage account.

 

What Largen allegedly has done is create scripts programmed to open tens of thousands of online brokerage accounts.  There is no need to deposit any money after opening a brokerage account—I mean, usually there is a minimum balance not to be charged brokerage fees and whatnot; but if you don’t deposit the money, what can the brokerages do?  I guess they could file a lawsuit to recover two cents.  Meanwhile, you can do whatever you want with that micro‑deposit.

 

Based on Wired’s story, it sounds like Largen wouldn’t have been caught had it not been for a clause in the Patriot Act that requires financial firms to verify the identity of their customers.  Schwab.com, one of the companies affected by Largen’s shenanigans, found that over 5000 accounts were opened with fake information.  Ultimately, Largen was able to accumulate over $50,000 from various companies using the above method, according to the affidavit filed by a Secret Service agent in charge of the investigation.

 

My question is, if the accounts were not set up under fake names and SSNs, would Largen have been found out?  I mean, the guy was using the names of cartoon characters and made‑up SSNs, so no doubt these must have raised red flags for the auditors.  But if Largen had used real names and their corresponding SSNs, would the brokerages have caught on?  My guess is that the answer is yes…eventually—5000 recently opened, inactive accounts would be the first whiff of something being wrong.

 

However, I imagine that the use of invalid SSNs helped to alert the Schwab account auditors that something may be awry much sooner, leading to Largen’s successful arrest.  New, inactive accounts may be problematic, but new accounts with fake data are even more problematic.  If Largen had used stolen IDs, he may have been able to gain some time and pull off the scam.

 
<Previous Next>

Laptop Losers Hall Of Shame Shows Importance Of Hard Drive Encryption For All Computer Types: A Commentary

Full Disk Encryption Employed At Sandown Health Centre After Potential Security Breach

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.